Flaconi · ronny-panknin-flaconi · Dec 9, 2024 · Dec 9, 2024
@@ -1,14 +1,12 @@
-# terraform-module-template
-Template for Terraform modules
-
-<!-- Uncomment and replace with your module name
-[![lint](https://github.com/flaconi/<MODULENAME>/workflows/lint/badge.svg)](https://github.com/flaconi/<MODULENAME>/actions?query=workflow%3Alint)
-[![test](https://github.com/flaconi/<MODULENAME>/workflows/test/badge.svg)](https://github.com/flaconi/<MODULENAME>/actions?query=workflow%3Atest)
-[![Tag](https://img.shields.io/github/tag/flaconi/<MODULENAME>.svg)](https://github.com/flaconi/<MODULENAME>/releases)
--->
+# terraform-aws-bedrock-model-invocation-logging
+
+Terraform module for Amazon Bedrock Agent resources
+
+[![lint](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/workflows/lint/badge.svg)](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/actions?query=workflow%3Alint)
+[![test](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/workflows/test/badge.svg)](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/actions?query=workflow%3Atest)
+[![Tag](https://img.shields.io/github/tag/flaconi/terraform-aws-bedrock-model-invocation-logging.svg)](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/releases)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 
-For requirements regarding module structure: [style-guide-terraform.md](https://github.com/Flaconi/devops-docs/blob/master/doc/conventions/style-guide-terraform.md)
 
 <!-- TFDOCS_HEADER_START -->
 
@@ -18,7 +16,9 @@ For requirements regarding module structure: [style-guide-terraform.md](https://
 <!-- TFDOCS_PROVIDER_START -->
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 <!-- TFDOCS_PROVIDER_END -->
 
@@ -34,23 +34,75 @@ No providers.
 <!-- TFDOCS_INPUTS_START -->
 ## Required Inputs
 
-No required inputs.
+The following input variables are required:
+
+### <a name="input_bucket"></a> [bucket](#input\_bucket)
+
+Description: The name of the S3 bucket to be created.
+
+Type: `string`
 
 ## Optional Inputs
 
-No optional inputs.
+The following input variables are optional (have default values):
+
+### <a name="input_embedding_data_delivery_enabled"></a> [embedding\_data\_delivery\_enabled](#input\_embedding\_data\_delivery\_enabled)
+
+Description: Indicates whether embedding data delivery is enabled.
+
+Type: `bool`
+
+Default: `false`
+
+### <a name="input_image_data_delivery_enabled"></a> [image\_data\_delivery\_enabled](#input\_image\_data\_delivery\_enabled)
+
+Description: Indicates whether image data delivery is enabled.
+
+Type: `bool`
+
+Default: `false`
+
+### <a name="input_text_data_delivery_enabled"></a> [text\_data\_delivery\_enabled](#input\_text\_data\_delivery\_enabled)
+
+Description: Indicates whether text data delivery is enabled.
+
+Type: `bool`
+
+Default: `false`
+
+### <a name="input_key_prefix"></a> [key\_prefix](#input\_key\_prefix)
+
+Description: The key prefix for logging configuration in S3.
+
+Type: `string`
+
+Default: `""`
+
+### <a name="input_tags"></a> [tags](#input\_tags)
+
+Description: A map of tags to assign to the customization job and custom model.
+
+Type: `map(string)`
+
+Default: `{}`
 
 <!-- TFDOCS_INPUTS_END -->
 
 <!-- TFDOCS_OUTPUTS_START -->
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_bucket_arn"></a> [bucket\_arn](#output\_bucket\_arn) | The ARN of the created S3 bucket. |
+| <a name="output_bucket_name"></a> [bucket\_name](#output\_bucket\_name) | The name of the created S3 bucket. |
+| <a name="output_bucket_policy_id"></a> [bucket\_policy\_id](#output\_bucket\_policy\_id) | The ID of the S3 bucket policy. |
+| <a name="output_key_prefix"></a> [key\_prefix](#output\_key\_prefix) | The key prefix used for the Bedrock logging configuration. |
+| <a name="output_logging_bucket_name"></a> [logging\_bucket\_name](#output\_logging\_bucket\_name) | The name of the S3 bucket used for Bedrock model invocation logging. |
 
