Last active
September 7, 2023 08:58
-
-
Save Mallear/43107fd180fd7f4b1266f503f02d2fdf to your computer and use it in GitHub Desktop.
awscc_timestream_scheduled_query issue
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data.aws_iam_policy.managed_timestream_full_access: Reading... | |
data.aws_caller_identity.current: Reading... | |
data.aws_iam_policy_document.assume_role_policy: Reading... | |
data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=341341799] | |
data.aws_caller_identity.current: Read complete after 0s [id=1234567890] | |
data.aws_iam_policy.managed_timestream_full_access: Read complete after 8s [id=arn:aws:iam::aws:policy/AmazonTimestreamFullAccess] | |
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated | |
with the following symbols: | |
+ create | |
<= read (data resources) | |
Terraform will perform the following actions: | |
# data.aws_iam_policy_document.role_policy will be read during apply | |
# (config refers to values not yet known) | |
<= data "aws_iam_policy_document" "role_policy" { | |
+ id = (known after apply) | |
+ json = (known after apply) | |
+ statement { | |
+ actions = [ | |
+ "kms:Decrypt", | |
+ "kms:GenerateDataKey", | |
] | |
+ effect = "Allow" | |
+ resources = [ | |
+ (known after apply), | |
] | |
+ sid = "KMSAccess" | |
} | |
+ statement { | |
+ actions = [ | |
+ "sns:Publish", | |
] | |
+ effect = "Allow" | |
+ resources = [ | |
+ (known after apply), | |
] | |
+ sid = "SnsPublish" | |
} | |
+ statement { | |
+ actions = [ | |
+ "s3:GetBucketAcl", | |
+ "s3:PutObject", | |
] | |
+ effect = "Allow" | |
+ resources = [ | |
+ (known after apply), | |
+ (known after apply), | |
] | |
+ sid = "BucketAccess" | |
} | |
} | |
# data.aws_iam_policy_document.sns_topic_policy will be read during apply | |
# (config refers to values not yet known) | |
<= data "aws_iam_policy_document" "sns_topic_policy" { | |
+ id = (known after apply) | |
+ json = (known after apply) | |
+ policy_id = "__default_policy_ID" | |
+ statement { | |
+ actions = [ | |
+ "SNS:AddPermission", | |
+ "SNS:DeleteTopic", | |
+ "SNS:GetTopicAttributes", | |
+ "SNS:ListSubscriptionsByTopic", | |
+ "SNS:Publish", | |
+ "SNS:Receive", | |
+ "SNS:RemovePermission", | |
+ "SNS:SetTopicAttributes", | |
+ "SNS:Subscribe", | |
] | |
+ effect = "Allow" | |
+ resources = [ | |
+ (known after apply), | |
] | |
+ sid = "__default_statement_ID" | |
+ condition { | |
+ test = "StringEquals" | |
+ values = [ | |
+ "1234567890", | |
] | |
+ variable = "AWS:SourceOwner" | |
} | |
+ principals { | |
+ identifiers = [ | |
+ "*", | |
] | |
+ type = "AWS" | |
} | |
} | |
} | |
# aws_iam_role.this will be created | |
+ resource "aws_iam_role" "this" { | |
+ arn = (known after apply) | |
+ assume_role_policy = jsonencode( | |
{ | |
+ Statement = [ | |
+ { | |
+ Action = "sts:AssumeRole" | |
+ Effect = "Allow" | |
+ Principal = { | |
+ Service = "timestream.amazonaws.com" | |
} | |
}, | |
] | |
+ Version = "2012-10-17" | |
} | |
) | |
+ create_date = (known after apply) | |
+ force_detach_policies = false | |
+ id = (known after apply) | |
+ managed_policy_arns = (known after apply) | |
+ max_session_duration = 3600 | |
+ name = "TimestreamScheduledQueriesDebugRole" | |
+ name_prefix = (known after apply) | |
+ path = "/" | |
+ tags_all = (known after apply) | |
+ unique_id = (known after apply) | |
} | |
# aws_iam_role_policy.name will be created | |
+ resource "aws_iam_role_policy" "name" { | |
+ id = (known after apply) | |
+ name = "TimestreamRolePolicy" | |
+ policy = (known after apply) | |
+ role = "TimestreamScheduledQueriesDebugRole" | |
} | |
# aws_iam_role_policy_attachment.managed_timestream_full_access will be created | |
+ resource "aws_iam_role_policy_attachment" "managed_timestream_full_access" { | |
+ id = (known after apply) | |
+ policy_arn = "arn:aws:iam::aws:policy/AmazonTimestreamFullAccess" | |
+ role = "TimestreamScheduledQueriesDebugRole" | |
} | |
# aws_kms_key.this will be created | |
+ resource "aws_kms_key" "this" { | |
+ arn = (known after apply) | |
+ bypass_policy_lockout_safety_check = false | |
+ customer_master_key_spec = "SYMMETRIC_DEFAULT" | |
+ deletion_window_in_days = 7 | |
+ description = "KMS key module test time stream" | |
+ enable_key_rotation = false | |
+ id = (known after apply) | |
+ is_enabled = true | |
+ key_id = (known after apply) | |
+ key_usage = "ENCRYPT_DECRYPT" | |
+ multi_region = (known after apply) | |
+ policy = (known after apply) | |
+ tags_all = (known after apply) | |
} | |
# aws_s3_bucket.this will be created | |
+ resource "aws_s3_bucket" "this" { | |
+ acceleration_status = (known after apply) | |
+ acl = (known after apply) | |
+ arn = (known after apply) | |
+ bucket = (known after apply) | |
+ bucket_domain_name = (known after apply) | |
+ bucket_prefix = (known after apply) | |
+ bucket_regional_domain_name = (known after apply) | |
+ force_destroy = true | |
+ hosted_zone_id = (known after apply) | |
+ id = (known after apply) | |
+ object_lock_enabled = (known after apply) | |
+ policy = (known after apply) | |
+ region = (known after apply) | |
+ request_payer = (known after apply) | |
+ tags_all = (known after apply) | |
+ website_domain = (known after apply) | |
+ website_endpoint = (known after apply) | |
} | |
# aws_sns_topic.this will be created | |
+ resource "aws_sns_topic" "this" { | |
+ arn = (known after apply) | |
+ content_based_deduplication = false | |
+ fifo_topic = true | |
+ id = (known after apply) | |
+ kms_master_key_id = (known after apply) | |
+ name = "timestream-scheduled-queries-debug-errors.fifo" | |
+ name_prefix = (known after apply) | |
+ owner = (known after apply) | |
+ policy = (known after apply) | |
+ signature_version = (known after apply) | |
+ tags_all = (known after apply) | |
+ tracing_config = (known after apply) | |
} | |
# aws_sns_topic_policy.this will be created | |
+ resource "aws_sns_topic_policy" "this" { | |
+ arn = (known after apply) | |
+ id = (known after apply) | |
+ owner = (known after apply) | |
+ policy = (known after apply) | |
} | |
# aws_timestreamwrite_database.this will be created | |
+ resource "aws_timestreamwrite_database" "this" { | |
+ arn = (known after apply) | |
+ database_name = "timestream-scheduled-queries-debug-db" | |
+ id = (known after apply) | |
+ kms_key_id = (known after apply) | |
+ table_count = (known after apply) | |
+ tags_all = (known after apply) | |
} | |
# aws_timestreamwrite_table.source will be created | |
+ resource "aws_timestreamwrite_table" "source" { | |
+ arn = (known after apply) | |
+ database_name = "timestream-scheduled-queries-debug-db" | |
+ id = (known after apply) | |
+ table_name = "source" | |
+ tags_all = (known after apply) | |
} | |
# aws_timestreamwrite_table.target will be created | |
+ resource "aws_timestreamwrite_table" "target" { | |
+ arn = (known after apply) | |
+ database_name = "timestream-scheduled-queries-debug-db" | |
+ id = (known after apply) | |
+ table_name = "target" | |
+ tags_all = (known after apply) | |
} | |
# awscc_timestream_scheduled_query.this will be created | |
+ resource "awscc_timestream_scheduled_query" "this" { | |
+ arn = (known after apply) | |
+ client_token = (known after apply) | |
+ error_report_configuration = { | |
+ s3_configuration = { | |
+ bucket_name = (known after apply) | |
+ encryption_option = (known after apply) | |
+ object_key_prefix = (known after apply) | |
} | |
} | |
+ id = (known after apply) | |
+ kms_key_id = (known after apply) | |
+ notification_configuration = { | |
+ sns_configuration = { | |
+ topic_arn = (known after apply) | |
} | |
} | |
+ query_string = "SELECT organization, workspace, date_trunc('day', time) as time_day, 'clicks' as measure_name, sum(measure_value::bigint)as total_clicks FROM \"timestream-scheduled-queries-debug-db\".\"source\" group by organization, workspace, date_trunc('day', time) order by organization" | |
+ schedule_configuration = { | |
+ schedule_expression = "rate(1 hour)" | |
} | |
+ scheduled_query_execution_role_arn = (known after apply) | |
+ scheduled_query_name = "time-stream-scheduled-queries-debug-query" | |
+ sq_error_report_configuration = (known after apply) | |
+ sq_kms_key_id = (known after apply) | |
+ sq_name = (known after apply) | |
+ sq_notification_configuration = (known after apply) | |
+ sq_query_string = (known after apply) | |
+ sq_schedule_configuration = (known after apply) | |
+ sq_scheduled_query_execution_role_arn = (known after apply) | |
+ sq_target_configuration = (known after apply) | |
+ tags = (known after apply) | |
+ target_configuration = { | |
+ timestream_configuration = { | |
+ database_name = "timestream-scheduled-queries-debug-db" | |
+ dimension_mappings = [ | |
+ { | |
+ dimension_value_type = "VARCHAR" | |
+ name = "organization" | |
}, | |
+ { | |
+ dimension_value_type = "VARCHAR" | |
+ name = "workspace" | |
}, | |
] | |
+ measure_name_column = "measure_name" | |
+ mixed_measure_mappings = (known after apply) | |
+ multi_measure_mappings = { | |
+ multi_measure_attribute_mappings = [ | |
+ { | |
+ measure_value_type = "BIGINT" | |
+ source_column = "total_clicks" | |
+ target_multi_measure_attribute_name = (known after apply) | |
}, | |
] | |
+ target_multi_measure_name = (known after apply) | |
} | |
+ table_name = "target" | |
+ time_column = "time_day" | |
} | |
} | |
} | |
# null_resource.data_injection will be created | |
+ resource "null_resource" "data_injection" { | |
+ id = (known after apply) | |
+ triggers = { | |
+ "source" = "source" | |
} | |
} | |
# random_string.uid will be created | |
+ resource "random_string" "uid" { | |
+ id = (known after apply) | |
+ length = 12 | |
+ lower = true | |
+ min_lower = 0 | |
+ min_numeric = 0 | |
+ min_special = 0 | |
+ min_upper = 0 | |
+ number = true | |
+ numeric = true | |
+ result = (known after apply) | |
+ special = false | |
+ upper = false | |
} | |
Plan: 13 to add, 0 to change, 0 to destroy. | |
random_string.uid: Creating... | |
random_string.uid: Creation complete after 0s [id=i7c7a9186jpm] | |
aws_kms_key.this: Creating... | |
aws_iam_role.this: Creating... | |
aws_s3_bucket.this: Creating... | |
aws_kms_key.this: Creation complete after 0s [id=8d095dcd-3d8f-4034-85f6-4e8e9edc1d77] | |
aws_timestreamwrite_database.this: Creating... | |
aws_sns_topic.this: Creating... | |
aws_iam_role.this: Creation complete after 1s [id=TimestreamScheduledQueriesDebugRole] | |
aws_sns_topic.this: Creation complete after 1s [id=arn:aws:sns:eu-west-1:1234567890:timestream-scheduled-queries-debug-errors.fifo] | |
aws_iam_role_policy_attachment.managed_timestream_full_access: Creating... | |
data.aws_iam_policy_document.sns_topic_policy: Reading... | |
data.aws_iam_policy_document.sns_topic_policy: Read complete after 0s [id=3331851691] | |
aws_sns_topic_policy.this: Creating... | |
aws_sns_topic_policy.this: Creation complete after 0s [id=arn:aws:sns:eu-west-1:1234567890:timestream-scheduled-queries-debug-errors.fifo] | |
