iamsonidarshan · ghost · Jun 5, 2023 · Jun 5, 2023 · Jun 5, 2023 · Jun 5, 2023
diff --git a/terraform.aws/apigateway/main.tf b/terraform.aws/apigateway/main.tf
@@ -2,6 +2,7 @@
 # ApiGateway
 # ---------------------------------------------------------------------
 resource "aws_api_gateway_account" "sac_api_gateway_account" {
+  # oak9: Configure API logs to be sent to AWS Cloudwatch
 
   depends_on = [
     aws_iam_role_policy_attachment.sac_api_gateway_policy_attachment,
@@ -73,6 +74,7 @@ resource "aws_api_gateway_rest_api" "sac_api_gateway_rest_api" {
 }
 
 resource "aws_api_gateway_stage" "sac_api_gateway_stage" {
+  # oak9: Enable Access logs for API stages
   deployment_id         = aws_api_gateway_deployment.sac_api_gateway_deployment.id  
   rest_api_id           = aws_api_gateway_rest_api.sac_api_gateway_rest_api.id  
   stage_name            = "sac-testing-apigw-stage"   

diff --git a/terraform.aws/apigtewayv2/main.tf b/terraform.aws/apigtewayv2/main.tf
@@ -35,6 +35,7 @@ resource "aws_apigatewayv2_integration" "sac_apigwv2_integration" {
 }
 
 resource "aws_apigatewayv2_stage" "sac_apigwv2_stage" {
+  # oak9: Access logs are not collected for stage sac-testing-apigwv2-stage
   api_id = aws_apigatewayv2_api.sac_apigwv2_api.id
   name   = "sac-testing-apigwv2-stage"
 }
@@ -50,6 +51,7 @@ resource "aws_apigatewayv2_route" "sac_apigwv2_route" {
 # Route53
 # ---------------------------------------------------------------------
 resource "aws_route53_zone" "sac_route_zone" {
+  # oak9: Log queries in CloudWatch
   name = "acorncorp.com"
 }
 

diff --git a/terraform.aws/cloudfront/main.tf b/terraform.aws/cloudfront/main.tf
@@ -2,6 +2,7 @@
 # CloudFront
 # ---------------------------------------------------------------------
 resource "aws_cloudfront_distribution" "sac_cloudfront_distribution" {
+    # oak9: Send Cloud Front logs to an S3 bucket
     enabled = true
     aliases = ["www.acorncorp.com", "acorncorp.com"]
     web_acl_id = aws_wafv2_web_acl.sac_cloudfront_web_acl_.id

diff --git a/terraform.aws/rds/rds-cluster/main.tf b/terraform.aws/rds/rds-cluster/main.tf
@@ -2,6 +2,7 @@
 # RDS
 # ---------------------------------------------------------------------
 resource "aws_rds_cluster" "sac_rds_cluster" {
+  # oak9: Logging to Cloudwatch is not enabled
   cluster_identifier      = "sac-testing-rds-cluster"
   database_name           = "sacrdsdatabase"
   engine                  = "aurora-mysql"

diff --git a/terraform.aws/rds/rds-instance/main.tf b/terraform.aws/rds/rds-instance/main.tf
@@ -2,6 +2,8 @@
 # RDS
 # ---------------------------------------------------------------------
 resource "aws_db_instance" "sac_db_instance" {
+  # oak9: Enable Enhanced Monitoring for RDS
+  # oak9: Logging to Cloudwatch is not enabled
   db_name                 = "sacDatabaseName"
   identifier              = "sac-testing-db-instance"
   allocated_storage       = 10