Skip to content

BCSS-23624 - feat(cloudwatch): add cloudwatch module#61

Draft
DeepikaDK001 wants to merge 13 commits into
mainfrom
feature/BCSS-23624-terraform-module-Cloudwatch
Draft

BCSS-23624 - feat(cloudwatch): add cloudwatch module#61
DeepikaDK001 wants to merge 13 commits into
mainfrom
feature/BCSS-23624-terraform-module-Cloudwatch

Conversation

@DeepikaDK001

Copy link
Copy Markdown
Contributor

Description

Context

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@nhs-oliverslater nhs-oliverslater changed the title BCSS - 23624 add cloudwatch module BCSS-23624 - feat(cloudwatch): add cloudwatch module Jun 27, 2026
@nhs-oliverslater

Copy link
Copy Markdown
Contributor

I worry that wrapping all the submodules into one single larger module will make things rather bloated and unwieldy - can we discuss this in SU to review and possible submodule these?

@Pira-nhs Pira-nhs self-requested a review July 1, 2026 09:44
Comment on lines +27 to +32
check "log_group_must_exist" {
assert {
condition = var.log_group_name != ""
error_message = "log_group_name is required and must not be empty."
}
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this duplicate the validation on var.log_group_name?

Comment on lines +17 to +21
variable "pattern" {
type = string
default = ""
description = "Log pattern to filter on (e.g., 'ERROR', '[ERROR]', etc). Empty string matches all events."
}

@dave4420 dave4420 Jul 2, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What syntax does this pattern use? Is it a regex (which flavour?), a substring to find, or something else?

Update the description to clarify?

Comment on lines +8 to +18
variable "create_log_group" {
type = bool
default = true
description = "Whether to create the CloudWatch log group."
}

variable "create_log_stream" {
type = bool
default = false
description = "Whether to create a CloudWatch log stream. Requires create_log_group = true."
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
variable "create_log_group" {
type = bool
default = true
description = "Whether to create the CloudWatch log group."
}
variable "create_log_stream" {
type = bool
default = false
description = "Whether to create a CloudWatch log stream. Requires create_log_group = true."
}
variable "create" {
type = string
default = "LOG_GROUP_ONLY"
description = "TODO"
validation {
condition = contains(["NOTHING", "LOG_GROUP_ONLY", "LOG_GROUP_AND_LOG_STREAM"], var.create)
error_message = "TODO"
}
}

Would this be easier for callers than two separate booleans?

We could recover create_log_group and create_log_stream as locals if we need them.

Comment on lines +31 to +35
variable "kms_key_id" {
type = string
default = null
description = "ARN of KMS key for log group encryption. When null, uses AWS-managed encryption."
}

@dave4420 dave4420 Jul 2, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to allow AWS-managed encryption here?

I genuinely don't understand what our stance is on requiring our own KMS keys vs using the default.

Comment on lines +7 to +20
variable "metric_alarm" {
type = object({
metric_name = string
namespace = string
comparison_operator = string
evaluation_periods = number
threshold = number
statistic = optional(string, "Sum")
period = optional(number, 60)
actions_enabled = optional(bool, true)
})
default = null
description = "Configuration for a single metric alarm. Set to null to skip creation."
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Presumably there's a limited number of valid values for the statistic field… is it worth adding some validation for it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants