IndicoDataSolutions · ltellesfl · Jul 15, 2025 · Jul 15, 2025 · Jul 15, 2025 · Jul 15, 2025
diff --git a/application.tf b/application.tf
@@ -745,6 +745,7 @@ keda:
         enabled: true
 kube-prometheus-stack:
 ${local.kube_prometheus_stack_values}
+${local.loki_config}
 metrics-server:
   global:
     imageRegistry: ${var.image_registry}/docker.io

diff --git a/environment.tf b/environment.tf
@@ -24,6 +24,7 @@ locals {
   environment_data_s3_bucket_name             = var.load_environment == "" ? coalesce(module.s3-storage[0].data_s3_bucket_name, "null") : data.terraform_remote_state.environment[0].outputs.data_s3_bucket_name
   environment_pgbackup_s3_bucket_name         = var.load_environment == "" ? coalesce(module.s3-storage[0].pgbackup_s3_bucket_name, "null") : data.terraform_remote_state.environment[0].outputs.pgbackup_s3_bucket_name
   environment_miniobkp_s3_bucket_name         = var.load_environment == "" ? coalesce(module.s3-storage[0].miniobkp_s3_bucket_name, "null") : data.terraform_remote_state.environment[0].outputs.miniobkp_s3_bucket_name
+  environment_loki_s3_bucket_name             = var.load_environment == "" ? coalesce(module.s3-storage[0].loki_s3_bucket_name, "null") : data.terraform_remote_state.environment[0].outputs.loki_s3_bucket_name
   environment_efs_filesystem_id               = var.load_environment == "" ? var.include_efs == true ? module.efs-storage[0].efs_filesystem_id : "null" : data.terraform_remote_state.environment[0].outputs.efs_filesystem_id
   environment_fsx_rwx_id                      = var.load_environment == "" ? var.include_fsx == true ? module.fsx-storage[0].fsx_rwx_id : "null" : data.terraform_remote_state.environment[0].outputs.fsx_rwx_id
   environment_fsx_rwx_arn                     = var.load_environment == "" ? var.include_fsx == true ? module.fsx-storage[0].fsx_rwx_arn : "null" : data.terraform_remote_state.environment[0].outputs.fsx_rwx_arn

diff --git a/main.tf b/main.tf
@@ -207,7 +207,7 @@ module "security-group" {
 module "s3-storage" {
   count                              = var.load_environment == "" ? 1 : 0
   source                             = "app.terraform.io/indico/indico-aws-buckets/mod"
-  version                            = "4.4.0"
+  version                            = "4.5.0"
   force_destroy                      = true # allows terraform to destroy non-empty buckets.
   label                              = var.label
   kms_key_arn                        = local.environment_kms_key_arn
@@ -224,6 +224,8 @@ module "s3-storage" {
   miniobkp_s3_bucket_name_override   = var.miniobkp_s3_bucket_name_override
   include_miniobkp                   = var.include_miniobkp && var.insights_enabled ? true : false
   allowed_origins                    = ["https://${local.dns_name}"]
+  loki_s3_bucket_name_override       = var.loki_s3_bucket_name_override
+  enable_loki_logging                = var.enable_loki_logging
 }
 
 
@@ -315,7 +317,7 @@ module "iam" {
   aws_primary_dns_role_arn   = var.aws_primary_dns_role_arn
   efs_filesystem_id          = [var.include_efs == true ? local.environment_efs_filesystem_id : ""]
   fsx_arns                   = [var.include_rox ? local.environment_fsx_rox_arn : "", var.include_fsx == true ? local.environment_fsx_rwx_arn : ""]
-  s3_buckets                 = compact([local.environment_data_s3_bucket_name, var.include_pgbackup ? local.environment_pgbackup_s3_bucket_name : "", var.include_rox ? local.environment_api_models_s3_bucket_name : "", lower("${var.aws_account}-aws-cod-snapshots"), var.performance_bucket ? "indico-locust-benchmark-test-results" : "", var.include_miniobkp && var.insights_enabled ? local.environment_miniobkp_s3_bucket_name : ""])
+  s3_buckets                 = compact([local.environment_data_s3_bucket_name, var.include_pgbackup ? local.environment_pgbackup_s3_bucket_name : "", var.include_rox ? local.environment_api_models_s3_bucket_name : "", lower("${var.aws_account}-aws-cod-snapshots"), var.performance_bucket ? "indico-locust-benchmark-test-results" : "", var.include_miniobkp && var.insights_enabled ? local.environment_miniobkp_s3_bucket_name : "", var.enable_loki_logging ? local.environment_loki_s3_bucket_name : ""])
   kms_key_arn                = local.environment_kms_key_arn
   # EKS cluster role
   create_cluster_iam_role = var.create_eks_cluster_role

diff --git a/monitoring.tf b/monitoring.tf
@@ -20,6 +20,30 @@ locals {
   EOT
   )
 