aws_timestreamwrite_database.this: Creation complete after 1s [id=timestream-scheduled-queries-debug-db] | |
aws_timestreamwrite_table.target: Creating... | |
aws_timestreamwrite_table.source: Creating... | |
aws_iam_role_policy_attachment.managed_timestream_full_access: Creation complete after 0s [id=TimestreamScheduledQueriesDebugRole-20230907083806223300000001] | |
aws_timestreamwrite_table.target: Creation complete after 1s [id=target:timestream-scheduled-queries-debug-db] | |
aws_s3_bucket.this: Creation complete after 2s [id=timestream-scheduled-queries-debug-i7c7a9186jpm] | |
data.aws_iam_policy_document.role_policy: Reading... | |
data.aws_iam_policy_document.role_policy: Read complete after 0s [id=1835675082] | |
aws_iam_role_policy.name: Creating... | |
aws_timestreamwrite_table.source: Creation complete after 1s [id=source:timestream-scheduled-queries-debug-db] | |
null_resource.data_injection: Creating... | |
null_resource.data_injection: Provisioning with 'local-exec'... | |
null_resource.data_injection (local-exec): Executing: ["/bin/sh" "-c" " aws timestream-write write-records --database-name timestream-scheduled-queries-debug-db --table-name source --records '[{\"Dimensions\": [{\"Name\": \"organization\", \"Value\": \"organization0\", \"DimensionValueType\": \"VARCHAR\"},{\"Name\": \"workspace\", \"Value\": \"workspace0\", \"DimensionValueType\": \"VARCHAR\"}], \"MeasureName\": \"click\", \"MeasureValue\": \"1\", \"MeasureValueType\": \"BIGINT\", \"Time\": \"'\"`date +%s`\"'\", \"TimeUnit\": \"SECONDS\"}]'\n"] | |
aws_iam_role_policy.name: Creation complete after 0s [id=TimestreamScheduledQueriesDebugRole:TimestreamRolePolicy] | |
null_resource.data_injection (local-exec): { | |
null_resource.data_injection (local-exec): "RecordsIngested": { | |
null_resource.data_injection (local-exec): "Total": 1, | |
null_resource.data_injection (local-exec): "MemoryStore": 1, | |
null_resource.data_injection (local-exec): "MagneticStore": 0 | |
null_resource.data_injection (local-exec): } | |
null_resource.data_injection (local-exec): } | |
null_resource.data_injection: Creation complete after 1s [id=7831279995456042712] | |
awscc_timestream_scheduled_query.this: Creating... | |
╷ | |
│ Error: AWS SDK Go Service Operation Incomplete | |
│ | |
│ with awscc_timestream_scheduled_query.this, | |
│ on s3.tf line 182, in resource "awscc_timestream_scheduled_query" "this": | |
│ 182: resource "awscc_timestream_scheduled_query" "this" { | |
│ | |
│ Waiting for Cloud Control API service CreateResource operation | |
│ completion returned: waiter state transitioned to FAILED. | |
│ StatusMessage: Timestream is not authorized to do | |
│ `sts:assumeRole` for given execution role: | |
│ arn:aws:iam::1234567890:role/TimestreamScheduledQueriesDebugRole | |
│ (Service: AmazonTimestreamQuery; Status Code: 400; Error Code: | |
│ ValidationException; Request ID: YVBFMOSCS5EGJLK7VJ67DZ57DE; | |
│ Proxy: null). ErrorCode: InvalidRequest | |
╵ | |
[ This require a 2nd apply ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
random_string.uid: Refreshing state... [id=eqp8tpkv2wai] | |
data.aws_caller_identity.current: Reading... | |
data.aws_iam_policy_document.assume_role_policy: Reading... | |
data.aws_iam_policy.managed_timestream_full_access: Reading... | |
aws_kms_key.this: Refreshing state... [id=8fda971a-ab20-408f-aaff-62cebceb1a3a] | |
data.aws_iam_policy_document.assume_role_policy: Read complete after 0s [id=341341799] | |
aws_s3_bucket.this: Refreshing state... [id=timestream-scheduled-queries-debug-eqp8tpkv2wai] | |
