Fatal编程技术网
  • terraform/
  • Terraform 无法在AWS MQ的Cloudwatch下查看日志

Terraform 无法在AWS MQ的Cloudwatch下查看日志

terraform

Terraform 无法在AWS MQ的Cloudwatch下查看日志,terraform,amazon-cloudwatch,amazon-cloudwatchlogs,amazon-mq,Terraform,Amazon Cloudwatch,Amazon Cloudwatchlogs,Amazon Mq,下面的TF代码执行时没有问题,也创建了MQ代理,但我无法在默认创建的CloudWatch日志流组下查看MQ的日志。有人能告诉我我遗漏了什么,以便我可以在main.tf下添加cloudwatch启用吗 resource "aws_mq_broker" "broker" { broker_name = "example-mq" tags = merge( var.common_tags, map("Classification", "private"), map("

下面的TF代码执行时没有问题,也创建了MQ代理,但我无法在默认创建的CloudWatch日志流组下查看MQ的日志。有人能告诉我我遗漏了什么,以便我可以在main.tf下添加cloudwatch启用吗

resource "aws_mq_broker" "broker" {
  broker_name = "example-mq"

  tags = merge(
    var.common_tags,
    map("Classification", "private"),
    map("Name", "example-mq")
  )

  configuration {
    id       = "${aws_mq_configuration.mq-config.id}"
    revision = "${aws_mq_configuration.mq-config.latest_revision}"
  }

  apply_immediately = true

  engine_type                = "ActiveMQ"
  engine_version             = "5.15.9"
  auto_minor_version_upgrade = true
  deployment_mode            = "ACTIVE_STANDBY_MULTI_AZ"
  subnet_ids                 = "subnet-12341234123"
  security_groups            = "sg-123123123"
  host_instance_type         = "mq.m5.large"
  publicly_accessible        = false

  user {
    username       = "mq_username"
    password       = "mq_password"
    groups         = "admin_group"
    console_access = true
  }

  logs {
    general = true
    audit   = false
  }

  depends_on = ["aws_mq_configuration.mq-config"]
}


resource "aws_mq_configuration" "mq-config" {
  name           = "mq-config"
  engine_type    = "ActiveMQ"
  engine_version = "5.15.9"
  data           = "${data.template_file.mq_configuration_data.rendered}"

  tags = merge(
    var.common_tags,
    map("Classification", "private"),
    map("Name", "mq-config")
  )

  depends_on = ["data.template_file.mq_configuration_data"]
}

# data for MQ broker configuration
data "template_file" "mq_configuration_data" {
  template = "${file("files/data.xml.tpl")}"

  vars = {
    upload                   = upload
    processing               = processing
  }
}

根据,您需要创建基于资源的策略,以允许Amazon MQ向CloudWatch发布日志:

data "aws_iam_policy_document" "mq_logs" {
  statement {
    actions = [
      "logs:CreateLogStream",
      "logs:PutLogEvents",
    ]

    resources = ["arn:aws:logs:*:*:log-group:/aws/amazonmq/*"]

    principals {
      identifiers = ["mq.amazonaws.com"]
      type        = "Service"
    }
  }
}

resource "aws_cloudwatch_log_resource_policy" "mq_logs" {
  policy_document = data.aws_iam_policy_document.mq_logs.json
  policy_name     = "mq-logs"
}