Change oam_sinks to oam_sink in region

tedilabs · May 24, 2024 · e124f6f · e124f6f
1 parent e4fa0c1
commit e124f6f
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 16 deletions.
diff --git a/modules/region/README.md b/modules/region/README.md
@@ -59,7 +59,7 @@ This module creates following resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cloudwatch"></a> [cloudwatch](#input\_cloudwatch) | (Optional) The configuration of CloudWatch in the current AWS region. `cloudwatch` as defined below.<br>    (Optional) `oam_sinks` - A list of CloudWatch OAM(Observability Access Manager) sinks. Each items of `oam_sinks` as defined below.<br>      (Required) `name` - The name of the CloudWatch OAM sink.<br>      (Optional) `telemetry_types` - A set of the telemetry types can be shared with it. Valid values are `AWS::CloudWatch::Metric`, `AWS::Logs::LogGroup`, `AWS::XRay::Trace`, `AWS::ApplicationInsights::Application`, `AWS::InternetMonitor::Monitor`.<br>      (Optional) `allowed_source_accounts` - A list of the IDs of AWS accounts that will share data with this monitoring account.<br>      (Optional) `allowed_source_organizations` - A list of the organization IDs of AWS accounts that will share data with this monitoring account.<br>      (Optional) `allowed_source_organization_paths` - A list of the organization paths of the AWS accounts that will share data with this monitoring account.<br>      (Optional) `tags` - A map of tags to add to the resource. | <pre>object({<br>    oam_sinks = optional(list(object({<br>      name                              = string<br>      telemetry_types                   = optional(set(string), [])<br>      allowed_source_accounts           = optional(list(string), [])<br>      allowed_source_organizations      = optional(list(string), [])<br>      allowed_source_organization_paths = optional(list(string), [])<br>      tags                              = optional(map(string), {})<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_cloudwatch"></a> [cloudwatch](#input\_cloudwatch) | (Optional) The configuration of CloudWatch in the current AWS region. `cloudwatch` as defined below.<br>    (Optional) `oam_sink` - A configuration of CloudWatch OAM(Observability Access Manager) sink. `oam_sink` as defined below.<br>      (Required) `name` - The name of the CloudWatch OAM sink.<br>      (Optional) `telemetry_types` - A set of the telemetry types can be shared with it. Valid values are `AWS::CloudWatch::Metric`, `AWS::Logs::LogGroup`, `AWS::XRay::Trace`, `AWS::ApplicationInsights::Application`, `AWS::InternetMonitor::Monitor`.<br>      (Optional) `allowed_source_accounts` - A list of the IDs of AWS accounts that will share data with this monitoring account.<br>      (Optional) `allowed_source_organizations` - A list of the organization IDs of AWS accounts that will share data with this monitoring account.<br>      (Optional) `allowed_source_organization_paths` - A list of the organization paths of the AWS accounts that will share data with this monitoring account.<br>      (Optional) `tags` - A map of tags to add to the resource. | <pre>object({<br>    oam_sink = optional(object({<br>      name                              = string<br>      telemetry_types                   = optional(set(string), [])<br>      allowed_source_accounts           = optional(list(string), [])<br>      allowed_source_organizations      = optional(list(string), [])<br>      allowed_source_organization_paths = optional(list(string), [])<br>      tags                              = optional(map(string), {})<br>    }))<br>  })</pre> | `{}` | no |
 | <a name="input_ebs_default_encryption"></a> [ebs\_default\_encryption](#input\_ebs\_default\_encryption) | (Optional) The configuration of the EBS default encryption. `ebs_default_encryption` as defined below.<br>    (Optional) `enabled` - Whether or not default EBS encryption is enabled.<br>    (Optional) `kms_key` - The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the EBS volume. | <pre>object({<br>    enabled = optional(bool, false)<br>    kms_key = optional(string)<br>  })</pre> | `{}` | no |
 | <a name="input_ec2"></a> [ec2](#input\_ec2) | (Optional) The configuration of EC2 in the current AWS region. `ec2` as defined below.<br>    (Optional) `ami_public_access_enabled` - Whether to allow or block public access for AMIs at the account level to prevent the public sharing of your AMIs in this region. Defaults to `false`.<br>    (Optional) `instance_metadata_defaults` - The configuration of the regional instance metadata default settings. `instance_metadata_defaults` as defined below.<br>      (Optional) `http_enabled` - Whether to enable or disable the HTTP metadata endpoint on your instances. Defaults to `null` (No preference).<br>      (Optional) `http_token_required` - Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Defaults to `false`. Defaults to `null` (No preference).<br>      (Optional) `http_put_response_hop_limit` - A desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from `1` to `64`. Defaults to `null` (No preference).<br>      (Optional) `instance_tags_enabled` - Whether to enable the access to instance tags from the instance metadata service. Defaults to `null` (No preference).<br>    (Optional) `serial_console_enabled` - Whether serial console access is enabled for the current AWS region. Defaults to `false`. | <pre>object({<br>    ami_public_access_enabled = optional(bool, false)<br>    instance_metadata_defaults = optional(object({<br>      http_enabled                = optional(bool)<br>      http_token_required         = optional(bool)<br>      http_put_response_hop_limit = optional(number)<br>      instance_tags_enabled       = optional(bool)<br>    }), {})<br>    serial_console_enabled = optional(bool, false)<br>  })</pre> | `{}` | no |
 | <a name="input_guardduty"></a> [guardduty](#input\_guardduty) | (Optional) The configuration of GuardDuty in the current AWS region. `guardduty` as defined below.<br>    (Optional) `delegated_administrator` - The AWS account ID for the account to designate as the delegated Amazon GuardDuty administrator account for the organization. The delegated administrator will be assigned the two GuardDuty roles required to administer GuardDuty policy in your organization. Can be used in only management account of the organization. | <pre>object({<br>    delegated_administrator = optional(string)<br>  })</pre> | `{}` | no |
@@ -79,7 +79,7 @@ This module creates following resources.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_cloudwdatch"></a> [cloudwdatch](#output\_cloudwdatch) | The region-level configurations of CloudWatch service.<br>    `oam_sinks` - A list of CloudWatch OAM(Observability Access Manager) sinks. |
+| <a name="output_cloudwdatch"></a> [cloudwdatch](#output\_cloudwdatch) | The region-level configurations of CloudWatch service.<br>    `oam_sink` - A configuration of CloudWatch OAM(Observability Access Manager) sink. |
 | <a name="output_code"></a> [code](#output\_code) | The short code of the current region. |
 | <a name="output_description"></a> [description](#output\_description) | The description of the current region in this format: `Location (Region name)` |
 | <a name="output_ebs"></a> [ebs](#output\_ebs) | The region-level configurations of EBS service.<br>    `default_encryption` - The configurations for EBS Default Encryption. |

