From 0df17f7e525add9da1168a4c5221008183d8063b Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 13:50:17 +0000 Subject: [PATCH 01/15] :sparkles: Enable EventBridge -> Cloudwatch --- .../auth0-log-steams.tf | 10 ++++ .../environment-configuration.tf | 16 ++++++ .../modules/auth0-log-streams/locals.tf | 3 + .../modules/auth0-log-streams/main.tf | 56 +++++++++++++++++++ .../modules/auth0-log-streams/variables.tf | 16 ++++++ 5 files changed, 101 insertions(+) create mode 100644 terraform/environments/data-platform-apps-and-tools/auth0-log-steams.tf create mode 100644 terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/locals.tf create mode 100644 terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf create mode 100644 terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/variables.tf diff --git a/terraform/environments/data-platform-apps-and-tools/auth0-log-steams.tf b/terraform/environments/data-platform-apps-and-tools/auth0-log-steams.tf new file mode 100644 index 00000000000..f1307cb0a73 --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/auth0-log-steams.tf @@ -0,0 +1,10 @@ +module "auth0_log_streams" { + source = "./modules/auth0-log-streams" + + for_each = local.environment_configuration.auth0_log_streams + + name = each.key + event_source_name = each.value.event_source_name + + tags = local.tags +} diff --git a/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf b/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf index daba0032339..dd9efd8593b 100644 --- a/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf +++ b/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf @@ -11,6 +11,14 @@ locals { eks_cluster_name = "apps-tools-development" route53_zone = "apps-tools.development.data-platform.service.justice.gov.uk" ses_domain_identity = "apps-tools.development.data-platform.service.justice.gov.uk" + auth0_log_streams = { + "dev-analytics-moj" = { + event_source_name = "aws.partner/auth0.com/alpha-analytics-moj-e03aeb05-4c4e-4b55-9c7e-7929526f3181/auth0.logs" + } + "ministryofjustice-data-platform-development" = { + event_source_name = "aws.partner/auth0.com/ministryofjustice-data-platform-development-a628362c-f79b-46e9-9604-7c9861565a1b/auth0.logs" + } + } } production = { eks_cluster_arn = "arn:aws:eks:eu-west-1:312423030077:cluster/production-dBSvju9Y" @@ -19,6 +27,14 @@ locals { eks_cluster_name = "production-dBSvju9Y" route53_zone = "apps-tools.data-platform.service.justice.gov.uk" ses_domain_identity = "apps-tools.data-platform.service.justice.gov.uk" + auth0_log_streams = { + "alpha-analytics-moj" = { + event_source_name = "aws.partner/auth0.com/alpha-analytics-moj-e03aeb05-4c4e-4b55-9c7e-7929526f3181/auth0.logs" + } + "ministryofjustice-data-platform" = { + event_source_name = "aws.partner/auth0.com/ministryofjustice-data-platform-e95e4fb0-f6f8-455f-9b62-61608adafd69/auth0.logs" + } + } } } } diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/locals.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/locals.tf new file mode 100644 index 00000000000..438855a53ff --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/locals.tf @@ -0,0 +1,3 @@ +locals { + cloudwatch_log_group_name = "/aws/events/auth0/${var.name}" +} diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf new file mode 100644 index 00000000000..9f1f2c4f7ea --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -0,0 +1,56 @@ +module "kms_key" { + #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions + source = "terraform-aws-modules/kms/aws" + version = "2.1.0" + + aliases = ["auth0/${var.name}"] + description = "Auth0 KMS Key for ${var.name}" + enable_default_policy = true + + deletion_window_in_days = 7 + + key_statements = [ + { + sid = "AWSEventBridge" + actions = [ + "kms:Decrypt", + "kms:GenerateDataKey", + ] + resources = ["*"] + + principals = [ + { + type = "Service" + identifiers = ["events.amazonaws.com"] + } + ] + } + ] + + tags = var.tags +} + +resource "aws_cloudwatch_log_group" "this" { + name = local.cloudwatch_log_group_name + + kms_key_id = module.kms_key.key_arn + retention_in_days = var.retention_in_days +} + +resource "aws_cloudwatch_event_rule" "this" { + name = var.name + event_bus_name = var.event_source_name + + event_pattern = jsonencode({ + source = [{ + prefix = "aws.partner/auth0.com" + }] + }) +} + +resource "aws_cloudwatch_event_target" "this" { + target_id = "auth0-to-cloudwatch-logs" + event_bus_name = var.event_source_name + rule = aws_cloudwatch_event_rule.this.name + arn = aws_cloudwatch_log_group.this.arn +} diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/variables.