search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
41.66k stars 9.41k forks source link

Cloudwatch log subscription filter not supported on OS X (El Capitan) #7772

Closed ambud closed 7 years ago

ambud commented 7 years ago

Cloudwatch log subscription filter is not working on the Mac 0.6.15 version OS X (El Capitan 10.11.5), Terraform installed via brew

Terraform Version

0.6.15

Affected Resource(s)

provider "aws" {
  region = "us-east-1"
}

resource "aws_iam_role" "cloudwatch_lambda_role" {
  name = "cloudwatch_lambda_role"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow"
    }
  ]
}
EOF
}

resource "aws_iam_role_policy" "cloudwatch_lambda_policy" {
  name = "cloudwatch_lambda_policy"
  role = "${aws_iam_role.cloudwatch_lambda_role.id}"
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AWSLambdaCloudwatchPolicy",
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DeleteNetworkInterface",
        "ec2:CreateNetworkInterface"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

resource "aws_lambda_function" "flowlogs" {
    s3_key = "XXXXXXXXX"
    function_name = "XXXXX"
    role = "${aws_iam_role.cloudwatch_lambda_role.arn}"
    handler = "XXXXXXXX"
    s3_bucket = "XXXXXXXXX"
    runtime = "java8"
    vpc_config {
        subnet_ids = [ "subnet-XXXXXXX" ]
        security_group_ids = [ "sg-XXXXXXX" ]
    }
}

resource "aws_lambda_permission" "flowlog_permission" {
  statement_id = "vpc_flow_log_activation"
  action = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.flowlogs.arn}"
  principal = "logs.us-east-1.amazonaws.com"
  source_arn = "arn:aws:logs:us-east-1:XXXXXXXXXXXX:log-group:vpc-flow-log-group:*"
}

resource "aws_cloudwatch_log_subscription_filter" "flowlog_subscription_filter" {
  depends_on = ["aws_lambda_permission.flowlog_permission"]
  name = "cloudwatch_flowlog_lambda_subscription"
  log_group_name = "vpc-flow-log-group"
  filter_pattern = ""
  destination_arn = "${aws_lambda_function.flowlogs.arn}"
}

Debug Output

bash: terraform plan There are warnings and/or errors related to your configuration. Please fix these before continuing.

Errors:

This resource is supported in terraform

Actual Behavior

Failed with resource not supported

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform plan or terraform apply
stack72 commented 7 years ago

Hi @ambud

This feature was released as part of 0.6.15 - are you definitely using that version?

Can you grab the output of terraform --version?

Paul

ambud commented 7 years ago

I am using 0.6.14, let me try 0.6.15.

stack72 commented 7 years ago

@ambud that'll be the issue. The upgrade will probably install 0.6.16 TBH as that is the latest release in homebrew

That will then allow you to use the resource

Paul

ambud commented 7 years ago

The zip download for 0.6.15 works.

stack72 commented 7 years ago

Excellent :)

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.