diff --git a/modules/region/cloudwatch.tf b/modules/region/cloudwatch.tf
@@ -3,20 +3,17 @@
 ###################################################
 
 module "cloudwatch_oam_sink" {
-  for_each = {
-    for sink in var.cloudwatch.oam_sinks :
-    sink.name => sink
-  }
+  count = var.cloudwatch.oam_sink != null ? 1 : 0
 
   source  = "tedilabs/observability/aws//modules/cloudwatch-oam-sink"
   version = "~> 0.2.0"
 
-  name            = each.key
-  telemetry_types = each.value.telemetry_types
+  name            = var.cloudwatch.oam_sink.name
+  telemetry_types = var.cloudwatch.oam_sink.telemetry_types
 
-  allowed_source_accounts           = each.value.allowed_source_accounts
-  allowed_source_organizations      = each.value.allowed_source_organizations
-  allowed_source_organization_paths = each.value.allowed_source_organization_paths
+  allowed_source_accounts           = var.cloudwatch.oam_sink.allowed_source_accounts
+  allowed_source_organizations      = var.cloudwatch.oam_sink.allowed_source_organizations
+  allowed_source_organization_paths = var.cloudwatch.oam_sink.allowed_source_organization_paths
 
   resource_group_enabled = false
   module_tags_enabled    = false

diff --git a/modules/region/outputs.tf b/modules/region/outputs.tf
@@ -21,10 +21,10 @@ output "description" {
 output "cloudwdatch" {
   description = <<EOF
   The region-level configurations of CloudWatch service.
-    `oam_sinks` - A list of CloudWatch OAM(Observability Access Manager) sinks.
+    `oam_sink` - A configuration of CloudWatch OAM(Observability Access Manager) sink.
   EOF
   value = {
-    oam_sinks = module.cloudwatch_oam_sink
+    oam_sink = one(module.cloudwatch_oam_sink[*])
   }
 }
 

diff --git a/modules/region/variables.tf b/modules/region/variables.tf
@@ -1,7 +1,7 @@
 variable "cloudwatch" {
   description = <<EOF
   (Optional) The configuration of CloudWatch in the current AWS region. `cloudwatch` as defined below.
-    (Optional) `oam_sinks` - A list of CloudWatch OAM(Observability Access Manager) sinks. Each items of `oam_sinks` as defined below.
+    (Optional) `oam_sink` - A configuration of CloudWatch OAM(Observability Access Manager) sink. `oam_sink` as defined below.
       (Required) `name` - The name of the CloudWatch OAM sink.
       (Optional) `telemetry_types` - A set of the telemetry types can be shared with it. Valid values are `AWS::CloudWatch::Metric`, `AWS::Logs::LogGroup`, `AWS::XRay::Trace`, `AWS::ApplicationInsights::Application`, `AWS::InternetMonitor::Monitor`.
       (Optional) `allowed_source_accounts` - A list of the IDs of AWS accounts that will share data with this monitoring account.
@@ -10,14 +10,14 @@ variable "cloudwatch" {
       (Optional) `tags` - A map of tags to add to the resource.
   EOF
   type = object({
-    oam_sinks = optional(list(object({
+    oam_sink = optional(object({
       name                              = string
       telemetry_types                   = optional(set(string), [])
       allowed_source_accounts           = optional(list(string), [])
       allowed_source_organizations      = optional(list(string), [])
       allowed_source_organization_paths = optional(list(string), [])
       tags                              = optional(map(string), {})
-    })), [])
+    }))
   })
   default  = {}
   nullable = false