search

terraform-aws-modules / terraform-aws-datadog-forwarders

Terraform module to create resources on AWS to forward logs/metrics to Datadog 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/datadog-forwarders/aws
Apache License 2.0
56 stars 40 forks source link

Default `use_policy_name_prefix` and `use_role_name_prefix` to true in log forwarder module #43

Open Ryankey opened 1 month ago

Ryankey commented 1 month ago

Is your request related to a new offering from AWS?

Not related to AWS Provider

Is your request related to a problem? Please describe.

The log forwarder lambda module was working well when testing in a single account & region, but errored once we started applying it to other regions, with the error EntityAlreadyExists: Role with name datadog-log-forwarder already exists.. Note that this didn't fail during plan, since the globally unique IAM role name rule is checked at creation time.

Describe the solution you'd like.

The fix is simply using the use_*_prefix variables, which I think should be defaulted to true. It's rarely the case that most users would want the module to work in only one region per account, and there's no downside to using the prefix for the single region case. It also more closely matches Datadog's CloudFormation stack which applies globally unique suffixes.

Describe alternatives you've considered.

N/A - workaround is to set the prefix flags true manually.

Additional context

Resource results from running datadog's cloudformation stack image