Hello! I have created a Terraform module(s) which supports the functionality you all have created here (plus the ability to create the VPC PrivateLink endpoints):
Everything works great with the log forwarder (logs_monitoring) since the forwarder's lambda zip archive is packaged and hosted with each release. However, Terraform does work great with dynamic files, especially when downloading and zipping - within ephemeral environments like CI/CD these files will not always be present and this throws a wrench in the process when checking state for changes/etc. For now I have found a workaround for the VPC Flow Log forwarder and RDS Enhanced Monitoring forwarder by basically vendoring the Lambda files as local zip archives that can be referenced by the modules:
I personally don't think its a great idea that users "trust" that these archives do not contain malicious code. Its very easy and simple to inspect as they are simple python scripts. However, its still not ideal
I have only added support v3.x for simplicity currently. However, others might be using earlier versions
I must manually re-run the script if you all publish a new version here before users can utilize this new version. Ideally this would be transparent and any versions you all release here would simply be referenced and used by the modules themselves
Would it be possible to start packaging the VPC Flow Log forwarder and RDS Enhanced Monitoring forwarder as zip archives in the releases? I didn't see any release workflows in the GitHub actions folder otherwise I would have looked at opening a PR myself to try adding this. Let me know your thoughts - and thank you!
bryantbiggs
commented
3 years ago
Hello! I have created a Terraform module(s) which supports the functionality you all have created here (plus the ability to create the VPC PrivateLink endpoints):
Everything works great with the log forwarder (
logs_monitoring) since the forwarder's lambda zip archive is packaged and hosted with each release. However, Terraform does work great with dynamic files, especially when downloading and zipping - within ephemeral environments like CI/CD these files will not always be present and this throws a wrench in the process when checking state for changes/etc. For now I have found a workaround for the VPC Flow Log forwarder and RDS Enhanced Monitoring forwarder by basically vendoring the Lambda files as local zip archives that can be referenced by the modules:This works but its not great for a few reasons:
Would it be possible to start packaging the VPC Flow Log forwarder and RDS Enhanced Monitoring forwarder as zip archives in the releases? I didn't see any release workflows in the GitHub actions folder otherwise I would have looked at opening a PR myself to try adding this. Let me know your thoughts - and thank you!