aws_iam_role.this: Refreshing state... [id=TimestreamScheduledQueriesDebugRole] | |
aws_timestreamwrite_database.this: Refreshing state... [id=timestream-scheduled-queries-debug-db] | |
aws_sns_topic.this: Refreshing state... [id=arn:aws:sns:eu-west-1:1234567890:timestream-scheduled-queries-debug-errors.fifo] | |
data.aws_caller_identity.current: Read complete after 0s [id=1234567890] | |
data.aws_iam_policy_document.sns_topic_policy: Reading... | |
data.aws_iam_policy_document.sns_topic_policy: Read complete after 0s [id=3331851691] | |
aws_sns_topic_policy.this: Refreshing state... [id=arn:aws:sns:eu-west-1:1234567890:timestream-scheduled-queries-debug-errors.fifo] | |
aws_timestreamwrite_table.target: Refreshing state... [id=target:timestream-scheduled-queries-debug-db] | |
aws_timestreamwrite_table.source: Refreshing state... [id=source:timestream-scheduled-queries-debug-db] | |
null_resource.data_injection: Refreshing state... [id=1795050389301678762] | |
data.aws_iam_policy_document.role_policy: Reading... | |
data.aws_iam_policy_document.role_policy: Read complete after 0s [id=2080865726] | |
aws_iam_role_policy.name: Refreshing state... [id=TimestreamScheduledQueriesDebugRole:TimestreamRolePolicy] | |
awscc_timestream_scheduled_query.this: Refreshing state... [id=arn:aws:timestream:eu-west-1:1234567890:scheduled-query/time-stream-scheduled-queries-debug-query-9a6f71df24c826b6] | |
data.aws_iam_policy.managed_timestream_full_access: Read complete after 7s [id=arn:aws:iam::aws:policy/AmazonTimestreamFullAccess] | |
aws_iam_role_policy_attachment.managed_timestream_full_access: Refreshing state... [id=TimestreamScheduledQueriesDebugRole-20230907082857153200000001] | |
Terraform used the selected providers to | |
generate the following execution plan. | |
Resource actions are indicated with the | |
following symbols: | |
-/+ destroy and then create replacement | |
Terraform will perform the following actions: | |
# awscc_timestream_scheduled_query.this must be replaced | |
-/+ resource "awscc_timestream_scheduled_query" "this" { | |
~ arn = "arn:aws:timestream:eu-west-1:1234567890:scheduled-query/time-stream-scheduled-queries-debug-query-9a6f71df24c826b6" -> (known after apply) | |
+ client_token = (known after apply) # forces replacement | |
+ error_report_configuration = { # forces replacement | |
+ s3_configuration = { | |
+ bucket_name = "timestream-scheduled-queries-debug-eqp8tpkv2wai" | |
+ encryption_option = (known after apply) | |
+ object_key_prefix = (known after apply) | |
} | |
} | |
~ id = "arn:aws:timestream:eu-west-1:1234567890:scheduled-query/time-stream-scheduled-queries-debug-query-9a6f71df24c826b6" -> (known after apply) | |
+ kms_key_id = "arn:aws:kms:eu-west-1:1234567890:key/8fda971a-ab20-408f-aaff-62cebceb1a3a" # forces replacement | |
+ notification_configuration = { # forces replacement | |
+ sns_configuration = { | |
+ topic_arn = "arn:aws:sns:eu-west-1:1234567890:timestream-scheduled-queries-debug-errors.fifo" | |
} | |
} | |
+ query_string = "SELECT organization, workspace, date_trunc('day', time) as time_day, 'clicks' as measure_name, sum(measure_value::bigint)as total_clicks FROM \"timestream-scheduled-queries-debug-db\".\"source\" group by organization, workspace, date_trunc('day', time) order by organization" # forces replacement | |
+ schedule_configuration = { # forces replacement | |
+ schedule_expression = "rate(1 hour)" | |
} | |
+ scheduled_query_execution_role_arn = "arn:aws:iam::1234567890:role/TimestreamScheduledQueriesDebugRole" # forces replacement | |
+ scheduled_query_name = "time-stream-scheduled-queries-debug-query" # forces replacement | |
