add cw groups for container insights

README.md

@@ -14,6 +14,7 @@ Module creates:
 * IAM Roles for worker nodes and Karpenter nodes
 * Additional IAM Roles for operators- load-balancer-controller, external-dns, cert-manager, adot-collector
 * SQS queue configuration to be used with Karpeneter while utlising Spot Instances.
+* CloudWatch log groups used by container insights.
 
 ## Kubernetes addons and operators
 
@@ -88,10 +89,6 @@ More about my configuration can be found in the blog post I have written recentl
 
 [Using OIDC provider to allow service accounts to assume IAM role](https://medium.com/@marcincuber/amazon-eks-with-oidc-provider-iam-roles-for-kubernetes-services-accounts-59015d15cb0c)
 
-### Kube2iam
-
-More about kube2iam configuration can be found in the blog post I have written recently -> [EKS and kube2iam](https://medium.com/@marcincuber/amazon-eks-iam-roles-and-kube2iam-4ae5906318be)
-
 ### External DNS
 
 [Amazon EKS, setup external DNS with OIDC provider and kube2iam](https://medium.com/swlh/amazon-eks-setup-external-dns-with-oidc-provider-and-kube2iam-f2487c77b2a1)

terraform/README.md

@@ -40,6 +40,10 @@ $ terraform apply
 | [aws_cloudwatch_event_rule.karpenter_spot_interruption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
 | [aws_cloudwatch_event_target.karpenter_spot_interruption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_log_group.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_cloudwatch_log_group.cluster_application](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_cloudwatch_log_group.cluster_dataplane](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_cloudwatch_log_group.cluster_host](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_cloudwatch_log_group.cluster_performance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_eks_addon.adot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_eks_addon.aws_ebs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |
 | [aws_eks_addon.cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource |

terraform/cloudwatch.tf

@@ -13,3 +13,36 @@ resource "aws_cloudwatch_event_target" "karpenter_spot_interruption" {
   target_id = "KarpenterInterruptionQueueTarget"
   arn       = aws_sqs_queue.karpenter_spot_interruption.arn
 }
+
+# CloudWatch Log Groups for container insights
+resource "aws_cloudwatch_log_group" "cluster_performance" {
+  count = var.eks_addon_version_cloudwatch != null ? 1 : 0
+
+  name = "/aws/containerinsights/${var.name_prefix}/performance"
+
+  retention_in_days = 180
+}
+
+resource "aws_cloudwatch_log_group" "cluster_application" {
+  count = var.eks_addon_version_cloudwatch != null ? 1 : 0
+
+  name = "/aws/containerinsights/${var.name_prefix}/application"
+
+  retention_in_days = 180
+}
+
+resource "aws_cloudwatch_log_group" "cluster_dataplane" {
+  count = var.eks_addon_version_cloudwatch != null ? 1 : 0
+
+  name = "/aws/containerinsights/${var.name_prefix}/dataplane"
+
+  retention_in_days = 180
+}
+
+resource "aws_cloudwatch_log_group" "cluster_host" {
+  count = var.eks_addon_version_cloudwatch != null ? 1 : 0
+
+  name = "/aws/containerinsights/${var.name_prefix}/host"
+
+  retention_in_days = 180
+}