Terraform - aws_cloud_watch_log_metric_filter

3
votes

Has anyone had experience of trying to set metric filters on cloudwatch logs? Wondering if I have found a bug in Terraform?

So this is what I am trying to do;

resource "aws_cloudwatch_log_metric_filter" "AWS_Console_Login" {
  name           = "${var.aws_account_id}_Console_Login_Failure"
  pattern        = "{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }"
  log_group_name  = "${var.aws_cloudtrail_name}"  

  metric_transformation {
    name      = "${var.aws_account_id}_Console_Login_Failure"
    namespace = "AccountMonitoring${var.aws_account_id}"
    value     = "1"
  }
}

When I run a Terraform apply or validate I am getting this response;

Error: Error parsing cloudwatch.tf At 157:19: nested object expected: LBRACE got: ASSIGN

To be clear 157:19 relates to the line of code containing log_group_name with 19 being before the = symbol.

However I think this is to do with my pattern, if I remove log group.. and run a validate I get;

aws_cloudwatch_log_metric_filter.AWS_Console_Login: : invalid or unknown key: Failed

Am I asking too much with the AWS filter pattern I have?

Thanks Stephen

1
terraformterraform-provider-aws

1 Answers

4
votes

Try escaping your quotes. This is a failure with syntax. The issue isn't the log_group_name line. It's the one above it.

resource "aws_cloudwatch_log_metric_filter" "AWS_Console_Login" {
  name           = "${var.aws_account_id}_Console_Login_Failure"
  pattern        = "{ ($.eventName = ConsoleLogin) && ($.errorMessage = \"Failed authentication\") }"
  log_group_name  = "${var.aws_cloudtrail_name}"  

  metric_transformation {
    name      = "${var.aws_account_id}_Console_Login_Failure"
    namespace = "AccountMonitoring${var.aws_account_id}"
    value     = "1"
  }
}

This appears to be fine. You should look at tflint. It's a part of the Terraform plugin for Visual Studio Code which helped me track down where the error was.