~ sq_error_report_configuration = "{S3Configuration: {BucketName: timestream-scheduled-queries-debug-eqp8tpkv2wai,EncryptionOption: SSE_S3}}" -> (known after apply) | |
~ sq_kms_key_id = "arn:aws:kms:eu-west-1:1234567890:key/8fda971a-ab20-408f-aaff-62cebceb1a3a" -> (known after apply) | |
~ sq_name = "time-stream-scheduled-queries-debug-query" -> (known after apply) | |
~ sq_notification_configuration = "{SnsConfiguration: {TopicArn: arn:aws:sns:eu-west-1:1234567890:timestream-scheduled-queries-debug-errors.fifo}}" -> (known after apply) | |
~ sq_query_string = "SELECT organization, workspace, date_trunc('day', time) as time_day, 'clicks' as measure_name, sum(measure_value::bigint)as total_clicks FROM \"timestream-scheduled-queries-debug-db\".\"source\" group by organization, workspace, date_trunc('day', time) order by organization" -> (known after apply) | |
~ sq_schedule_configuration = "{ScheduleExpression: rate(1 hour)}" -> (known after apply) | |
~ sq_scheduled_query_execution_role_arn = "arn:aws:iam::1234567890:role/TimestreamScheduledQueriesDebugRole" -> (known after apply) | |
~ sq_target_configuration = "{TimestreamConfiguration: {DatabaseName: timestream-scheduled-queries-debug-db,TableName: target,TimeColumn: time_day,DimensionMappings: [{Name: organization,DimensionValueType: VARCHAR}, {Name: workspace,DimensionValueType: VARCHAR}],MultiMeasureMappings: {MultiMeasureAttributeMappings: [{SourceColumn: total_clicks,MeasureValueType: BIGINT}]},MeasureNameColumn: measure_name}}" -> (known after apply) | |
+ tags = (known after apply) | |
+ target_configuration = { # forces replacement | |
+ timestream_configuration = { | |
+ database_name = "timestream-scheduled-queries-debug-db" | |
+ dimension_mappings = [ | |
+ { | |
+ dimension_value_type = "VARCHAR" | |
+ name = "organization" | |
}, | |
+ { | |
+ dimension_value_type = "VARCHAR" | |
+ name = "workspace" | |
}, | |
] | |
+ measure_name_column = "measure_name" | |
+ mixed_measure_mappings = (known after apply) | |
+ multi_measure_mappings = { | |
+ multi_measure_attribute_mappings = [ | |
+ { | |
+ measure_value_type = "BIGINT" | |
+ source_column = "total_clicks" | |
+ target_multi_measure_attribute_name = (known after apply) | |
}, | |
] | |
+ target_multi_measure_name = (known after apply) | |
} | |
+ table_name = "target" | |
+ time_column = "time_day" | |
} | |
} | |
} | |
Plan: 1 to add, 0 to change, 1 to destroy. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_version = ">= 1.5.0" | |
required_providers { | |
aws = { | |
source = "hashicorp/aws" | |
version = ">= 5.0.0" | |
} | |
awscc = { | |
source = "hashicorp/awscc" | |
version = ">= 0.53.0" | |
} | |
} | |
} | |
data "aws_caller_identity" "current" {} | |
################# KMS ################# | |
resource "aws_kms_key" "this" { | |
description = "KMS key module test time stream" | |
deletion_window_in_days = 7 | |
} | |
################# S3 ################# | |
resource "random_string" "uid" { | |
length = 12 | |
special = false | |
upper = false | |
} | |
resource "aws_s3_bucket" "this" { | |
bucket = "timestream-scheduled-queries-debug-${random_string.uid.result}" | |
force_destroy = true | |
} | |
################# SNS ################# | |
resource "aws_sns_topic" "this" { | |
name = "timestream-scheduled-queries-debug-errors.fifo" | |
kms_master_key_id = aws_kms_key.this.arn | |
fifo_topic = true | |
content_based_deduplication = false | |
} | |
resource "aws_sns_topic_policy" "this" { | |
arn = aws_sns_topic.this.arn | |
policy = data.aws_iam_policy_document.sns_topic_policy.json | |
} | |
data "aws_iam_policy_document" "sns_topic_policy" { | |
policy_id = "__default_policy_ID" | |
