Cloudwatch agent (#1)

* Add documentation

* Add a gitignore and travis yaml

* add a makefile

* add all the variables related to this project

* add the outputs that will be imported

* add the cloud-init configuration for installing and starting the
cloudwatch agent

* add the standard and advanced cloudwatch configuration

* add the main.tf template for this module

* Update README.yaml

Co-Authored-By: parabolic <[email protected]>

* Update README.yaml

change the namespace so that it doesn't collide with the existing ones.

Co-Authored-By: parabolic <[email protected]>

* Update main.tf

Co-Authored-By: parabolic <[email protected]>

* add all the cloudwatch related project

* Update README.yaml

Typo

Co-Authored-By: parabolic <[email protected]>

* Update README.yaml

typo

Co-Authored-By: parabolic <[email protected]>

* use aws_iam_policy_document instead of HEREDOC

* Update variables.tf

typo

Co-Authored-By: parabolic <[email protected]>

* update the descirption for the disk_resources parameter

* Update variables.tf

typo

Co-Authored-By: parabolic <[email protected]>

* Update variables.tf

typo

Co-Authored-By: parabolic <[email protected]>

* Update variables.tf

typo

Co-Authored-By: parabolic <[email protected]>

* make the namespace required

* Update variables.tf

typo

Co-Authored-By: parabolic <[email protected]>

* fix the variables descriptions and use stage instead of environments

* use stage instead of environment

* update the readme

* add the important text , remove empty git repo

* use usage instead of examples and regenerate the README.md file

.gitignore

@@ -0,0 +1,11 @@
+# Compiled files
+*.tfstate
+*.tfstate.backup
+
+# Module directory
+.terraform
+.idea
+*.iml
+
+.build-harness
+build-harness

.travis.yml

@@ -0,0 +1,16 @@
+addons:
+  apt:
+    packages:
+      - git
+      - make
+      - curl
+
+install:
+  - make init
+
+script:
+  - make terraform/install
+  - make terraform/get-plugins
+  - make terraform/get-modules
+  - make terraform/lint
+  - make terraform/validate

Makefile

@@ -0,0 +1,10 @@
+SHELL := /bin/bash
+
+# List of targets the `readme` target should call before generating the readme
+export README_DEPS ?= docs/targets.md docs/terraform.md
+
+-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness)
+
+## Lint terraform code
+lint:
+	$(SELF) terraform/install terraform/get-modules terraform/get-plugins terraform/lint terraform/validate