+  loki_config = var.enable_loki_logging == true ? (<<EOT
+fluent-bit:
+  enabled: true
+loki:
+  enabled: true
+  loki:
+    storage_config:
+      aws:
+        region: ${var.region}
+        bucketnames: ${module.s3-storage[0].loki_s3_bucket_name}
+        s3forcepathstyle: false
+    storage:
+      type: s3
+      bucketNames:
+        chunks: ${module.s3-storage[0].loki_s3_bucket_name}
+      s3:
+        region: ${var.region}
+
+EOT
+    ) : (<<EOT
+fluent-bit:
+  enabled: false
+EOT
+  )
 
   alertmanager_tls = var.acm_arn == "" ? (<<EOT
       tls:
@@ -135,6 +159,22 @@ ${local.prometheus_tls}
         - grafana-${local.monitoring_domain_name}
       path: /
 ${local.grafana_tls}
+${var.enable_loki_logging == true ? (<<EOT
+    additionalDataSources:
+      - name: loki
+        type: loki
+        access: proxy
+        basicAuth: true
+        url: http://monitoring-loki-gateway.monitoring.svc.cluster.local
+        secureJsonData:
+          httpHeaderValue1: logs
+        jsonData:
+          httpHeaderName1: "X-Scope-OrgID"
+EOT
+    ) : (<<EOT
+    additionalDataSources: []
+EOT
+)}
 sql-exporter:
   enabled: ${var.ipa_enabled}
   image:
@@ -143,7 +183,7 @@ tempo:
   tempo:
     repository: ${var.image_registry}/docker.io/grafana/tempo
   EOT
-    ) : (<<EOT
+) : (<<EOT
   prometheus-node-exporter:
     image:
       registry: ${var.image_registry}/quay.io
@@ -219,6 +259,23 @@ ${local.thanos_config}
         cert-manager.io/cluster-issuer: zerossl
       labels:
         acme.cert-manager.io/dns01-solver: "true"
+${var.enable_loki_logging == true ? (<<EOT
+    additionalDataSources:
+      - name: loki
+        type: loki
+        access: proxy
+        basicAuth: true
+        url: http://monitoring-loki-gateway.monitoring.svc.cluster.local
+        secureJsonData:
+          httpHeaderValue1: logs
+        jsonData:
+          httpHeaderName1: "X-Scope-OrgID"
+EOT
+) : (<<EOT
+    additionalDataSources: []
+EOT
+)}
+
 sql-exporter:
   enabled: ${var.ipa_enabled}
   image:
@@ -227,7 +284,7 @@ tempo:
   tempo:
     repository: ${var.image_registry}/docker.io/grafana/tempo
 EOT
-  )
+)
 }
 
 

diff --git a/variables.tf b/variables.tf
@@ -1596,8 +1596,8 @@ variable "harbor_customer_robot_username" {
 }
 
 variable "harbor_customer_robot_password" {
-  type        = string
-  default     = ""
+  type    = string
+  default = ""
 }
 
 variable "dev_computer_vision_api_key" {
@@ -1634,7 +1634,7 @@ variable "prod_computer_vision_api_url" {
   type        = string
   default     = ""
   description = "readapi computer vision api url"
-} 
+}
 
 variable "prod_form_recognizer_api_key" {
   type        = string
@@ -1646,7 +1646,7 @@ variable "prod_form_recognizer_api_url" {
   type        = string
   default     = ""
   description = "readapi form recognizer api url"
-} 
+}
 
 variable "dev_apikey" {
   type        = string
@@ -1670,4 +1670,16 @@ variable "prod_billing" {
   type        = string
   default     = ""
   description = "This is the billing url for readapi and has the same value as prod_computer_vision_api_url "
-}
+}
+
+variable "enable_loki_logging" {
+  type        = bool
+  default     = false
+  description = "Toggle for enabling loki logging"
+}
+
+variable "loki_s3_bucket_name_override" {
+  type        = string
+  default     = null
+  description = "The name of the existing S3 bucket to be loaded and used as the loki bucket"
+}