Feature request: Cloudwatch Contributor Insights for Cloudwatch logs

[aaleksandrov]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

CloudWatch Contributor Insights was made Generally Available in April 2020:

Amazon CloudWatch Contributor Insights analyzes log data and creates time-series visualizations to provide a view of top contributors influencing system performance. You do this by creating Contributor Insights rules to evaluate CloudWatch Logs (including logs from AWS services) and any custom logs sent by your service or on-premises servers.

New or Affected Resource(s)

• aws_cloudwatch_logs_contributor_insights_rule

Potential Terraform Configuration

resource "aws_cloudwatch_logs_contributor_insights_rule" "abc" {
  name           = "TerraformTestRule"
  syntax =  <<RULE
{
    "Schema": {
        "Name": "CloudWatchLogRule",
        "Version": 1
    },
    "AggregateOn": "Count",
    "Contribution": {
        "Filters": [
            {
                "In": [
                    "some-keyword"
                ],
                "Match": "$.message"
            },
            {
                "In": [
                    "order"
                ],
                "Match": "$.event_type"
            }
        ],
        "Keys": [
            "$.country"
        ]
    },
    "LogFormat": "JSON",
    "LogGroupNames": [
        "/aws/lambda/api-prod"
    ]
}
RULE
}

References

• Cloudwatch contributor insights docs
• Rule syntax

[ewbankkit]

Related:

• https://github.com/hashicorp/terraform-provider-aws/issues/13933

[robh007]

I think this needs two resources, plus an additional datasource to lookup managed rules.

resource "aws_cloudwatch_contributor_insights_rule" "abc" {
  rule_name           = "TerraformTestRule"
  rule_state            = enabled
  rule_definition     =  <<RULE
{
    "Schema": {
        "Name": "CloudWatchLogRule",
        "Version": 1
    },
    "AggregateOn": "Count",
    "Contribution": {
        "Filters": [
            {
                "In": [
                    "some-keyword"
                ],
                "Match": "$.message"
            },
            {
                "In": [
                    "order"
                ],
                "Match": "$.event_type"
            }
        ],
        "Keys": [
            "$.country"
        ]
    },
    "LogFormat": "JSON",
    "LogGroupNames": [
        "/aws/lambda/api-prod"
    ]
}
RULE
}

& Also

resource "aws_cloudwatch_contributor_managed_insight_rules" "abc" {
  managed_rules = ["list of managed rules"]
  enabled = true / false
}

Also maybe a data resource to lookup managed rules.

data "aws_cloudwatch_contributor_managed_insight_rules" "abc" {
  resource_arn = "service:arn"
}