README.yaml

@@ -0,0 +1,174 @@
+---
+#
+# This is the canonical configuration for the `README.md`
+# Run `make readme` to rebuild the `README.md`
+#
+# Name of this project
+name: terraform-aws-cloudwatch-agent
+
+# Tags of this project
+tags:
+  - aws
+  - terraform
+  - terraform-modules
+  - platform
+  - cloudwatch
+  - agent
+  - cloudwatch-agent
+
+# Categories of this project
+categories:
+  - terraform-modules/platform
+
+# Logo for this project
+#logo: docs/logo.png
+
+# License of this project
+license: "APACHE2"
+
+# Canonical GitHub repo
+github_repo: cloudposse/terraform-aws-cloudwatch-agent
+
+# Badges to display
+badges:
+  - name: "Build Status"
+    image: "https://travis-ci.org/cloudposse/terraform-aws-cloudwatch-agent.svg?branch=master"
+    url: "https://travis-ci.org/cloudposse/terraform-aws-cloudwatch-agent"
+  - name: "Latest Release"
+    image: "https://img.shields.io/github/release/cloudposse/terraform-aws-cloudwatch-agent.svg"
+    url: "https://github.com/cloudposse/terraform-aws-cloudwatch-agent/releases/latest"
+  - name: "Slack Community"
+    image: "https://slack.cloudposse.com/badge.svg"
+    url: "https://slack.cloudposse.com"
+
+related:
+  - name: "terraform-aws-ec2-instance"
+    description: "Terraform Module for provisioning a general purpose EC2 host."
+    url: "https://github.com/cloudposse/terraform-aws-ec2-instance"
+
+  - name: "terraform-aws-cloudtrail-cloudwatch-alarms"
+    description: "Terraform module for creating alarms for tracking important changes and occurrences from cloudtrail."
+    url: "https://github.com/cloudposse/terraform-aws-cloudtrail-cloudwatch-alarms"
+
+  - name: "terraform-aws-rds-cloudwatch-sns-alarms"
+    description: "Terraform module that configures important RDS alerts using CloudWatch and sends them to an SNS topic"
+    url: "https://github.com/cloudposse/terraform-aws-rds-cloudwatch-sns-alarms"
+
+  - name: "terraform-aws-cloudwatch-logs"
+    description: "Terraform Module to Provide a CloudWatch Logs Endpoint"
+    url: "https://github.com/cloudposse/terraform-aws-cloudwatch-logs"
+
+  - name: "terraform-aws-alb-target-group-cloudwatch-sns-alarms"
+    description: "Terraform module to create CloudWatch Alarms on ALB Target level metrics."
+    url: "https://github.com/cloudposse/terraform-aws-alb-target-group-cloudwatch-sns-alarms"
+
+  - name: "terraform-aws-cloudwatch-flow-logs"
+    description: "Terraform module for enabling flow logs for vpc and subnets."
+    url: "https://github.com/cloudposse/terraform-aws-cloudwatch-flow-logs"
+
+  - name: "terraform-aws-ecs-cloudwatch-autoscaling"
+    description: "Terraform module to autoscale ECS Service based on CloudWatch metrics"
+    url: "https://github.com/cloudposse/terraform-aws-ecs-cloudwatch-autoscaling"
+
+  - name: "terraform-aws-elasticache-cloudwatch-sns-alarms"
+    description: "Terraform module that configures CloudWatch SNS alerts for ElastiCache"
+    url: "https://github.com/cloudposse/terraform-aws-elasticache-cloudwatch-sns-alarms"
+
+  - name: "terraform-aws-efs-cloudwatch-sns-alarms"
+    description: "Terraform module that configures CloudWatch SNS alerts for EFS"
+    url: "https://github.com/cloudposse/terraform-aws-efs-cloudwatch-sns-alarms"
+
+  - name: "terraform-aws-ecs-cloudwatch-sns-alarms"
+    description: "Terraform module to create CloudWatch Alarms on ECS Service level metrics."
+    url: "https://github.com/cloudposse/terraform-aws-ecs-cloudwatch-sns-alarms"
+
+  - name: "terraform-aws-ec2-cloudwatch-sns-alarms"
+    description: "Terraform module that configures CloudWatch SNS alerts for EC2 instances"
+    url: "https://github.com/cloudposse/terraform-aws-ec2-cloudwatch-sns-alarms"
+
+  - name: "terraform-aws-sqs-cloudwatch-sns-alarms"
+    description: "Terraform module for creating alarms for SQS and notifying endpoints"
+    url: "https://github.com/cloudposse/terraform-aws-sqs-cloudwatch-sns-alarms"
+
+  - name: "terraform-aws-lambda-cloudwatch-sns-alarms"
+    description: "Terraform module for creating a set of Lambda alarms and outputting to an endpoint"
+    url: "https://github.com/cloudposse/terraform-aws-lambda-cloudwatch-sns-alarms"
+
+# Short description of this project
+description: |-
+  Terraform module to install the CloudWatch agent on EC2 instances using `cloud-init`.
+
+# How to use this project
+
+usage: |-
+
+  ### Example with launch configuration:
+
+  ```hcl
+  module "cloudwatch_agent" {
+    source      = "git::https://github.com/cloudposse/terraform-aws-cloudwatch-agent?ref=master"
+
+    name        = "cloudwatch_agent"
+  }
+
+  resource "aws_launch_configuration" "multipart" {
+    name_prefix          = "cloudwatch_agent"
+    image_id             = "${data.aws_ami.ecs-optimized.id}"
+    iam_instance_profile = "${aws_iam_instance_profile.cloudwatch_agent.name}"
+    instance_type        = "t2.micro"
+    user_data_base64     = "${module.cloudwatch_agent.user_data}"
+    security_groups      = ["${aws_security_group.ecs.id}"]
+    key_name             = "${var.ssh_key_pair}"
+
+    lifecycle {
+      create_before_destroy = true
+    }
+  }
+  ```
+
+  ### Example with passing user-data and using the role from the module using advanced metrics configuration:
+
+  ```hcl
+  module "cloudwatch_agent" {
+    source      = "git::https://github.com/cloudposse/terraform-aws-cloudwatch-agent?ref=master"
+
+    name                  = "cloudwatch_agent"
+    environment           = "dev"
+    namespace             = "eg"
+
+    metrics_config        = "advanced"
+    userdata_part_content = "${data.template_file.cloud-init.rendered}"
+  }
+
+  data "template_file" "cloud-init" {
+    template = "${file("${path.module}/cloud-init.yml")}"
+  }
+
+  resource "aws_launch_configuration" "multipart" {
+    name_prefix          = "cloudwatch_agent"
+    image_id             = "${data.aws_ami.ecs-optimized.id}"
+    iam_instance_profile = "${aws_iam_instance_profile.cloudwatch_agent.name}"
+    instance_type        = "t2.micro"
+    user_data_base64     = "${module.cloudwatch_agent.user_data}"
+    security_groups      = ["${aws_security_group.ecs.id}"]
+    key_name             = "${var.ssh_key_pair}"
+
+    lifecycle {
+      create_before_destroy = true
+    }
+  }
+
+  resource "aws_iam_instance_profile" "cloudwatch_agent" {
+    name_prefix = "cloudwatch_agent"
+    role        = "${module.cloudwatch_agent.role_name}"
+  }
+  ```
+
+include:
+  - "docs/targets.md"
+  - "docs/terraform.md"
+
+# Contributors to this project
+contributors:
+  - name: "Nikola Velkovski"
+    github: "parabolic"

