v1

Author: Joeri Malmberg

.config/.terraform-docs.yml

@@ -14,8 +14,8 @@ sections:
     - modules
 
 content: |-
-  # <Cloud> <Main resource> Terraform module
-  A Terraform module which configures your <Cloud> <Main resource>. <Relevant docs>
+  # AWS Cloudwatch OAM Terraform module
+  A Terraform module which configures your AWS Cloudwatch OAM. Read [this](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) page for more information.
   {{ .Header }}
 
   ## Example

.tflint.hcl

@@ -0,0 +1,61 @@
+config {
+  module = true
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.20.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+rule "terraform_workspace_remote" {
+  enabled = true
+}

README.md

@@ -1,34 +1,54 @@
-<!-- BEGIN_TF_DOCS -->
-# <Cloud> <Main resource> Terraform module
-A Terraform module which configures your <Cloud> <Main resource>. <Relevant docs>
+# AWS Cloudwatch OAM Terraform module
+A Terraform module which configures your AWS Cloudwatch OAM. Read [this](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html) page for more information.
 [![blackbird-logo](https://raw.githubusercontent.com/blackbird-cloud/terraform-module-template/main/.config/logo_simple.png)](https://www.blackbird.cloud)
 
 ## Example
 ```hcl
-
+module "sink" {
+  #   source  = "blackbird-cloud/cloudwatch-oam/aws"
+  #   version = "~> 1"
+
+  source          = "../"
+  name            = "mysink"
+  organization_id = "o-a1235"
+}
 ```
 
 ## Requirements
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5 |
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.5.0 |
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_oam_sink.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/oam_sink) | resource |
+| [aws_oam_sink_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/oam_sink_policy) | resource |
+| [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | The Name of the Cloudwatch OAM sink. | `string` | n/a | yes |
+| <a name="input_organization_id"></a> [organization\_id](#input\_organization\_id) | Your AWS Organization ID, used in the AWS Cloudwatch Sink Access policy to accept incoming Cloudwatch metrics and logs, and XRay traces. | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_sink"></a> [sink](#output\_sink) | The Cloudwatch OAM Sink |
+| <a name="output_stackset_template"></a> [stackset\_template](#output\_stackset\_template) | The AWS Cloudformation Stackset template to use for creating AWS Cloudwatch OAM links. |
 
 ## About
 
@@ -38,5 +58,4 @@ Checkout our other :point\_right: [terraform modules](https://registry.terraform
 
 ## Copyright
 
-Copyright © 2017-2023 [Blackbird Cloud](https://www.blackbird.cloud)
-<!-- END_TF_DOCS -->
+Copyright © 2017-2023 [Blackbird Cloud](https://www.blackbird.cloud)

example/main.tf

@@ -0,0 +1,8 @@
+module "sink" {
+  #   source  = "blackbird-cloud/cloudwatch-oam/aws"
+  #   version = "~> 1"
+
+  source          = "../"
+  name            = "mysink"
+  organization_id = "o-a1235"
+}

example/outputs.tf

@@ -0,0 +1,9 @@
+output "sink" {
+  value       = module.sink.sink
+  description = "The Cloudwatch OAM Sink"
+}
+
+output "stackset_template" {
+  value       = module.sink.stackset_template
+  description = "The AWS Cloudformation Stackset template to use for creating AWS Cloudwatch OAM links."
+}

main.tf

@@ -0,0 +1,36 @@
+data "aws_caller_identity" "default" {}
+
+resource "aws_oam_sink" "default" {
+  name = var.name
+  tags = var.tags
+}
+
+resource "aws_oam_sink_policy" "default" {
+  sink_identifier = aws_oam_sink.default.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "oam:CreateLink",
+          "oam:UpdateLink"
+        ]
+        Effect    = "Allow"
+        Resource  = "*"
+        Principal = "*"
+        Condition = {
+          "ForAllValues:StringEquals" = {
+            "oam:ResourceTypes" = [
+              "AWS::Logs::LogGroup",
+              "AWS::CloudWatch::Metric",
+              "AWS::XRay::Trace"
+            ]
+          }
+          "ForAnyValue:StringEquals" : {
+            "aws:PrincipalOrgID" : "${var.organization_id}"
+          }
+        }
+      }
+    ]
+  })
+}

outputs.tf

@@ -1 +1,12 @@
+output "sink" {
+  value       = aws_oam_sink.default
+  description = "The Cloudwatch OAM Sink"
+}
 
+output "stackset_template" {
+  value = templatefile("${path.module}/stackset.tmpl", {
+    account_id = data.aws_caller_identity.default.account_id
+    sink_arn   = aws_oam_sink.default.arn
+  })
+  description = "The AWS Cloudformation Stackset template to use for creating AWS Cloudwatch OAM links."
+}

stackset.tmpl

@@ -0,0 +1,19 @@
+AWSTemplateFormatVersion: 2010-09-09
+
+Conditions:
+  SkipMonitoringAccount: !Not
+    - !Equals
+      - !Ref AWS::AccountId
+      - "${account_id}"
+
+Resources:
+  Link:
+    Type: AWS::Oam::Link
+    Condition: SkipMonitoringAccount
+    Properties:
+      LabelTemplate: "$AccountName"
+      ResourceTypes:
+        - "AWS::CloudWatch::Metric"
+        - "AWS::Logs::LogGroup"
+        - "AWS::XRay::Trace"
+      SinkIdentifier: "${sink_arn}"

variables.tf

@@ -0,0 +1,15 @@
+variable "name" {
+  type        = string
+  description = "The Name of the Cloudwatch OAM sink."
+}
+
+variable "organization_id" {
+  type        = string
+  description = "Your AWS Organization ID, used in the AWS Cloudwatch Sink Access policy to accept incoming Cloudwatch metrics and logs, and XRay traces."
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level."
+  default     = {}
+}

versions.tf

@@ -1,8 +1,9 @@
 terraform {
-  required_version = ">= 1"
-
   required_providers {
-
-
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5"
+    }
   }
+  required_version = ">= 1.2"
 }