terraform-provider-sumologic icon indicating copy to clipboard operation
terraform-provider-sumologic copied to clipboard

Published 20 hours ago verified publisher icon SumoLogic

feat: s3 data forwarding

Open imranismail opened this issue 1 year ago • 9 comments

Support use-case to deploy S3 data forwarding destination and rules

resource "aws_s3_bucket" "this" {
  bucket = "${terraform.workspace}-sumologic"
}

resource "aws_s3_bucket_public_access_block" "this" {
  bucket                  = aws_s3_bucket.this.id
  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
}

data "aws_iam_policy_document" "trust" {
  statement {
    actions = ["sts:AssumeRole"]
    effect  = "Allow"

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::926226587429:root"]
    }

    condition {
      test     = "StringEquals"
      variable = "sts:ExternalId"
      values   = ["au:0000000000595DED"]
    }
  }
}

resource "aws_iam_role" "this" {
  name               = "${terraform.workspace}-sumologic-s3-writer"
  assume_role_policy = data.aws_iam_policy_document.trust.json
}

data "aws_iam_policy_document" "role" {
  statement {
    actions   = ["s3:PutObject"]
    resources = ["${aws_s3_bucket.this.arn}/*"]
  }
}

resource "aws_iam_role_policy" "this" {
  name   = "sumologic-s3-writer"
  role   = aws_iam_role.this.id
  policy = data.aws_iam_policy_document.role.json
}

data "sumologic_partitions" "this" {}

resource "sumologic_s3_data_forwarding_destination" "this" {
  depends_on          = [aws_iam_role_policy.this]
  name                = "${terraform.workspace}-sumologic"
  bucket_name         = aws_s3_bucket.this.bucket
  authentication_mode = "RoleBased"
  role_arn            = aws_iam_role.this.arn
  encrypted           = true
}


locals {
  partitions = {
    for partition in data.sumologic_partitions.this.partitions : partition.name => partition
    if startswith(partition.name, "${terraform.workspace}_eks_") && partition.analytics_tier != "infrequent"
  }
}


resource "sumologic_s3_data_forwarding_rule" "this" {
  for_each       = local.partitions
  index_id       = each.value.id
  destination_id = sumologic_s3_data_forwarding_destination.this.id
  file_format    = "{index}/{day}/{hour}_{minute}_{second}"
}

imranismail avatar Mar 22 '24 04:03 imranismail

@vsinghal13 can you take a look?

sumovishal avatar Mar 22 '24 17:03 sumovishal

@sumovishal this is not owned by Data Collection team.

vsinghal13 avatar Mar 22 '24 18:03 vsinghal13

@ksbagr seems to be last person who made some changes to partitions. can you review this?

vsinghal13 avatar Mar 22 '24 18:03 vsinghal13

Hi folks, any chance to get this in?

imranismail avatar Apr 21 '24 10:04 imranismail

Hey folks, any chance to get this in or do we have to maintain a fork of this from now on?

imranismail avatar May 07 '24 23:05 imranismail

@AyanGhatak can you take a look?

sumovishal avatar May 08 '24 21:05 sumovishal

Tests are missing

ssharma-sumologic avatar May 09 '24 12:05 ssharma-sumologic

@ssharma-sumologic please review again. If the PR looks good, can you open it against the provider repo? We can't run acceptance tests here.

sumovishal avatar Jun 13 '24 16:06 sumovishal

@imranismail - We will be releasing the changes here.

namangoya avatar Sep 19 '24 17:09 namangoya