如何在 Terraform 中为 stepfunction 启用 CloudWatch 日志记录和 X-ray?
How to enable CloudWatch logging and X-ray for stepfunction in Terraform?
在 AWS 控制台中,我们可以轻松地为步进函数状态机启用 cloudwatch 日志记录和 X-ray,但我希望我的资源完全由 Terraform 管理,从此页面:https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sfn_state_machine
Terraform 目前似乎不支持此功能(另请参阅:https://github.com/hashicorp/terraform-provider-aws/issues/12192)
有谁知道是否有任何解决方法可以实现此目的?我真的很想能够从 Terraform 启用 cloudwatch 日志和 X 射线。我找不到太多关于此的信息。有人可以帮忙吗?非常感谢。
更新:这是最近发布的功能3.27.0 (February 05, 2021)
对应文档link:sfn_state_machine#logging
您可以将启用日志记录的命令包装在 terraform null_resource as it showin the in the linked issueEnabling Step Function Logging To CloudWatch #12192 中,如下所示:
先决条件:
aws-cli/2.1.1
之前:
{
"stateMachineArn": "arn:aws:states:us-east-1:1234567890:stateMachine:mystatemachine",
"name": "my-state-machine",
"status": "ACTIVE",
"definition": "{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Pass\",\n \"End\": true\n }\n }\n}\n",
"roleArn": "arn:aws:iam::1234567890:role/service-role/StepFunctions-MyStateMachine-role-a6146d54",
"type": "STANDARD",
"creationDate": 1611682259.919,
"loggingConfiguration": {
"level": "OFF",
"includeExecutionData": false
}
}
resource "aws_sfn_state_machine" "sfn_state_machine" {
name = "mystatemachine"
role_arn = "arn:aws:iam::1234567890:role/service-role/StepFunctions-MyStateMachine-role-a6146d54"
definition = <<EOF
{
"Comment": "A Hello World example of the Amazon States Language using an AWS Lambda Function",
"StartAt": "HelloWorld",
"States": {
"HelloWorld": {
"Type": "Pass",
"End": true
}
}
}
EOF
}
resource "aws_cloudwatch_log_group" "yada" {
name = "/aws/vendedlogs/states/myloggroup"
}
resource "null_resource" "enable_step_function_logging" {
triggers = {
state_machine_arn = aws_sfn_state_machine.sfn_state_machine.arn
logs_params=<<PARAMS
{
"level":"ALL",
"includeExecutionData":true,
"destinations":[
{
"cloudWatchLogsLogGroup":{
"logGroupArn":"${aws_cloudwatch_log_group.yada.arn}:*"
}
}
]
}
PARAMS
}
provisioner "local-exec" {
command = <<EOT
set -euo pipefail
aws stepfunctions update-state-machine --state-machine-arn ${self.triggers.state_machine_arn} --tracing-configuration enabled=true --logging-configuration='${self.triggers.logs_params}'
EOT
# interpreter = ["bash"]
}
}
之后:
{
"stateMachineArn": "arn:aws:states:us-east-1:1234567890:stateMachine:mystatemachine",
"name": "mystatemachine",
"status": "ACTIVE",
"definition": "{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Pass\",\n \"End\": true\n }\n }\n}\n",
"roleArn": "arn:aws:iam::1234567890:role/service-role/StepFunctions-MyStateMachine-role-a6146d54",
"type": "STANDARD",
"creationDate": 1611687676.151,
"loggingConfiguration": {
"level": "ALL",
"includeExecutionData": true,
"destinations": [
{
"cloudWatchLogsLogGroup": {
"logGroupArn": "arn:aws:logs:us-east-1:1234567890:log-group:/aws/vendedlogs/states/myloggroup:*"
}
}
]
}
}
目前,它仍然是 Terraform 上正在进行的功能请求,您可以在此 github issue.
上跟踪状态
在 AWS 控制台中,我们可以轻松地为步进函数状态机启用 cloudwatch 日志记录和 X-ray,但我希望我的资源完全由 Terraform 管理,从此页面:https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sfn_state_machine
Terraform 目前似乎不支持此功能(另请参阅:https://github.com/hashicorp/terraform-provider-aws/issues/12192)
有谁知道是否有任何解决方法可以实现此目的?我真的很想能够从 Terraform 启用 cloudwatch 日志和 X 射线。我找不到太多关于此的信息。有人可以帮忙吗?非常感谢。
更新:这是最近发布的功能3.27.0 (February 05, 2021)
对应文档link:sfn_state_machine#logging
您可以将启用日志记录的命令包装在 terraform null_resource as it showin the in the linked issueEnabling Step Function Logging To CloudWatch #12192 中,如下所示:
先决条件:
aws-cli/2.1.1
之前:
{
"stateMachineArn": "arn:aws:states:us-east-1:1234567890:stateMachine:mystatemachine",
"name": "my-state-machine",
"status": "ACTIVE",
"definition": "{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Pass\",\n \"End\": true\n }\n }\n}\n",
"roleArn": "arn:aws:iam::1234567890:role/service-role/StepFunctions-MyStateMachine-role-a6146d54",
"type": "STANDARD",
"creationDate": 1611682259.919,
"loggingConfiguration": {
"level": "OFF",
"includeExecutionData": false
}
}
resource "aws_sfn_state_machine" "sfn_state_machine" {
name = "mystatemachine"
role_arn = "arn:aws:iam::1234567890:role/service-role/StepFunctions-MyStateMachine-role-a6146d54"
definition = <<EOF
{
"Comment": "A Hello World example of the Amazon States Language using an AWS Lambda Function",
"StartAt": "HelloWorld",
"States": {
"HelloWorld": {
"Type": "Pass",
"End": true
}
}
}
EOF
}
resource "aws_cloudwatch_log_group" "yada" {
name = "/aws/vendedlogs/states/myloggroup"
}
resource "null_resource" "enable_step_function_logging" {
triggers = {
state_machine_arn = aws_sfn_state_machine.sfn_state_machine.arn
logs_params=<<PARAMS
{
"level":"ALL",
"includeExecutionData":true,
"destinations":[
{
"cloudWatchLogsLogGroup":{
"logGroupArn":"${aws_cloudwatch_log_group.yada.arn}:*"
}
}
]
}
PARAMS
}
provisioner "local-exec" {
command = <<EOT
set -euo pipefail
aws stepfunctions update-state-machine --state-machine-arn ${self.triggers.state_machine_arn} --tracing-configuration enabled=true --logging-configuration='${self.triggers.logs_params}'
EOT
# interpreter = ["bash"]
}
}
之后:
{
"stateMachineArn": "arn:aws:states:us-east-1:1234567890:stateMachine:mystatemachine",
"name": "mystatemachine",
"status": "ACTIVE",
"definition": "{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Pass\",\n \"End\": true\n }\n }\n}\n",
"roleArn": "arn:aws:iam::1234567890:role/service-role/StepFunctions-MyStateMachine-role-a6146d54",
"type": "STANDARD",
"creationDate": 1611687676.151,
"loggingConfiguration": {
"level": "ALL",
"includeExecutionData": true,
"destinations": [
{
"cloudWatchLogsLogGroup": {
"logGroupArn": "arn:aws:logs:us-east-1:1234567890:log-group:/aws/vendedlogs/states/myloggroup:*"
}
}
]
}
}
目前,它仍然是 Terraform 上正在进行的功能请求,您可以在此 github issue.
上跟踪状态