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/variables.tf new file mode 100644 index 00000000000..4f4cf62f922 --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/variables.tf @@ -0,0 +1,16 @@ +variable "name" { + type = string +} + +variable "event_source_name" { + type = string +} + +variable "tags" { + type = map(string) +} + +variable "retention_in_days" { + type = number + default = 400 +} \ No newline at end of file From ae384fcf088c093c98e48a88f368598477b0f8dd Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:02:52 +0000 Subject: [PATCH 02/15] :pencil2: Corrections --- .../modules/auth0-log-streams/data.tf | 4 +++ .../modules/auth0-log-streams/main.tf | 28 ++++++++++++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/data.tf diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/data.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/data.tf new file mode 100644 index 00000000000..68704fdcb33 --- /dev/null +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/data.tf @@ -0,0 +1,4 @@ +# Current account data +data "aws_region" "current" {} + +data "aws_caller_identity" "current" {} diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index 9f1f2c4f7ea..e65e545d3db 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -17,13 +17,39 @@ module "kms_key" { "kms:GenerateDataKey", ] resources = ["*"] - principals = [ { type = "Service" identifiers = ["events.amazonaws.com"] } ] + }, + { + sid = "CloudWatchLogs" + actions = [ + "kms:Encrypt*", + "kms:Decrypt*", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:Describe*" + ] + resources = ["*"] + + principals = [ + { + type = "Service" + identifiers = ["logs.${data.aws_region.current.name}.amazonaws.com"] + } + ] + conditions = [ + { + test = "ArnLike" + variable = "kms:EncryptionContext:aws:logs:arn" + values = [ + "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:${local.cloudwatch_log_group_name}:*", + ] + } + ] } ] From c6d79212a5685f0be9658b6c71d7499543cd2601 Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:16:09 +0000 Subject: [PATCH 03/15] :wrench: Add Cloudwatch Event Bus Data block etc --- .../modules/auth0-log-streams/data.tf | 4 ++++ .../modules/auth0-log-streams/main.tf | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/data.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/data.tf index 68704fdcb33..cba8db91b99 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/data.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/data.tf @@ -2,3 +2,7 @@ data "aws_region" "current" {} data "aws_caller_identity" "current" {} + +data "aws_cloudwatch_event_source" "this" { + name_prefix = var.event_source_name +} \ No newline at end of file diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index e65e545d3db..7b2bd5dbff9 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -56,6 +56,11 @@ module "kms_key" { tags = var.tags } +resource "aws_cloudwatch_event_bus" "this" { + name = data.aws_cloudwatch_event_source.this.name + event_source_name = data.aws_cloudwatch_event_source.this.name +} + resource "aws_cloudwatch_log_group" "this" { name = local.cloudwatch_log_group_name @@ -65,7 +70,7 @@ resource "aws_cloudwatch_log_group" "this" { resource "aws_cloudwatch_event_rule" "this" { name = var.name - event_bus_name = var.event_source_name + event_bus_name = aws_cloudwatch_event_bus.this.name event_pattern = jsonencode({ source = [{ From b8e929cdbdf832ef1c3ee8b5262b05deaff4376a Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:29:44 +0000 Subject: [PATCH 04/15] :wrench: Update prod event source name --- .../data-platform-apps-and-tools/environment-configuration.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf b/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf index dd9efd8593b..d9d41f99097 100644 --- a/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf +++ b/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf @@ -13,7 +13,7 @@ locals { ses_domain_identity = "apps-tools.development.data-platform.service.justice.gov.uk" auth0_log_streams = { "dev-analytics-moj" = { - event_source_name = "aws.partner/auth0.com/alpha-analytics-moj-e03aeb05-4c4e-4b55-9c7e-7929526f3181/auth0.logs" + event_source_name = "aws.partner/auth0.com/dev-analytics-moj-20c1595d-28e2-4822-9e1c-cb29ac38c7d2/auth0.logs" } "ministryofjustice-data-platform-development" = { event_source_name = "aws.partner/auth0.com/ministryofjustice-data-platform-development-a628362c-f79b-46e9-9604-7c9861565a1b/auth0.logs" From d6d06aef8717bd246e388f23b5150328e77ed434 Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:29:57 +0000 Subject: [PATCH 05/15] :wrench: Update event source local --- .../data-platform-apps-and-tools/environment-configuration.