cloudwatch-logs | Patterned Designs Documentation

Overview

The cloudwatch-logs module creates and manages CloudWatch Log Groups with production-ready defaults including:

Configurable retention policies from 1 day to indefinite
KMS encryption for logs at rest
Metric filters for CloudWatch metrics from log patterns
Subscription filters for streaming to Lambda, Kinesis, or OpenSearch

Category: Observability Provider: AWS Latest Version: 1.3.0

Quick Start

module "app_logs" {
  source  = "registry.patterneddesigns.ca/essentials/cloudwatch-logs/aws"
  version = "1.3.0"

  log_group_name    = "/aws/lambda/my-function"
  retention_in_days = 90
}

Key Features

Configurable Retention

Set log retention to match your compliance and cost requirements:

module "short_term_logs" {
  source  = "registry.patterneddesigns.ca/essentials/cloudwatch-logs/aws"
  version = "1.3.0"

  log_group_name    = "/app/debug"
  retention_in_days = 7
}

KMS Encryption

Encrypt logs at rest with customer-managed KMS keys:

module "encrypted_logs" {
  source  = "registry.patterneddesigns.ca/essentials/cloudwatch-logs/aws"
  version = "1.3.0"

  log_group_name    = "/app/production"
  retention_in_days = 365
  kms_key_arn       = module.kms.key_arn
}

Metric Filters

Create CloudWatch metrics from log patterns for monitoring and alerting:

module "monitored_logs" {
  source  = "registry.patterneddesigns.ca/essentials/cloudwatch-logs/aws"
  version = "1.3.0"

  log_group_name    = "/app/api"
  retention_in_days = 30

  metric_filters = [
    {
      name             = "error-count"
      pattern          = "ERROR"
      metric_name      = "ErrorCount"
      metric_namespace = "MyApp"
    }
  ]
}

Documentation

Inputs - All input parameters
Outputs - Output values
Examples - Usage examples

Registry

View specification on Registry

Inputs

log_group_name Required

string

Name of the CloudWatch Log Group. Must be unique within your AWS account and region.

Example:

log_group_name = "/aws/lambda/my-function"

retention_in_days

number Default: 30

Number of days to retain log events in the log group. Set to 0 for indefinite retention.

Example:

retention_in_days = 30

kms_key_arn

string

KMS key ARN for log encryption. When specified, the CloudWatch Log Group will be encrypted using the provided KMS key.

Example:

kms_key_arn = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"

metric_filters

list(object({ name = string, pattern = string, metric_name = string, metric_namespace = string, metric_value = optional(string, "1") }))

Metric filters to create on the log group. Each filter transforms log data into CloudWatch metrics.

Example:

metric_filters = [{name = "ErrorCount", pattern = "ERROR", metric_name = "ErrorCount", metric_namespace = "MyApp"}]

Overview

Quick Start

Key Features

Configurable Retention

KMS Encryption

Metric Filters

Documentation

Registry

Inputs

Outputs