 <!-- TFDOCS_OUTPUTS_END -->
 
 ## License
 
 **[MIT License](LICENSE)**
 
-Copyright (c) 2023 **[Flaconi GmbH](https://github.com/flaconi)**
+Copyright (c) 2024 **[Flaconi GmbH](https://github.com/flaconi)**
@@ -0,0 +1,7 @@
+data "aws_caller_identity" "this" {}
+
+data "aws_region" "this" {}
+
+data "aws_iam_session_context" "this" {
+  arn = data.aws_caller_identity.this.arn
+}
@@ -0,0 +1,41 @@
+# Example
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.73 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_logging"></a> [logging](#module\_logging) | ../../ | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_bucket"></a> [bucket](#input\_bucket) | The name of the S3 bucket to be created. | `string` | n/a | yes |
+| <a name="input_embedding_data_delivery_enabled"></a> [embedding\_data\_delivery\_enabled](#input\_embedding\_data\_delivery\_enabled) | Indicates whether embedding data delivery is enabled. | `bool` | `false` | no |
+| <a name="input_image_data_delivery_enabled"></a> [image\_data\_delivery\_enabled](#input\_image\_data\_delivery\_enabled) | Indicates whether image data delivery is enabled. | `bool` | `false` | no |
+| <a name="input_text_data_delivery_enabled"></a> [text\_data\_delivery\_enabled](#input\_text\_data\_delivery\_enabled) | Indicates whether text data delivery is enabled. | `bool` | `false` | no |
+| <a name="input_key_prefix"></a> [key\_prefix](#input\_key\_prefix) | The key prefix for logging configuration in S3. | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_resources"></a> [resources](#output\_resources) | Information about created resources |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,5 @@
+module "logging" {
+  source = "../../"
+  bucket = "my-example-bucket"
+
+}
@@ -0,0 +1,4 @@
+output "resources" {
+  description = "Information about created resources"
+  value       = module.logging
+}
@@ -0,0 +1,28 @@
+variable "bucket" {
+  description = "The name of the S3 bucket to be created."
+  type        = string
+}
+
+variable "embedding_data_delivery_enabled" {
+  description = "Indicates whether embedding data delivery is enabled."
+  type        = bool
+  default     = false
+}
+
+variable "image_data_delivery_enabled" {
+  description = "Indicates whether image data delivery is enabled."
+  type        = bool
+  default     = false
+}
+
+variable "text_data_delivery_enabled" {
+  description = "Indicates whether text data delivery is enabled."
+  type        = bool
+  default     = false
+}
+
+variable "key_prefix" {
+  description = "The key prefix for logging configuration in S3."
+  type        = string
+  default     = ""
+}
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.73"
+    }
+  }
+}
@@ -0,0 +1,53 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = var.bucket
+  force_destroy = true
+  tags          = var.tags
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "bedrock.amazonaws.com"
+      },
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "${aws_s3_bucket.this.arn}/*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "aws:SourceAccount": "${data.aws_caller_identity.this.account_id}"
+        },
+        "ArnLike": {
+          "aws:SourceArn": "arn:aws:bedrock:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:*"
+        }
+      }
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_bedrock_model_invocation_logging_configuration" "this" {
+  depends_on = [
+    aws_s3_bucket_policy.this
+  ]
+
+  logging_config {
+    embedding_data_delivery_enabled = var.embedding_data_delivery_enabled
+    image_data_delivery_enabled     = var.image_data_delivery_enabled
+    text_data_delivery_enabled      = var.text_data_delivery_enabled
+    s3_config {
+      bucket_name = aws_s3_bucket.this.id
+      key_prefix  = var.key_prefix
+    }
+  }
+}
@@ -0,0 +1,24 @@
+output "bucket_name" {
+  description = "The name of the created S3 bucket."
+  value       = aws_s3_bucket.this.bucket
+}
+
+output "bucket_arn" {
+  description = "The ARN of the created S3 bucket."
+  value       = aws_s3_bucket.this.arn
+}
+
+output "bucket_policy_id" {
+  description = "The ID of the S3 bucket policy."
+  value       = aws_s3_bucket_policy.this.id
+}
+
+output "logging_bucket_name" {
+  description = "The name of the S3 bucket used for Bedrock model invocation logging."
+  value       = aws_s3_bucket.this.bucket
+}
+
+output "key_prefix" {
+  description = "The key prefix used for the Bedrock logging configuration."
+  value       = var.key_prefix
+}
@@ -0,0 +1,34 @@
+variable "bucket" {
+  description = "The name of the S3 bucket to be created."
+  type        = string
+}
+
+variable "embedding_data_delivery_enabled" {
+  description = "Indicates whether embedding data delivery is enabled."
+  type        = bool
+  default     = false
+}
+
+variable "image_data_delivery_enabled" {
+  description = "Indicates whether image data delivery is enabled."
+  type        = bool
+  default     = false
+}
+
+variable "text_data_delivery_enabled" {
+  description = "Indicates whether text data delivery is enabled."
+  type        = bool
+  default     = false
+}
+
+variable "key_prefix" {
+  description = "The key prefix for logging configuration in S3."
+  type        = string
+  default     = ""
+}
+
+variable "tags" {
+  description = "A map of tags to assign to the customization job and custom model."
+  type        = map(string)
+  default     = {}
+}