Adding EKS Control Plane logging options (#340)

sc250024 · max-rocket-internet · commit 18e00861e410 · 2019-04-11T15:21:09.000+02:00
* Adding EKS Control Plane logging options * Added feature addition * Removing 'optional' * Adding documentation, and changing variable order * Using pre-commit instead * adding IAM instance profiles to outputs, addresses #323 (#329) * adding IAM instance profiles to outputs * updating changelog * updated README
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 
 - Added outputs for worker IAM instance profile(s) (by @soapergem)
+- Added support for cluster logging via the `cluster_enabled_log_types` variable (by @sc250024)
 
 ### Changed
 
diff --git a/README.md b/README.md
@@ -113,6 +113,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | cluster\_create\_security\_group | Whether to create a security group for the cluster or attach the cluster to `cluster_security_group_id`. | string | `"true"` | no |
 | cluster\_create\_timeout | Timeout value when creating the EKS cluster. | string | `"15m"` | no |
 | cluster\_delete\_timeout | Timeout value when deleting the EKS cluster. | string | `"15m"` | no |
+| cluster\_enabled\_log\_types | A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list | `[]` | no |
 | cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | string | `"false"` | no |
 | cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | string | `"true"` | no |
 | cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | n/a | yes |
diff --git a/cluster.tf b/cluster.tf
@@ -1,7 +1,8 @@
 resource "aws_eks_cluster" "this" {
-  name     = "${var.cluster_name}"
-  role_arn = "${aws_iam_role.cluster.arn}"
-  version  = "${var.cluster_version}"
+  name                      = "${var.cluster_name}"
+  enabled_cluster_log_types = "${var.cluster_enabled_log_types}"
+  role_arn                  = "${aws_iam_role.cluster.arn}"
+  version                   = "${var.cluster_version}"
 
   vpc_config {
     security_group_ids      = ["${local.cluster_security_group_id}"]
diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,9 @@
+variable "cluster_enabled_log_types" {
+  default     = []
+  description = "A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)"
+  type        = "list"
+}
+
 variable "cluster_name" {
   description = "Name of the EKS cluster. Also used as a prefix in names of related resources."
 }