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf b/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf index d9d41f99097..2d0dc3827a9 100644 --- a/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf +++ b/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf @@ -32,7 +32,7 @@ locals { event_source_name = "aws.partner/auth0.com/alpha-analytics-moj-e03aeb05-4c4e-4b55-9c7e-7929526f3181/auth0.logs" } "ministryofjustice-data-platform" = { - event_source_name = "aws.partner/auth0.com/ministryofjustice-data-platform-e95e4fb0-f6f8-455f-9b62-61608adafd69/auth0.logs" + event_source_name = "aws.partner/auth0.com/alpha-analytics-moj-5246b1ce-4ea2-45ab-9c2d-1414d6ff608a/auth0.logs" } } } From c03357641177780dda3dd3430b165e635363fba2 Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 15:27:22 +0000 Subject: [PATCH 06/15] :test_tube: Testing condition --- .../modules/auth0-log-streams/main.tf | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index 7b2bd5dbff9..fc08a782cb1 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -41,15 +41,15 @@ module "kms_key" { identifiers = ["logs.${data.aws_region.current.name}.amazonaws.com"] } ] - conditions = [ - { - test = "ArnLike" - variable = "kms:EncryptionContext:aws:logs:arn" - values = [ - "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:${local.cloudwatch_log_group_name}:*", - ] - } - ] + # conditions = [ + # { + # test = "ArnLike" + # variable = "kms:EncryptionContext:aws:logs:arn" + # values = [ + # "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:${local.cloudwatch_log_group_name}:*", + # ] + # } + # ] } ] From 09511357c031a1dd67cee0d6d49a23b4585821b4 Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 15:33:15 +0000 Subject: [PATCH 07/15] :wrench: Remove * --- .../modules/auth0-log-streams/main.tf | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index fc08a782cb1..6a2be32aff9 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -41,15 +41,15 @@ module "kms_key" { identifiers = ["logs.${data.aws_region.current.name}.amazonaws.com"] } ] - # conditions = [ - # { - # test = "ArnLike" - # variable = "kms:EncryptionContext:aws:logs:arn" - # values = [ - # "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:${local.cloudwatch_log_group_name}:*", - # ] - # } - # ] + conditions = [ + { + test = "ArnLike" + variable = "kms:EncryptionContext:aws:logs:arn" + values = [ + "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:${local.cloudwatch_log_group_name}", + ] + } + ] } ] From 894ec4e5006c9fa9d8580dbf1fa30baa61df08b8 Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 16:06:02 +0000 Subject: [PATCH 08/15] :wrench: Remove KMS - troubleshooting --- .../modules/auth0-log-streams/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index 6a2be32aff9..5ab3f04af0f 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -64,7 +64,7 @@ resource "aws_cloudwatch_event_bus" "this" { resource "aws_cloudwatch_log_group" "this" { name = local.cloudwatch_log_group_name - kms_key_id = module.kms_key.key_arn + # kms_key_id = module.kms_key.key_arn retention_in_days = var.retention_in_days } From 47c340aab4fd068e63c5eac6c3f7680fdd050469 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 13 Nov 2023 16:52:09 +0000 Subject: [PATCH 09/15] =?UTF-8?q?Add=20permissions=20that=20AWS=20console?= =?UTF-8?q?=20adds=20for=20you=20=F0=9F=A4=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jacob Woffenden --- .../modules/auth0-log-streams/main.tf | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index 5ab3f04af0f..cce2a4c5350 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -64,10 +64,30 @@ resource "aws_cloudwatch_event_bus" "this" { resource "aws_cloudwatch_log_group" "this" { name = local.cloudwatch_log_group_name - # kms_key_id = module.kms_key.key_arn + kms_key_id = module.kms_key.key_arn retention_in_days = var.retention_in_days } +data "aws_iam_policy_document" "this" { + statement { + actions = [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:PutLogEventsBatch" + ] + principals { + type = "Service" + identifiers = ["events.amazonaws.com", "delivery.logs.amazonaws.com"] + } + resources = ["${aws_cloudwatch_log_group.this.arn}:*}"] + } +} + +resource "aws_cloudwatch_log_resource_policy" "this" { + policy_name = "events-to-cloudwatch-logs" + policy_document = data.aws_iam_policy_document.this.json +} + resource "aws_cloudwatch_event_rule" "this" { name = var.name event_bus_name = aws_cloudwatch_event_bus.this.name From a23a5d131978c573bb4081a6e7206f7b6a8566d9 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 13 Nov 2023 16:53:48 +0000 Subject: [PATCH 10/15] Remove rouge } Signed-off-by: Jacob Woffenden --- .../modules/auth0-log-streams/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index cce2a4c5350..c5d54e3c863 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -79,7 +79,7 @@ data "aws_iam_policy_document" "this" { type = "Service" identifiers = ["events.amazonaws.com", "delivery.logs.amazonaws.com"] } - resources = ["${aws_cloudwatch_log_group.this.arn}:*}"] + resources = ["${aws_cloudwatch_log_group.this.arn}:*"] } } From b809bf92653cef0af58c712a95c7417058e07d60 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 13 Nov 2023 16:59:56 +0000 Subject: [PATCH 11/15] Update Auth0 event source name for prod Signed-off-by: Jacob Woffenden --- .../data-platform-apps-and-tools/environment-configuration.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf b/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf index 2d0dc3827a9..1a0702446ba 100644 --- a/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf +++ b/terraform/environments/data-platform-apps-and-tools/environment-configuration.tf @@ -29,7 +29,7 @@ locals { ses_domain_identity = "apps-tools.data-platform.service.justice.gov.uk" auth0_log_streams = { "alpha-analytics-moj" = { - event_source_name = "aws.partner/auth0.com/alpha-analytics-moj-e03aeb05-4c4e-4b55-9c7e-7929526f3181/auth0.logs" + event_source_name = "aws.partner/auth0.com/alpha-analytics-moj-5246b1ce-4ea2-45ab-9c2d-1414d6ff608a/auth0.logs" } "ministryofjustice-data-platform" = { event_source_name = "aws.partner/auth0.com/alpha-analytics-moj-5246b1ce-4ea2-45ab-9c2d-1414d6ff608a/auth0.logs" From c5fbf5c3e5b26b3cfe61644efe7a330c072577bb Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 13 Nov 2023 17:10:53 +0000 Subject: [PATCH 12/15] remove cloudwatch logs Signed-off-by: Jacob Woffenden --- .../modules/auth0-log-streams/main.tf | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index c5d54e3c863..00e4b01abd6 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -61,32 +61,32 @@ resource "aws_cloudwatch_event_bus" "this" { event_source_name = data.aws_cloudwatch_event_source.this.name } -resource "aws_cloudwatch_log_group" "this" { - name = local.cloudwatch_log_group_name +# resource "aws_cloudwatch_log_group" "this" { +# name = local.cloudwatch_log_group_name - kms_key_id = module.kms_key.key_arn - retention_in_days = var.retention_in_days -} +# kms_key_id = module.kms_key.key_arn +# retention_in_days = var.retention_in_days +# } -data "aws_iam_policy_document" "this" { - statement { - actions = [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:PutLogEventsBatch" - ] - principals { - type = "Service" - identifiers = ["events.amazonaws.com", "delivery.logs.amazonaws.com"] - } - resources = ["${aws_cloudwatch_log_group.this.arn}:*"] - } -} +# data "aws_iam_policy_document" "this" { +# statement { +# actions = [ +# "logs:CreateLogStream", +# "logs:PutLogEvents", +# "logs:PutLogEventsBatch" +# ] +# principals { +# type = "Service" +# identifiers = ["events.amazonaws.com", "delivery.logs.amazonaws.com"] +# } +# resources = ["${aws_cloudwatch_log_group.this.arn}:*"] +# } +# } -resource "aws_cloudwatch_log_resource_policy" "this" { - policy_name = "events-to-cloudwatch-logs" - policy_document = data.aws_iam_policy_document.this.json -} +# resource "aws_cloudwatch_log_resource_policy" "this" { +# policy_name = "events-to-cloudwatch-logs" +# policy_document = data.aws_iam_policy_document.this.json +# } resource "aws_cloudwatch_event_rule" "this" { name = var.name @@ -99,9 +99,9 @@ resource "aws_cloudwatch_event_rule" "this" { }) } -resource "aws_cloudwatch_event_target" "this" { - target_id = "auth0-to-cloudwatch-logs" - event_bus_name = var.event_source_name - rule = aws_cloudwatch_event_rule.this.name - arn = aws_cloudwatch_log_group.this.arn -} +# resource "aws_cloudwatch_event_target" "this" { +# target_id = "auth0-to-cloudwatch-logs" +# event_bus_name = var.event_source_name +# rule = aws_cloudwatch_event_rule.this.name +# arn = aws_cloudwatch_log_group.this.arn +# } From cabcc4228b3167d329db3ba627589e97738b274b Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 13 Nov 2023 17:11:20 +0000 Subject: [PATCH 13/15] remove rule Signed-off-by: Jacob Woffenden --- .../modules/auth0-log-streams/main.tf | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index 00e4b01abd6..85d787d5935 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -88,16 +88,16 @@ resource "aws_cloudwatch_event_bus" "this" { # policy_document = data.aws_iam_policy_document.this.json # } -resource "aws_cloudwatch_event_rule" "this" { - name = var.name - event_bus_name = aws_cloudwatch_event_bus.this.name +# resource "aws_cloudwatch_event_rule" "this" { +# name = var.name +# event_bus_name = aws_cloudwatch_event_bus.this.name - event_pattern = jsonencode({ - source = [{ - prefix = "aws.partner/auth0.com" - }] - }) -} +# event_pattern = jsonencode({ +# source = [{ +# prefix = "aws.partner/auth0.com" +# }] +# }) +# } # resource "aws_cloudwatch_event_target" "this" { # target_id = "auth0-to-cloudwatch-logs" From cfc0010934e23faae7272f6bcae322deeb43a0df Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Mon, 13 Nov 2023 17:14:37 +0000 Subject: [PATCH 14/15] add it back Signed-off-by: Jacob Woffenden --- .../modules/auth0-log-streams/main.tf | 76 +++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index 85d787d5935..c5d54e3c863 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -61,47 +61,47 @@ resource "aws_cloudwatch_event_bus" "this" { event_source_name = data.aws_cloudwatch_event_source.this.name } -# resource "aws_cloudwatch_log_group" "this" { -# name = local.cloudwatch_log_group_name +resource "aws_cloudwatch_log_group" "this" { + name = local.cloudwatch_log_group_name -# kms_key_id = module.kms_key.key_arn -# retention_in_days = var.retention_in_days -# } + kms_key_id = module.kms_key.key_arn + retention_in_days = var.retention_in_days +} -# data "aws_iam_policy_document" "this" { -# statement { -# actions = [ -# "logs:CreateLogStream", -# "logs:PutLogEvents", -# "logs:PutLogEventsBatch" -# ] -# principals { -# type = "Service" -# identifiers = ["events.amazonaws.com", "delivery.logs.amazonaws.com"] -# } -# resources = ["${aws_cloudwatch_log_group.this.arn}:*"] -# } -# } +data "aws_iam_policy_document" "this" { + statement { + actions = [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:PutLogEventsBatch" + ] + principals { + type = "Service" + identifiers = ["events.amazonaws.com", "delivery.logs.amazonaws.com"] + } + resources = ["${aws_cloudwatch_log_group.this.arn}:*"] + } +} -# resource "aws_cloudwatch_log_resource_policy" "this" { -# policy_name = "events-to-cloudwatch-logs" -# policy_document = data.aws_iam_policy_document.this.json -# } +resource "aws_cloudwatch_log_resource_policy" "this" { + policy_name = "events-to-cloudwatch-logs" + policy_document = data.aws_iam_policy_document.this.json +} -# resource "aws_cloudwatch_event_rule" "this" { -# name = var.name -# event_bus_name = aws_cloudwatch_event_bus.this.name +resource "aws_cloudwatch_event_rule" "this" { + name = var.name + event_bus_name = aws_cloudwatch_event_bus.this.name -# event_pattern = jsonencode({ -# source = [{ -# prefix = "aws.partner/auth0.com" -# }] -# }) -# } + event_pattern = jsonencode({ + source = [{ + prefix = "aws.partner/auth0.com" + }] + }) +} -# resource "aws_cloudwatch_event_target" "this" { -# target_id = "auth0-to-cloudwatch-logs" -# event_bus_name = var.event_source_name -# rule = aws_cloudwatch_event_rule.this.name -# arn = aws_cloudwatch_log_group.this.arn -# } +resource "aws_cloudwatch_event_target" "this" { + target_id = "auth0-to-cloudwatch-logs" + event_bus_name = var.event_source_name + rule = aws_cloudwatch_event_rule.this.name + arn = aws_cloudwatch_log_group.this.arn +} From d6ea66efa3843e5710c6e0f63aeb324bec1bf9a2 Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Mon, 13 Nov 2023 17:20:55 +0000 Subject: [PATCH 15/15] :wrench: Remove loop --- .../modules/auth0-log-streams/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf index c5d54e3c863..1283976d692 100644 --- a/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf +++ b/terraform/environments/data-platform-apps-and-tools/modules/auth0-log-streams/main.tf @@ -84,7 +84,7 @@ data "aws_iam_policy_document" "this" { } resource "aws_cloudwatch_log_resource_policy" "this" { - policy_name = "events-to-cloudwatch-logs" + policy_name = var.name policy_document = data.aws_iam_policy_document.this.json }