Fix EKS cloudwatch logs

opszero · Jan 17, 2024 · bfac911 · bfac911
1 parent 2fd8eb8
commit bfac911
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 10 deletions.
diff --git a/cloudwatch_eks_pod_logs.tf b/cloudwatch_eks_pod_logs.tf
@@ -15,12 +15,12 @@ resource "kubernetes_config_map" "fluent_bit_cluster_info" {
   }
 
   data = {
-    "cluster.name" = "cluster-name"
-    "http.server"  = On
+    "cluster.name" = aws_eks_cluster.cluster.name
+    "http.server"  = "On"
     "http.port"    = 2020
-    "read.head"    = Off
-    "read.tail"    = On
-    "logs.region"  = "cluster-region"
+    "read.head"    = "Off"
+    "read.tail"    = "On"
+    "logs.region"  = data.aws_region.current.name
   }
 }
 
@@ -37,7 +37,7 @@ resource "null_resource" "eks_pod_cloudwatch" {
   }
 
   provisioner "local-exec" {
-    command = "kubectl replace -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/k8s/${local.eks_pod_logs_cloudwatch_fluent_bit_version}/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/fluent-bit/fluent-bit.yaml"
+    command = "kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/k8s/${local.eks_pod_logs_cloudwatch_fluent_bit_version}/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/fluent-bit/fluent-bit.yaml"
   }
 
   depends_on = [

diff --git a/node_role.tf b/node_role.tf
@@ -38,8 +38,7 @@ resource "aws_iam_role_policy_attachment" "node_role_policies" {
 
 
 resource "aws_iam_policy" "eks_pod_logs_to_cloudwatch" {
-  count       = var.eks_pod_logs_cloudwatch ? 1 : 0
-  name        = "nodeEksPodLogsToCloudwatch"
+  name        = "${var.environment_name}-EksPodLogsToCloudwatch"
   description = "Used by fluentbit agent to send eks pods logs to cloudwatch"
 
   policy = <<EOF
@@ -55,7 +54,7 @@ resource "aws_iam_policy" "eks_pod_logs_to_cloudwatch" {
           "logs:CreateLogGroup",
           "logs:PutLogEvents"
       ],
-      "Resource": [*]
+      "Resource": "*"
     }
   ]
 }
@@ -64,7 +63,7 @@ EOF
 
 
 resource "aws_iam_role_policy_attachment" "node_eks_pod_logs_to_cloudwatch" {
-  count      = var.eks_pod_logs_cloudwatch ? 1 : 0
+  count      = var.enable_pods_logs_to_cloudwatch ? 1 : 0
   policy_arn = aws_iam_policy.eks_pod_logs_to_cloudwatch.arn
   role       = aws_iam_role.node.name
 }