data "aws_region" "current" {}
data "aws_caller_identity" "current" {}

locals {
  dd_environment = {
    DD_APM_ENABLED                    = "true"
    DD_APM_REPLACE_TAGS               = ""
    DD_CLOUD_PROVIDER_METADATA        = "aws"
    DD_CONTAINER_EXCLUDE              = "image:public.ecr.aws/aws-observability/aws-for-fluent-bit image:public.ecr.aws/datadog/agent"
    DD_DOGSTATSD_NON_LOCAL_TRAFFIC    = "true"
    DD_DOGSTATSD_TAG_CARDINALITY      = "orchestrator"
    DD_HEALTH_PORT                    = "5555"
    DD_LOG_LEVEL                      = "debug"
    DD_LOGS_CONFIG_USE_HTTP           = "true"
    DD_PROCESS_AGENT_CONTAINER_SOURCE = "ecs_fargate"
    DD_PROCESS_AGENT_ENABLED          = "true"
    DD_SITE                           = "us5.datadoghq.com"
    ECS_FARGATE                       = "true"
  }

  dd_port_mappings = [
    [5000, 5000, "tcp"],
    [5001, 5001, "tcp"],
    [5002, 5002, "tcp"],
    [5555, 5555, "tcp"],
    [8125, 8125, "udp"],
    [8126, 8126, "tcp"]
  ]

  log_configuration = {
    logDriver = "awsfirelens"
    options = {
      Name       = "datadog"
      provider   = "ecs"
      Host       = "http-intake.logs.us5.datadoghq.com"
      TLS        = "on"
      dd_service = var.service
      dd_source  = var.dd_source
      dd_tags    = "env:${var.env}"
    }
    secretOptions = [
      {
        name      = "apiKey",
        valueFrom = "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/common/datadog-api-key"
      }
    ]
  }

  log-router = {
    essential = true
    image     = "public.ecr.aws/aws-observability/aws-for-fluent-bit:stable"
    memory    = 128

    firelens_configuration = {
      type = "fluentbit"
      options = {
        enable-ecs-log-metadata = "false"
      }
    }

    create_cloudwatch_log_group = "false"
    log_configuration = {
      logDriver = "awslogs",
      options = {
        awslogs-region        = data.aws_region.current.name,
        awslogs-group         = aws_cloudwatch_log_group.this.name,
        awslogs-stream-prefix = "firelens"
      },
    }
  }

  datadog-agent = {
    essential                = true,
    image                    = "public.ecr.aws/datadog/agent:latest"
    memory                   = 256
    readonly_root_filesystem = false

    port_mappings = [
      for p in local.dd_port_mappings : {
        containerPort = p[0],
        hostPort      = p[1],
        protocol      = p[2]
      }
    ]

    environment = [
      for k, v in local.dd_environment : {
        name  = k,
        value = v
      }
    ]
    secrets = [{
      name      = "DD_API_KEY",
      valueFrom = "arn:aws:ssm:us-east-1:${data.aws_caller_identity.current.account_id}:parameter/common/datadog-api-key"
      }
    ]

    create_cloudwatch_log_group = "false"
    log_configuration = {
      logDriver = "awslogs",
      options = {
        awslogs-region        = data.aws_region.current.name,
        awslogs-group         = aws_cloudwatch_log_group.this.name,
        awslogs-stream-prefix = "datadog-agent"
      },
    }

    health_check = {
      command = [
        "CMD-SHELL",
        "agent health"
      ],
      interval    = 30,
      timeout     = 5,
      retries     = 5,
      startPeriod = 5
    }
  }
}

resource "aws_cloudwatch_log_group" "this" {
  name              = "/ecs/${var.service}/sidecar"
  retention_in_days = 7
}