Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better support for multiple CloudWatch Log Groups #27

Closed
eisraeli opened this issue Aug 9, 2023 · 3 comments
Closed

Better support for multiple CloudWatch Log Groups #27

eisraeli opened this issue Aug 9, 2023 · 3 comments

Comments

@eisraeli
Copy link

eisraeli commented Aug 9, 2023
edited
Loading

Hi,
I've tried using the module the following way:

module "kinesis_firehose" {
  for_each                     = aws_cloudwatch_log_group.cloudwatch_log_group
  source                       = "disney/kinesis-firehose-splunk/aws"
  version                      = "8.0.0"
  region                       = local.region  
  arn_cloudwatch_logs_to_ship  = "arn:aws:logs:${local.region}:${local.account_id}:log-group:${each.value.name}:*"
  name_cloudwatch_logs_to_ship = each.value.name
  hec_url                      = "https://......"
  s3_bucket_name               = "${each.value.name}-bucket"
  hec_token                    = var.splunk_hec_token
}

It works great for just one log group.....
But when I try to use the module with multiple log groups, I have to add the following configuration so they will be unique and the Terraform apply will not fail:

  firehose_name                = "kinesis-firehose-to-splunk-${each.key}"
  kinesis_firehose_lambda_role_name = "KinesisFirehoseToLambaRole-${each.key}"
  kinesis_firehose_iam_policy_name = "KinesisFirehose-Policy-${each.key}"
  cloudwatch_to_firehose_trust_iam_role_name = "CloudWatchToSplunkFirehoseTrust-${each.key}"
  lambda_function_name = "kinesis-firehose-transform-${each.key}"
  kinesis_firehose_role_name = "KinesisFirehoseRole-${each.key}"
  lambda_iam_policy_name = "Kinesis-Firehose-to-Splunk-Policy-${each.key}"
  cloudwatch_to_fh_access_policy_name = "KinesisCloudWatchToFirehosePolicy-${each.key}"
  cloudwatch_log_filter_name = "KinesisSubscriptionFilter-${each.key}"
  log_stream_name = "SplunkDelivery-${each.key}"

While adding firehose_name makes sense (as a different FH data stream will be created for each log group), some doesn't make sense.
For example, the roles, policies and Lambda function can be reused instead of creating multiple instances of them.

@mlcooper Any idea how to achieve that ?
@ghost
Copy link

ghost commented Aug 23, 2023

yes please, we need to add a few thousand logs across multiple accounts

@yzargari
Copy link
Contributor

I created PR that I believe may help with this: #30

@mlcooper
Copy link
Collaborator

Now supported in v8.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mlcooper @yzargari @eisraeli