docs/targets.md

@@ -0,0 +1,10 @@
+## Makefile Targets
+```
+Available targets:
+
+  help                                Help screen
+  help/all                            Display help for all targets
+  help/short                          This help short screen
+  lint                                Lint terraform code
+
+```

docs/terraform.md

@@ -0,0 +1,23 @@
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| aggregation_dimensions | Specifies the dimensions that collected metrics are to be aggregated on. | list | `<list>` | no |
+| cpu_resources | Specifies that per-cpu metrics are to be collected. The only allowed value is *. If you include this field and value, per-cpu metrics are collected. | string | `"resources": ["*"],` | no |
+| disk_resources | Specifies an array of disk mount points. This field limits CloudWatch to collect metrics from only the listed mount points. You can specify * as the value to collect metrics from all mount points. Defaults to the root / mountpount. | list | `<list>` | no |
+| metrics_collection_interval | Specifies how often to collect the cpu metrics, overriding the global metrics_collection_interval specified in the agent section of the configuration file. If you set this value below 60 seconds, each metric is collected as a high-resolution metric. | string | `60` | no |
+| metrics_config | "Which metrics should we send to cloudwatch, the default is standard. Setting this variable to advanced will send all the available metrics that are provided by the agent.   You can find more information here https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-cloudwatch-agent-configuration-file-wizard.html." | string | `standard` | no |
+| name | Solution name, e.g. 'app'. | string | - | yes |
+| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'. | string | - | yes |
+| stage | Stage, e.g. 'prod', 'staging', 'dev', or 'test'. | string | `` | no |
+| userdata_part_content | The user data that should be passed along from the caller of the module. | string | `` | no |
+| userdata_part_content_type | What format is userdata_part_content in - eg 'text/cloud-config' or 'text/x-shellscript'. | string | `text/cloud-config` | no |
+| userdata_part_merge_type | Control how cloud-init merges user-data sections. | string | `list(append)+dict(recurse_array)+str()` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| role_name | The role name that should be attached to the role policy |
+| user_data | The user_data with the cloudwatch_agent configuration in base64 and gzipped |
+