statement { | |
actions = [ | |
"SNS:Subscribe", | |
"SNS:SetTopicAttributes", | |
"SNS:RemovePermission", | |
"SNS:Receive", | |
"SNS:Publish", | |
"SNS:ListSubscriptionsByTopic", | |
"SNS:GetTopicAttributes", | |
"SNS:DeleteTopic", | |
"SNS:AddPermission", | |
] | |
condition { | |
test = "StringEquals" | |
variable = "AWS:SourceOwner" | |
values = [ | |
data.aws_caller_identity.current.account_id, | |
] | |
} | |
effect = "Allow" | |
principals { | |
type = "AWS" | |
identifiers = ["*"] | |
} | |
resources = [ | |
aws_sns_topic.this.arn, | |
] | |
sid = "__default_statement_ID" | |
} | |
} | |
#################### IAM #################### | |
data "aws_iam_policy_document" "assume_role_policy" { | |
statement { | |
actions = [ | |
"sts:AssumeRole" | |
] | |
principals { | |
type = "Service" | |
identifiers = ["timestream.amazonaws.com"] | |
} | |
effect = "Allow" | |
} | |
} | |
resource "aws_iam_role" "this" { | |
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json | |
name = "TimestreamScheduledQueriesDebugRole" | |
} | |
data "aws_iam_policy" "managed_timestream_full_access" { | |
name = "AmazonTimestreamFullAccess" | |
} | |
resource "aws_iam_role_policy_attachment" "managed_timestream_full_access" { | |
policy_arn = data.aws_iam_policy.managed_timestream_full_access.arn | |
role = aws_iam_role.this.name | |
} | |
resource "aws_iam_role_policy" "name" { | |
name = "TimestreamRolePolicy" | |
policy = data.aws_iam_policy_document.role_policy.json | |
role = aws_iam_role.this.name | |
} | |
data "aws_iam_policy_document" "role_policy" { | |
statement { | |
sid = "KMSAccess" | |
effect = "Allow" | |
resources = [aws_kms_key.this.arn] | |
actions = ["kms:Decrypt", "kms:GenerateDataKey"] | |
} | |
statement { | |
sid = "SnsPublish" | |
effect = "Allow" | |
resources = [aws_sns_topic.this.arn] | |
actions = ["sns:Publish"] | |
} | |
statement { | |
sid = "BucketAccess" | |
effect = "Allow" | |
resources = [ | |
"arn:aws:s3:::${aws_s3_bucket.this.bucket}", | |
"arn:aws:s3:::${aws_s3_bucket.this.bucket}/*", | |
] | |
actions = [ | |
"s3:PutObject", | |
"s3:GetBucketAcl", | |
] | |
} | |
} | |
################# Timestream ################# | |
resource "aws_timestreamwrite_database" "this" { | |
database_name = "timestream-scheduled-queries-debug-db" | |
kms_key_id = aws_kms_key.this.arn | |
} | |
resource "aws_timestreamwrite_table" "source" { | |
database_name = aws_timestreamwrite_database.this.database_name | |
table_name = "source" | |
} | |
resource "aws_timestreamwrite_table" "target" { | |
database_name = aws_timestreamwrite_database.this.database_name | |
table_name = "target" | |
} | |
resource "null_resource" "data_injection" { | |
triggers = { | |
source = aws_timestreamwrite_table.source.table_name | |
} | |
provisioner "local-exec" { | |
command = <<EOF | |
aws timestream-write write-records --database-name ${aws_timestreamwrite_database.this.database_name} --table-name ${aws_timestreamwrite_table.source.table_name} --records '[{"Dimensions": [{"Name": "organization", "Value": "organization0", "DimensionValueType": "VARCHAR"},{"Name": "workspace", "Value": "workspace0", "DimensionValueType": "VARCHAR"}], "MeasureName": "click", "MeasureValue": "1", "MeasureValueType": "BIGINT", "Time": "'"`date +%s`"'", "TimeUnit": "SECONDS"}]' | |
EOF | |
} | |
depends_on = [ aws_timestreamwrite_table.source ] | |
} | |
resource "awscc_timestream_scheduled_query" "this" { | |
scheduled_query_name = "time-stream-scheduled-queries-debug-query" | |
kms_key_id = aws_kms_key.this.arn | |
error_report_configuration = { | |
s3_configuration = { | |
bucket_name = aws_s3_bucket.this.bucket | |
