Skip to content

Commit

Permalink
added cloudwatch subscription
Browse files Browse the repository at this point in the history
  • Loading branch information
jamesgreen-moj committed Feb 1, 2024
1 parent d76a1c8 commit 30af061
Show file tree
Hide file tree
Showing 5 changed files with 58 additions and 3 deletions.
2 changes: 1 addition & 1 deletion data.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
locals {
xaiam_secrets_version_development = "2f39a1d3-b363-4d24-8749-f0ae737c2824"
xaiam_secrets_version_development = "74b8d013-7096-415b-a8f4-20adc4624667"
xaiam_secrets_version_pre_production = ""
xaiam_secrets_version_production = ""
}
Expand Down
1 change: 1 addition & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -317,6 +317,7 @@ module "kinesis_firehose_xsiam" {
access_key = jsondecode(data.aws_secretsmanager_secret_version.xaiam_secrets_version.secret_string)["access_key"]
prefix = "${module.label.id}-xsiam"
tags = module.label.tags
cloudwatch_log_group_for_subscription = module.radius.cloudwatch.server_log_group_name

providers = {
aws = aws.env
Expand Down
53 changes: 53 additions & 0 deletions modules/kinesis_firehose_xsiam/log_group_subscription.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter" {
name = "xsiam-delivery-stream-${var.prefix}"
role_arn = aws_iam_role.this.arn
log_group_name = var.cloudwatch_log_group_for_subscription
filter_pattern = ""
destination_arn = aws_kinesis_firehose_delivery_stream.xsiam_delivery_stream.arn
}

resource "aws_iam_role" "this" {
name_prefix = var.prefix
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "logs.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}

resource "aws_iam_policy" "put_record" {
name_prefix = var.prefix
tags = var.tags
policy = <<-EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Resource": [
"${aws_kinesis_firehose_delivery_stream.xsiam_delivery_stream.arn}"
]
}
]
}
EOF
}

resource "aws_iam_role_policy_attachment" "this" {
role = aws_iam_role.this.name
policy_arn = aws_iam_policy.put_record.arn
}
2 changes: 0 additions & 2 deletions modules/kinesis_firehose_xsiam/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@ resource "aws_cloudwatch_log_stream" "xsiam_delivery_stream" {

resource "aws_iam_role" "xsiam_kinesis_firehose_role" {

//name = "kinesis-firehose-role-xsiam"

assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
Expand Down
3 changes: 3 additions & 0 deletions modules/kinesis_firehose_xsiam/variable.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,6 @@ variable "access_key" {
variable "tags" {
type = map(string)
}
variable "cloudwatch_log_group_for_subscription" {
type = string
}

0 comments on commit 30af061

Please sign in to comment.