diff --git a/modules/ManagementGovernance/ssm-schedule-run-command/main.tf b/modules/ManagementGovernance/ssm-schedule-run-command/main.tf index a92c702..1ea7b3d 100644 --- a/modules/ManagementGovernance/ssm-schedule-run-command/main.tf +++ b/modules/ManagementGovernance/ssm-schedule-run-command/main.tf @@ -26,7 +26,7 @@ resource "aws_ssm_maintenance_window" "this" { name = replace(title(var.description), " ", "") description = var.description schedule = var.cron-expression - duration = 2 + duration = var.maintenance-window-duration cutoff = 1 } @@ -58,7 +58,7 @@ resource "aws_ssm_maintenance_window_task" "this" { task_invocation_parameters { run_command_parameters { - timeout_seconds = 600 + timeout_seconds = var.maintenance-window-duration * 60 - 15 cloudwatch_config { cloudwatch_log_group_name = aws_cloudwatch_log_group.this.name @@ -75,6 +75,6 @@ resource "aws_ssm_maintenance_window_task" "this" { resource "aws_cloudwatch_log_group" "this" { name = "/aws/ssm-maintenance/${replace(title(var.description), " ", "")}" - retention_in_days = 30 + retention_in_days = var.cloudwatch-log-retention-days log_group_class = "STANDARD" # infrequent access logs can only be viewed via insight } \ No newline at end of file diff --git a/modules/ManagementGovernance/ssm-schedule-run-command/variables.tf b/modules/ManagementGovernance/ssm-schedule-run-command/variables.tf index 87379ae..0513c03 100644 --- a/modules/ManagementGovernance/ssm-schedule-run-command/variables.tf +++ b/modules/ManagementGovernance/ssm-schedule-run-command/variables.tf @@ -21,4 +21,16 @@ variable description { variable schedule-name { type = string description = "Name of maintenance window. e.g. Daily0900UTC8" +} + +variable maintenance-window-duration { + type = number + description = "Duration of maintenance window, must be >= 2" + default = 2 +} + +variable cloudwatch-log-retention-days { + type = number + description = "Days to retain logs on cloudwatch logs" + default = 30 } \ No newline at end of file