main.tf

@@ -0,0 +1,96 @@
+module "label" {
+  source    = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.7.0"
+  stage     = "${var.stage}"
+  name      = "${var.name}"
+  namespace = "${var.namespace}"
+}
+
+data "template_file" "cloud_init_cloudwatch_agent" {
+  template = "${file("${path.module}/templates/cloud_init.yaml")}"
+
+  vars {
+    cloudwatch_agent_configuration = "${var.metrics_config == "standard" ? base64encode(data.template_file.cloudwatch_agent_configuration_standard.rendered) : base64encode(data.template_file.cloudwatch_agent_configuration_advanced.rendered)}"
+  }
+}
+
+data "template_file" "cloudwatch_agent_configuration_advanced" {
+  template = "${file("${path.module}/templates/cloudwatch_agent_configuration_advanced.json")}"
+
+  vars {
+    aggregation_dimensions      = "${jsonencode(var.aggregation_dimensions)}"
+    cpu_resources               = "${var.cpu_resources}"
+    disk_resources              = "${jsonencode(var.disk_resources)}"
+    metrics_collection_interval = "${var.metrics_collection_interval}"
+  }
+}
+
+data "template_file" "cloudwatch_agent_configuration_standard" {
+  template = "${file("${path.module}/templates/cloudwatch_agent_configuration_standard.json")}"
+
+  vars {
+    aggregation_dimensions      = "${jsonencode(var.aggregation_dimensions)}"
+    cpu_resources               = "${var.cpu_resources}"
+    disk_resources              = "${jsonencode(var.disk_resources)}"
+    metrics_collection_interval = "${var.metrics_collection_interval}"
+  }
+}
+
+data "template_cloudinit_config" "cloud_init_merged" {
+  gzip          = true
+  base64_encode = true
+
+  part {
+    filename     = "userdata_part_cloudwatch.cfg"
+    content      = "${data.template_file.cloud_init_cloudwatch_agent.rendered}"
+    content_type = "text/cloud-config"
+  }
+
+  part {
+    filename     = "userdata_part_caller.cfg"
+    content      = "${var.userdata_part_content}"
+    content_type = "${var.userdata_part_content_type}"
+    merge_type   = "${var.userdata_part_merge_type}"
+  }
+}
+
+data "aws_iam_policy_document" "ec2_cloudwatch" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals = {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "ec2_cloudwatch" {
+  name = "${module.label.id}"
+
+  assume_role_policy = "${data.aws_iam_policy_document.ec2_cloudwatch.json}"
+
+  tags = {
+    Name = "${module.label.id}"
+  }
+}
+
+data "aws_iam_policy_document" "wildcard_cloudwatch_agent" {
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "ec2:DescribeTags",
+      "cloudwatch:PutMetricData",
+    ]
+
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_role_policy" "wildcard_cloudwatch_agent" {
+  name = "${module.label.id}"
+
+  role   = "${aws_iam_role.ec2_cloudwatch.id}"
+  policy = "${data.aws_iam_policy_document.wildcard_cloudwatch_agent.json}"
+}

outputs.tf

@@ -0,0 +1,9 @@
+output "user_data" {
+  description = "The user_data with the cloudwatch_agent configuration in base64 and gzipped"
+  value       = "${data.template_cloudinit_config.cloud_init_merged.rendered}"
+}
+
+output "role_name" {
+  description = "The role name that should be attached to the role policy"
+  value       = "${aws_iam_role.ec2_cloudwatch.name}"
+}

templates/cloud_init.yaml

@@ -0,0 +1,40 @@
+write_files:
+ - encoding: b64
+   path: /etc/cloudwatch_agent.json
+   owner: root:root
+   permissions: '0644'
+   content: ${cloudwatch_agent_configuration}
+
+runcmd:
+  - |
+    . /etc/os-release
+
+    case $NAME in
+      "Amazon Linux") echo "Installing the cloudwatch agent for Amazon Linux."
+        curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm
+        rpm -U ./amazon-cloudwatch-agent.rpm
+        ;;
+      Centos) echo "Installing the cloudwatch agent for Centos Linux."
+        curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/centos/amd64/latest/amazon-cloudwatch-agent.rpm
+        rpm -U ./amazon-cloudwatch-agent.rpm
+        ;;
+      Debian) echo "Installing the cloudwatch agent for Debian Linux."
+        curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/debian/amd64/latest/amazon-cloudwatch-agent.deb
+        dpkg -i -E ./amazon-cloudwatch-agent.deb
+        ;;
+      Redhat) echo "Installing the cloudwatch agent for Redhat Linux."
+        curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/redhat/amd64/latest/amazon-cloudwatch-agent.rpm
+        rpm -U ./amazon-cloudwatch-agent.rpm
+        ;;
+      Suse) echo "Installing the cloudwatch agent for Suse Linux."
+        curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/suse/amd64/latest/amazon-cloudwatch-agent.rpm
+        rpm -U ./amazon-cloudwatch-agent.rpm
+        ;;
+      Ubuntu) echo "Installing the cloudwatch agent for Ubuntu Linux."
+        curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
+        dpkg -i -E ./amazon-cloudwatch-agent.deb
+        ;;
+      *)
+        echo "Operating system not supported. Please refer to the official documents for more info https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-first-instance.html"
+    esac
+  - /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/etc/cloudwatch_agent.json -s