} | |
} | |
notification_configuration = { | |
sns_configuration = { | |
topic_arn = aws_sns_topic.this.arn | |
} | |
} | |
query_string = "SELECT organization, workspace, date_trunc('day', time) as time_day, 'clicks' as measure_name, sum(measure_value::bigint)as total_clicks FROM \"timestream-scheduled-queries-debug-db\".\"source\" group by organization, workspace, date_trunc('day', time) order by organization" | |
schedule_configuration = { | |
schedule_expression = "rate(1 hour)" | |
} | |
target_configuration = { | |
timestream_configuration = { | |
database_name = aws_timestreamwrite_database.this.database_name | |
# List custom dimensions of the source table used in the query | |
dimension_mappings = [ | |
{ | |
name = "organization" | |
dimension_value_type = "VARCHAR" | |
}, | |
{ | |
name = "workspace" | |
dimension_value_type = "VARCHAR" | |
} | |
] | |
# Destination table | |
table_name = aws_timestreamwrite_table.target.table_name | |
time_column = "time_day" | |
measure_name_column = "measure_name" | |
multi_measure_mappings = { | |
multi_measure_attribute_mappings = [ | |
{ | |
source_column = "total_clicks" | |
measure_value_type = "BIGINT" | |
} | |
] | |
} | |
} | |
} | |
scheduled_query_execution_role_arn = aws_iam_role.this.arn | |
depends_on = [ null_resource.data_injection ] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"mode": "managed", | |
"type": "awscc_timestream_scheduled_query", | |
"name": "this", | |
"provider": "provider[\"registry.terraform.io/hashicorp/awscc\"]", | |
"instances": [ | |
{ | |
"schema_version": 1, | |
"attributes": { | |
"arn": "arn:aws:timestream:eu-west-1:1234567890:scheduled-query/time-stream-scheduled-queries-debug-query-e0a61331a0b49d25", | |
"client_token": null, | |
"error_report_configuration": null, | |
"id": "arn:aws:timestream:eu-west-1:1234567890:scheduled-query/time-stream-scheduled-queries-debug-query-e0a61331a0b49d25", | |
"kms_key_id": null, | |
"notification_configuration": null, | |
"query_string": null, | |
"schedule_configuration": null, | |
"scheduled_query_execution_role_arn": null, | |
"scheduled_query_name": null, | |
"sq_error_report_configuration": "{S3Configuration: {BucketName: timestream-scheduled-queries-debug-s9awodeds7tp,EncryptionOption: SSE_S3}}", | |
"sq_kms_key_id": "arn:aws:kms:eu-west-1:1234567890:key/8d90cc28-4341-472a-80e0-52934b3a1191", | |
"sq_name": "time-stream-scheduled-queries-debug-query", | |
"sq_notification_configuration": "{SnsConfiguration: {TopicArn: arn:aws:sns:eu-west-1:1234567890:timestream-scheduled-queries-debug-errors.fifo}}", | |
"sq_query_string": "SELECT organization, workspace, date_trunc('day', time) as time_day, 'clicks' as measure_name, sum(measure_value::bigint)as total_clicks FROM \"timestream-scheduled-queries-debug-db\".\"source\" group by organization, workspace, date_trunc('day', time) order by organization", | |
"sq_schedule_configuration": "{ScheduleExpression: rate(1 hour)}", | |
"sq_scheduled_query_execution_role_arn": "arn:aws:iam::1234567890:role/TimestreamScheduledQueriesDebugRole", | |
"sq_target_configuration": "{TimestreamConfiguration: {DatabaseName: timestream-scheduled-queries-debug-db,TableName: target,TimeColumn: time_day,DimensionMappings: [{Name: organization,DimensionValueType: VARCHAR}, {Name: workspace,DimensionValueType: VARCHAR}],MultiMeasureMappings: {MultiMeasureAttributeMappings: [{SourceColumn: total_clicks,MeasureValueType: BIGINT}]},MeasureNameColumn: measure_name}}", | |
"tags": null, | |
"target_configuration": null | |
}, | |
"sensitive_attributes": [] | |
} | |
] | |
}, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment