Created
June 21, 2022 00:35
-
-
Save shadycuz/b6bb9980304b76f5bd9d353044e18622 to your computer and use it in GitHub Desktop.
aws_central_logging CF converted to TF using cf2tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_caller_identity" "current" { | |
| } | |
| data "aws_partition" "current" { | |
| } | |
| data "aws_region" "current" { | |
| } | |
| locals { | |
| CLMap = { | |
| Metric = { | |
| SendAnonymousMetric = "Yes" | |
| MetricsEndpoint = "https://metrics.awssolutionsbuilder.com/generic" | |
| } | |
| } | |
| ESMap = { | |
| NodeCount = { | |
| Small = "4" | |
| Medium = "6" | |
| Large = "6" | |
| } | |
| MasterSize = { | |
| Small = "c5.large.elasticsearch" | |
| Medium = "c5.large.elasticsearch" | |
| Large = "c5.large.elasticsearch" | |
| } | |
| InstanceSize = { | |
| Small = "r5.large.elasticsearch" | |
| Medium = "r5.2xlarge.elasticsearch" | |
| Large = "r5.4xlarge.elasticsearch" | |
| } | |
| } | |
| demoDeploymentCheck = var.demo_template == "Yes" | |
| JumpboxDeploymentCheck = var.jumpbox_deploy == "Yes" | |
| CDKMetadataAvailable = anytrue(['anytrue([\'data.aws_region.current.name == "af-south-1"\', \'data.aws_region.current.name == "ap-east-1"\', \'data.aws_region.current.name == "ap-northeast-1"\', \'data.aws_region.current.name == "ap-northeast-2"\', \'data.aws_region.current.name == "ap-south-1"\', \'data.aws_region.current.name == "ap-southeast-1"\', \'data.aws_region.current.name == "ap-southeast-2"\', \'data.aws_region.current.name == "ca-central-1"\', \'data.aws_region.current.name == "cn-north-1"\', \'data.aws_region.current.name == "cn-northwest-1"\'])', 'anytrue([\'data.aws_region.current.name == "eu-central-1"\', \'data.aws_region.current.name == "eu-north-1"\', \'data.aws_region.current.name == "eu-south-1"\', \'data.aws_region.current.name == "eu-west-1"\', \'data.aws_region.current.name == "eu-west-2"\', \'data.aws_region.current.name == "eu-west-3"\', \'data.aws_region.current.name == "me-south-1"\', \'data.aws_region.current.name == "sa-east-1"\', \'data.aws_region.current.name == "us-east-1"\', \'data.aws_region.current.name == "us-east-2"\'])', 'anytrue([\'data.aws_region.current.name == "us-west-1"\', \'data.aws_region.current.name == "us-west-2"\'])']) | |
| } | |
| variable "domain_name" { | |
| type = string | |
| default = "centralizedlogging" | |
| } | |
| variable "admin_email" { | |
| type = string | |
| } | |
| variable "cluster_size" { | |
| description = "Elasticsearch cluster size; small (4 data nodes), medium (6 data nodes), large (6 data nodes)" | |
| type = string | |
| default = "Small" | |
| } | |
| variable "demo_template" { | |
| description = "Deploy demo template for sample data and logs?" | |
| type = string | |
| default = "No" | |
| } | |
| variable "spoke_accounts" { | |
| description = "Account IDs which you want to allow for centralized logging (comma separated list eg. 11111111,22222222)" | |
| type = string | |
| } | |
| variable "spoke_regions" { | |
| description = "Regions which you want to allow for centralized logging (comma separated list eg. us-east-1,us-west-2)" | |
| type = string | |
| default = "All" | |
| } | |
| variable "jumpbox_deploy" { | |
| description = "Do you want to deploy jumbox?" | |
| type = string | |
| default = "No" | |
| } | |
| variable "jumpbox_key" { | |
| description = "Key pair name for jumpbox (You may leave this empty if you chose 'No' above)" | |
| type = string | |
| } | |
| variable "windows_ami" { | |
| type = string | |
| default = "/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base" | |
| } | |
| resource "aws_iam_role" "helper_role_d1833_f54" { | |
| assume_role_policy = { | |
| Statement = [{'Action': '"sts:AssumeRole"', 'Effect': '"Allow"', 'Principal': {'Service': '"lambda.amazonaws.com"'}}] | |
| Version = "2012-10-17" | |
| } | |
| } | |
| resource "aws_iam_policy" "helper_role_policy175990_bad" { | |
| policy = { | |
| Statement = [{'Action': ['"logs:CreateLogStream"', '"logs:PutLogEvents"', '"logs:CreateLogGroup"'], 'Effect': '"Allow"', 'Resource': ['join("", ["arn:", data.aws_region.current.name, ":logs:", data.aws_region.current.name, ":", data.aws_region.current.name, ":log-group:*"])', 'join("", ["arn:", data.aws_region.current.name, ":logs:", data.aws_region.current.name, ":", data.aws_region.current.name, ":log-group:*:log-stream:*"])']}, {'Action': ['"ec2:DescribeRegions"', '"logs:PutDestination"', '"logs:DeleteDestination"', '"logs:PutDestinationPolicy"'], 'Effect': '"Allow"', 'Resource': '"*"'}, {'Action': '"iam:CreateServiceLinkedRole"', 'Condition': {'StringLike': {'iam:AWSServiceName': '"es.amazonaws.com"'}}, 'Effect': '"Allow"', 'Resource': 'join("", ["arn:", data.aws_region.current.name, ":iam::*:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService*"])'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "HelperRolePolicy175990BAD" | |
| // CF Property(Roles) = ['aws_iam_role.helper_role_d1833_f54.arn'] | |
| } | |
| resource "aws_lambda_function" "helper_lambda_ac9474_f4" { | |
| code_signing_config_arn = { | |
| S3Bucket = "solutions-${data.aws_region.current.name}" | |
| S3Key = "centralized-logging/v4.0.1/asset9b4c683682a0773735625e441eabc438ac1d2b4ef65d28093ba33154aaaa2a66.zip" | |
| } | |
| role = aws_iam_role.helper_role_d1833_f54.arn | |
| description = "centralized-logging - solution helper functions" | |
| environment { | |
| variables = { | |
| LOG_LEVEL = "info" | |
| METRICS_ENDPOINT = local.CLMap["Metric"]["MetricsEndpoint"] | |
| SEND_METRIC = local.CLMap["Metric"]["SendAnonymousMetric"] | |
| CUSTOM_SDK_USER_AGENT = "AwsSolution/SO0009/v4.0.1" | |
| } | |
| } | |
| handler = "index.handler" | |
| runtime = "nodejs14.x" | |
| timeout = "300" | |
| } | |
| resource "aws_iam_role" "helper_providerframeworkon_event_service_role1962_dd43" { | |
| assume_role_policy = { | |
| Statement = [{'Action': '"sts:AssumeRole"', 'Effect': '"Allow"', 'Principal': {'Service': '"lambda.amazonaws.com"'}}] | |
| Version = "2012-10-17" | |
| } | |
| managed_policy_arns = ['join("", ["arn:", data.aws_region.current.name, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"])'] | |
| } | |
| resource "aws_iam_policy" "helper_providerframeworkon_event_service_role_default_policy7_c54367_b" { | |
| policy = { | |
| Statement = [{'Action': '"lambda:InvokeFunction"', 'Effect': '"Allow"', 'Resource': 'aws_lambda_function.helper_lambda_ac9474_f4.arn'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "HelperProviderframeworkonEventServiceRoleDefaultPolicy7C54367B" | |
| // CF Property(Roles) = ['aws_iam_role.helper_providerframeworkon_event_service_role1962_dd43.arn'] | |
| } | |
| resource "aws_lambda_function" "helper_providerframeworkon_event1079_de9_d" { | |
| code_signing_config_arn = { | |
| S3Bucket = "solutions-${data.aws_region.current.name}" | |
| S3Key = "centralized-logging/v4.0.1/assetc691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" | |
| } | |
| role = aws_iam_role.helper_providerframeworkon_event_service_role1962_dd43.arn | |
| description = "AWS CDK resource provider framework - onEvent (CL-PrimaryStack/HelperProvider)" | |
| environment { | |
| variables = { | |
| USER_ON_EVENT_FUNCTION_ARN = aws_lambda_function.helper_lambda_ac9474_f4.arn | |
| } | |
| } | |
| handler = "assetc691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/framework.onEvent" | |
| runtime = "nodejs12.x" | |
| timeout = "900" | |
| } | |
| resource "aws_shield_protection" "create_uuid" { | |
| // CF Property(ServiceToken) = aws_lambda_function.helper_providerframeworkon_event1079_de9_d.arn | |
| } | |
| resource "aws_iam_service_linked_role" "create_es_service_role" { | |
| aws_service_name = aws_lambda_function.helper_providerframeworkon_event1079_de9_d.arn | |
| } | |
| resource "aws_macie2_custom_data_identifier" "launch_data" { | |
| description = "SO0009" | |
| // CF Property(SolutionVersion) = "v4.0.1" | |
| // CF Property(SolutionUuid) = aws_shield_protection.create_uuid.id | |
| maximum_match_distance = "PrimaryStack" | |
| } | |
| resource "aws_cognito_user_pool" "es_user_pool7_dc126_a8" { | |
| account_recovery_setting { | |
| // CF Property(RecoveryMechanisms) = [{'Name': '"verified_email"', 'Priority': '"1"'}] | |
| } | |
| admin_create_user_config = { | |
| AllowAdminCreateUserOnly = "True" | |
| } | |
| auto_verified_attributes = ['"email"'] | |
| email_verification_message = "The verification code to your new account is {####}" | |
| email_verification_subject = "Verify your new account" | |
| password_policy = { | |
| PasswordPolicy = { | |
| MinimumLength = "8" | |
| RequireLowercase = "True" | |
| RequireNumbers = "True" | |
| RequireSymbols = "True" | |
| RequireUppercase = "True" | |
| TemporaryPasswordValidityDays = "3" | |
| } | |
| } | |
| schema = [{'mutable': '"True"', 'name': '"email"', 'required': '"True"'}] | |
| sms_verification_message = "The verification code to your new account is {####}" | |
| username_attributes = ['"email"'] | |
| user_pool_add_ons = { | |
| AdvancedSecurityMode = "ENFORCED" | |
| } | |
| verification_message_template = { | |
| DefaultEmailOption = "CONFIRM_WITH_CODE" | |
| EmailMessage = "The verification code to your new account is {####}" | |
| EmailSubject = "Verify your new account" | |
| SmsMessage = "The verification code to your new account is {####}" | |
| } | |
| } | |
| resource "aws_cognito_user_pool_domain" "es_user_pool_es_cognito_domain4_e1_d658_b" { | |
| domain = join("", [var.domain_name, "-", aws_shield_protection.create_uuid.id]) | |
| user_pool_id = aws_cognito_user_pool.es_user_pool7_dc126_a8.arn | |
| } | |
| resource "aws_cognito_user_pool" "admin_user" { | |
| admin_create_user_config = aws_cognito_user_pool.es_user_pool7_dc126_a8.arn | |
| username_attributes = [{'Name': '"email"', 'Value': 'var.admin_email'}] | |
| name = var.admin_email | |
| } | |
| resource "aws_cognito_identity_pool" "es_identity_pool" { | |
| allow_unauthenticated_identities = False | |
| } | |
| resource "aws_iam_role" "cognito_auth_role7_b7_e27_c0" { | |
| assume_role_policy = { | |
| Statement = [{'Action': '"sts:AssumeRoleWithWebIdentity"', 'Condition': {'StringEquals': {'cognito-identity.amazonaws.com:aud': 'aws_cognito_identity_pool.es_identity_pool.id'}, 'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': '"authenticated"'}}, 'Effect': '"Allow"', 'Principal': {'Federated': '"cognito-identity.amazonaws.com"'}}] | |
| Version = "2012-10-17" | |
| } | |
| } | |
| resource "aws_cognito_identity_pool_roles_attachment" "identity_pool_role_attachment" { | |
| identity_pool_id = aws_cognito_identity_pool.es_identity_pool.id | |
| roles = { | |
| authenticated = aws_iam_role.cognito_auth_role7_b7_e27_c0.arn | |
| } | |
| } | |
| resource "aws_iam_role" "es_cognito_role0_fb5690_b" { | |
| assume_role_policy = { | |
| Statement = [{'Action': '"sts:AssumeRole"', 'Effect': '"Allow"', 'Principal': {'Service': '"es.amazonaws.com"'}}] | |
| Version = "2012-10-17" | |
| } | |
| force_detach_policies = [{'PolicyDocument': {'Statement': [{'Action': ['"cognito-idp:DescribeUserPool"', '"cognito-idp:CreateUserPoolClient"', '"cognito-idp:DeleteUserPoolClient"', '"cognito-idp:DescribeUserPoolClient"', '"cognito-idp:AdminInitiateAuth"', '"cognito-idp:AdminUserGlobalSignOut"', '"cognito-idp:ListUserPoolClients"', '"cognito-identity:DescribeIdentityPool"', '"cognito-identity:UpdateIdentityPool"', '"cognito-identity:SetIdentityPoolRoles"', '"cognito-identity:GetIdentityPoolRoles"'], 'Effect': '"Allow"', 'Resource': '"*"'}], 'Version': '"2012-10-17"'}, 'PolicyName': '"ESCognitoAccess"'}] | |
| } | |
| resource "aws_iam_policy" "es_cognito_role_default_policy007_a3108" { | |
| policy = { | |
| Statement = [{'Action': '"iam:PassRole"', 'Condition': {'StringLike': {'iam:PassedToService': '"cognito-identity.amazonaws.com"'}}, 'Effect': '"Allow"', 'Resource': 'aws_iam_role.es_cognito_role0_fb5690_b.arn'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "ESCognitoRoleDefaultPolicy007A3108" | |
| // CF Property(Roles) = ['aws_iam_role.es_cognito_role0_fb5690_b.arn'] | |
| } | |
| resource "aws_iam_role" "firehose_role_aa67_c190" { | |
| assume_role_policy = { | |
| Statement = [{'Action': '"sts:AssumeRole"', 'Effect': '"Allow"', 'Principal': {'Service': '"firehose.amazonaws.com"'}}] | |
| Version = "2012-10-17" | |
| } | |
| } | |
| resource "aws_iot_thing_group" "vpc_flow_log_group9559_e1_e7" { | |
| // CF Property(RetentionInDays) = "731" | |
| } | |
| resource "aws_iam_role" "flow_role5_e4_ef2_f1" { | |
| assume_role_policy = { | |
| Statement = [{'Action': '"sts:AssumeRole"', 'Effect': '"Allow"', 'Principal': {'Service': '"vpc-flow-logs.amazonaws.com"'}}] | |
| Version = "2012-10-17" | |
| } | |
| } | |
| resource "aws_iam_policy" "flow_role_default_policy_a5122836" { | |
| policy = { | |
| Statement = [{'Action': ['"logs:CreateLogStream"', '"logs:PutLogEvents"', '"logs:DescribeLogStreams"'], 'Effect': '"Allow"', 'Resource': 'aws_iot_thing_group.vpc_flow_log_group9559_e1_e7.arn'}, {'Action': '"iam:PassRole"', 'Effect': '"Allow"', 'Resource': 'aws_iam_role.flow_role5_e4_ef2_f1.arn'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "flowRoleDefaultPolicyA5122836" | |
| // CF Property(Roles) = ['aws_iam_role.flow_role5_e4_ef2_f1.arn'] | |
| } | |
| resource "aws_vpc" "esvpc3_cead2_a7" { | |
| cidr_block = "10.0.0.0/16" | |
| enable_dns_hostnames = "True" | |
| enable_dns_support = "True" | |
| instance_tenancy = "default" | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC"'}] | |
| } | |
| resource "aws_subnet" "esvpces_isolated_subnet_subnet1_subnet_bc48_a527" { | |
| cidr_block = "10.0.0.0/24" | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| availability_zone = element(data.aws_availability_zones.available.names, 0) | |
| map_public_ip_on_launch = False | |
| tags = [{'Key': '"aws-cdk:subnet-name"', 'Value': '"ESIsolatedSubnet"'}, {'Key': '"aws-cdk:subnet-type"', 'Value': '"Isolated"'}, {'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet1"'}] | |
| } | |
| resource "aws_route_table" "esvpces_isolated_subnet_subnet1_route_table122122_fc" { | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet1"'}] | |
| } | |
| resource "aws_route_table_association" "esvpces_isolated_subnet_subnet1_route_table_association9_f413854" { | |
| route_table_id = aws_route_table.esvpces_isolated_subnet_subnet1_route_table122122_fc.id | |
| subnet_id = aws_subnet.esvpces_isolated_subnet_subnet1_subnet_bc48_a527.id | |
| } | |
| resource "aws_subnet" "esvpces_isolated_subnet_subnet2_subnet_f8_d4_db34" { | |
| cidr_block = "10.0.1.0/24" | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| availability_zone = element(data.aws_availability_zones.available.names, 1) | |
| map_public_ip_on_launch = False | |
| tags = [{'Key': '"aws-cdk:subnet-name"', 'Value': '"ESIsolatedSubnet"'}, {'Key': '"aws-cdk:subnet-type"', 'Value': '"Isolated"'}, {'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet2"'}] | |
| } | |
| resource "aws_route_table" "esvpces_isolated_subnet_subnet2_route_table4_a8_b83_e0" { | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet2"'}] | |
| } | |
| resource "aws_route_table_association" "esvpces_isolated_subnet_subnet2_route_table_association_a11_eb5_c0" { | |
| route_table_id = aws_route_table.esvpces_isolated_subnet_subnet2_route_table4_a8_b83_e0.id | |
| subnet_id = aws_subnet.esvpces_isolated_subnet_subnet2_subnet_f8_d4_db34.id | |
| } | |
| resource "aws_subnet" "esvpces_public_subnet_subnet1_subnet12560704" { | |
| cidr_block = "10.0.2.0/24" | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| availability_zone = element(data.aws_availability_zones.available.names, 0) | |
| map_public_ip_on_launch = "True" | |
| tags = [{'Key': '"aws-cdk:subnet-name"', 'Value': '"ESPublicSubnet"'}, {'Key': '"aws-cdk:subnet-type"', 'Value': '"Public"'}, {'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet1"'}] | |
| } | |
| resource "aws_route_table" "esvpces_public_subnet_subnet1_route_table45432090" { | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet1"'}] | |
| } | |
| resource "aws_route_table_association" "esvpces_public_subnet_subnet1_route_table_association1_e172_c60" { | |
| route_table_id = aws_route_table.esvpces_public_subnet_subnet1_route_table45432090.id | |
| subnet_id = aws_subnet.esvpces_public_subnet_subnet1_subnet12560704.id | |
| } | |
| resource "aws_route" "esvpces_public_subnet_subnet1_default_route2_aa9703_d" { | |
| route_table_id = aws_route_table.esvpces_public_subnet_subnet1_route_table45432090.id | |
| destination_cidr_block = "0.0.0.0/0" | |
| gateway_id = aws_internet_gateway.esvpcigw68_e8_aea9.id | |
| } | |
| resource "aws_subnet" "esvpces_public_subnet_subnet2_subnet9_c1_fc6_f7" { | |
| cidr_block = "10.0.3.0/24" | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| availability_zone = element(data.aws_availability_zones.available.names, 1) | |
| map_public_ip_on_launch = "True" | |
| tags = [{'Key': '"aws-cdk:subnet-name"', 'Value': '"ESPublicSubnet"'}, {'Key': '"aws-cdk:subnet-type"', 'Value': '"Public"'}, {'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet2"'}] | |
| } | |
| resource "aws_route_table" "esvpces_public_subnet_subnet2_route_table_ec1_d6_b54" { | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet2"'}] | |
| } | |
| resource "aws_route_table_association" "esvpces_public_subnet_subnet2_route_table_association63160086" { | |
| route_table_id = aws_route_table.esvpces_public_subnet_subnet2_route_table_ec1_d6_b54.id | |
| subnet_id = aws_subnet.esvpces_public_subnet_subnet2_subnet9_c1_fc6_f7.id | |
| } | |
| resource "aws_route" "esvpces_public_subnet_subnet2_default_route93518_dd8" { | |
| route_table_id = aws_route_table.esvpces_public_subnet_subnet2_route_table_ec1_d6_b54.id | |
| destination_cidr_block = "0.0.0.0/0" | |
| gateway_id = aws_internet_gateway.esvpcigw68_e8_aea9.id | |
| } | |
| resource "aws_internet_gateway" "esvpcigw68_e8_aea9" { | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC"'}] | |
| } | |
| resource "aws_vpn_gateway_attachment" "esvpcvpcgw707_ec835" { | |
| vpc_id = aws_internet_gateway.esvpcigw68_e8_aea9.id | |
| } | |
| resource "aws_flow_log" "esvpces_vpc_flow_flow_log10_a9_b76_f" { | |
| eni_id = aws_vpc.esvpc3_cead2_a7.arn | |
| log_destination_type = "cloud-watch-logs" | |
| traffic_type = "ALL" | |
| iam_role_arn = aws_iam_role.flow_role5_e4_ef2_f1.arn | |
| log_group_name = aws_iot_thing_group.vpc_flow_log_group9559_e1_e7.arn | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/ESVPC"'}] | |
| } | |
| resource "aws_security_group" "essge420_b5_a1" { | |
| description = "CL-PrimaryStack/ESSG" | |
| egress = [{'cidr_blocks': 'aws_vpc.esvpc3_cead2_a7.cidr_block', 'description': '"allow outbound https"', 'from_port': '"443"', 'protocol': '"tcp"', 'to_port': '"443"'}] | |
| ingress = [{'cidr_blocks': 'aws_vpc.esvpc3_cead2_a7.cidr_block', 'description': '"allow inbound https traffic"', 'from_port': '"443"', 'protocol': '"tcp"', 'to_port': '"443"'}] | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| } | |
| resource "aws_elasticsearch_domain" "es_domain_b45006_da" { | |
| access_policies = { | |
| Version = "2012-10-17" | |
| Statement = [{'Effect': '"Allow"', 'Action': ['"es:ESHttpGet"', '"es:ESHttpDelete"', '"es:ESHttpPut"', '"es:ESHttpPost"', '"es:ESHttpHead"', '"es:ESHttpPatch"'], 'Principal': {'AWS': 'aws_iam_role.cognito_auth_role7_b7_e27_c0.arn'}, 'Resource': 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", var.domain_name, "/*"])'}, {'Effect': '"Allow"', 'Action': ['"es:DescribeElasticsearchDomain"', '"es:DescribeElasticsearchDomains"', '"es:DescribeElasticsearchDomainConfig"', '"es:ESHttpPost"', '"es:ESHttpPut"', '"es:HttpGet"'], 'Principal': {'AWS': 'aws_iam_role.firehose_role_aa67_c190.arn'}, 'Resource': 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", var.domain_name, "/*"])'}] | |
| } | |
| cognito_options = { | |
| Enabled = "True" | |
| IdentityPoolId = aws_cognito_identity_pool.es_identity_pool.id | |
| RoleArn = aws_iam_role.es_cognito_role0_fb5690_b.arn | |
| UserPoolId = aws_cognito_user_pool.es_user_pool7_dc126_a8.arn | |
| } | |
| domain_endpoint_options = { | |
| EnforceHTTPS = "True" | |
| TLSSecurityPolicy = "Policy-Min-TLS-1-0-2019-07" | |
| } | |
| domain_name = var.domain_name | |
| ebs_options = { | |
| EBSEnabled = "True" | |
| VolumeSize = "10" | |
| VolumeType = "gp2" | |
| } | |
| cluster_config = { | |
| DedicatedMasterCount = "3" | |
| DedicatedMasterEnabled = "True" | |
| DedicatedMasterType = local.ESMap["MasterSize"]["var.cluster_size"] | |
| InstanceCount = local.ESMap["NodeCount"]["var.cluster_size"] | |
| InstanceType = local.ESMap["InstanceSize"]["var.cluster_size"] | |
| ZoneAwarenessConfig = { | |
| AvailabilityZoneCount = "2" | |
| } | |
| ZoneAwarenessEnabled = "True" | |
| } | |
| elasticsearch_version = "7.7" | |
| advanced_options = { | |
| Enabled = "True" | |
| } | |
| log_publishing_options = { | |
| } | |
| node_to_node_encryption = { | |
| Enabled = "True" | |
| } | |
| vpc_options = { | |
| SecurityGroupIds = ['aws_security_group.essge420_b5_a1.id'] | |
| SubnetIds = ['aws_subnet.esvpces_isolated_subnet_subnet1_subnet_bc48_a527.id', 'aws_subnet.esvpces_isolated_subnet_subnet2_subnet_f8_d4_db34.id'] | |
| } | |
| } | |
| resource "aws_iam_policy" "auth_role_policy_ab4_a1_e56" { | |
| policy = { | |
| Statement = [{'Action': ['"es:ESHttpGet"', '"es:ESHttpDelete"', '"es:ESHttpPut"', '"es:ESHttpPost"', '"es:ESHttpHead"', '"es:ESHttpPatch"'], 'Effect': '"Allow"', 'Resource': 'aws_elasticsearch_domain.es_domain_b45006_da.arn'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "authRolePolicyAB4A1E56" | |
| // CF Property(Roles) = ['aws_iam_role.cognito_auth_role7_b7_e27_c0.arn'] | |
| } | |
| resource "aws_sqs_queue" "dlq09_c78_acc" { | |
| kms_master_key_id = "alias/aws/sqs" | |
| } | |
| resource "aws_iam_role" "cl_transformer_service_role016_cad3_c" { | |
| assume_role_policy = { | |
| Statement = [{'Action': '"sts:AssumeRole"', 'Effect': '"Allow"', 'Principal': {'Service': '"lambda.amazonaws.com"'}}] | |
| Version = "2012-10-17" | |
| } | |
| managed_policy_arns = ['join("", ["arn:", data.aws_region.current.name, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"])'] | |
| } | |
| resource "aws_iam_policy" "cl_transformer_service_role_default_policy_c34581_d1" { | |
| policy = { | |
| Statement = [{'Action': '"sqs:SendMessage"', 'Effect': '"Allow"', 'Resource': 'aws_sqs_queue.dlq09_c78_acc.arn'}, {'Action': ['"kinesis:DescribeStreamSummary"', '"kinesis:GetRecords"', '"kinesis:GetShardIterator"', '"kinesis:ListShards"', '"kinesis:SubscribeToShard"'], 'Effect': '"Allow"', 'Resource': 'aws_kinesis_stream.cl_data_stream4_dfb5423.arn'}, {'Action': '"kinesis:DescribeStream"', 'Effect': '"Allow"', 'Resource': 'aws_kinesis_stream.cl_data_stream4_dfb5423.arn'}, {'Action': '"firehose:PutRecordBatch"', 'Effect': '"Allow"', 'Resource': 'aws_kinesis_firehose_delivery_stream.cl_firehose.arn'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "CLTransformerServiceRoleDefaultPolicyC34581D1" | |
| // CF Property(Roles) = ['aws_iam_role.cl_transformer_service_role016_cad3_c.arn'] | |
| } | |
| resource "aws_lambda_function" "cl_transformer433_f8853" { | |
| code_signing_config_arn = { | |
| S3Bucket = "solutions-${data.aws_region.current.name}" | |
| S3Key = "centralized-logging/v4.0.1/assetb9316d9a0f47aa8516cdc62510095e3fcad7da2127a60add35eef432d3e28c30.zip" | |
| } | |
| role = aws_iam_role.cl_transformer_service_role016_cad3_c.arn | |
| dead_letter_config = { | |
| TargetArn = aws_sqs_queue.dlq09_c78_acc.arn | |
| } | |
| description = "centralized-logging - Lambda function to transform log events and send to kinesis firehose" | |
| environment { | |
| variables = { | |
| LOG_LEVEL = "info" | |
| SOLUTION_ID = "SO0009" | |
| SOLUTION_VERSION = "v4.0.1" | |
| UUID = aws_shield_protection.create_uuid.id | |
| CLUSTER_SIZE = var.cluster_size | |
| DELIVERY_STREAM = "CL-Firehose" | |
| METRICS_ENDPOINT = local.CLMap["Metric"]["MetricsEndpoint"] | |
| SEND_METRIC = local.CLMap["Metric"]["SendAnonymousMetric"] | |
| CUSTOM_SDK_USER_AGENT = "AwsSolution/SO0009/v4.0.1" | |
| } | |
| } | |
| handler = "index.handler" | |
| runtime = "nodejs14.x" | |
| timeout = "300" | |
| } | |
| resource "aws_lambda_event_source_mapping" "cl_transformer_kinesis_event_source_cl_primary_stack_cl_data_stream_fc34105_c3_b10_d828" { | |
| function_name = aws_lambda_function.cl_transformer433_f8853.arn | |
| batch_size = "100" | |
| event_source_arn = aws_kinesis_stream.cl_data_stream4_dfb5423.arn | |
| starting_position = "TRIM_HORIZON" | |
| } | |
| resource "aws_sns_topic" "topic_bfc7_af6_e" { | |
| display_name = "CL-Lambda-Error" | |
| kms_master_key_id = join("", ["arn:", data.aws_region.current.name, ":kms:", data.aws_region.current.name, ":", data.aws_region.current.name, ":alias/aws/sns"]) | |
| } | |
| resource "aws_sns_topic_subscription" "topic_token_subscription178_f3_f75_e" { | |
| protocol = "email" | |
| topic_arn = aws_sns_topic.topic_bfc7_af6_e.id | |
| endpoint = var.admin_email | |
| } | |
| resource "aws_cloudwatch_metric_alarm" "cl_lambda_error_alarm289_f6_b50" { | |
| comparison_operator = "GreaterThanOrEqualToThreshold" | |
| evaluation_periods = "1" | |
| alarm_actions = ['aws_sns_topic.topic_bfc7_af6_e.id'] | |
| dimensions = [{'Name': '"FunctionName"', 'Value': 'aws_lambda_function.cl_transformer433_f8853.arn'}] | |
| metric_name = "Errors" | |
| namespace = "AWS/Lambda" | |
| period = "300" | |
| statistic = "Sum" | |
| threshold = "0.05" | |
| } | |
| resource "aws_kinesis_stream" "cl_data_stream4_dfb5423" { | |
| shard_count = "1" | |
| retention_period = "24" | |
| encryption_type = { | |
| EncryptionType = "KMS" | |
| KeyId = "alias/aws/kinesis" | |
| } | |
| } | |
| resource "aws_s3_bucket" "access_logs_bucket83982689" { | |
| acl = "LogDeliveryWrite" | |
| bucket = { | |
| ServerSideEncryptionConfiguration = [{'ServerSideEncryptionByDefault': {'SSEAlgorithm': '"AES256"'}}] | |
| } | |
| grant { | |
| // CF Property(BlockPublicAcls) = "True" | |
| // CF Property(BlockPublicPolicy) = "True" | |
| // CF Property(IgnorePublicAcls) = "True" | |
| uri = "True" | |
| } | |
| } | |
| resource "aws_s3_bucket" "cl_bucket116_f9_f6_b" { | |
| bucket = { | |
| ServerSideEncryptionConfiguration = [{'ServerSideEncryptionByDefault': {'SSEAlgorithm': '"AES256"'}}] | |
| } | |
| logging { | |
| target_bucket = aws_s3_bucket.access_logs_bucket83982689.id | |
| target_prefix = "cl-access-logs" | |
| } | |
| grant { | |
| // CF Property(BlockPublicAcls) = "True" | |
| // CF Property(BlockPublicPolicy) = "True" | |
| // CF Property(IgnorePublicAcls) = "True" | |
| uri = "True" | |
| } | |
| } | |
| resource "aws_s3_bucket_policy" "cl_bucket_policy_f1_df7_d4_f" { | |
| bucket = aws_s3_bucket.cl_bucket116_f9_f6_b.id | |
| policy = { | |
| Statement = [{'Action': ['"s3:Put*"', '"s3:Get*"'], 'Effect': '"Allow"', 'Principal': {'AWS': 'aws_iam_role.firehose_role_aa67_c190.arn'}, 'Resource': ['aws_s3_bucket.cl_bucket116_f9_f6_b.arn', 'join("", [aws_s3_bucket.cl_bucket116_f9_f6_b.arn, "/*"])']}] | |
| Version = "2012-10-17" | |
| } | |
| } | |
| resource "aws_iot_thing_group" "firehose_log_group1_b45149_b" { | |
| name = "/aws/kinesisfirehose/CL-Firehose" | |
| // CF Property(RetentionInDays) = "731" | |
| } | |
| resource "aws_cloudwatch_log_stream" "firehose_es_log_stream_c35_dd04_e" { | |
| log_group_name = aws_iot_thing_group.firehose_log_group1_b45149_b.arn | |
| name = "ElasticsearchDelivery" | |
| } | |
| resource "aws_cloudwatch_log_stream" "firehose_s3_log_stream_b4_dcf7_b1" { | |
| log_group_name = aws_iot_thing_group.firehose_log_group1_b45149_b.arn | |
| name = "S3Delivery" | |
| } | |
| resource "aws_iam_policy" "firehose_policy3_a3_b2_df8" { | |
| policy = { | |
| Statement = [{'Action': ['"s3:AbortMultipartUpload"', '"s3:GetBucketLocation"', '"s3:GetObject"', '"s3:ListBucket"', '"s3:ListBucketMultipartUploads"', '"s3:PutObject"'], 'Effect': '"Allow"', 'Resource': ['join("", ["arn:", data.aws_region.current.name, ":s3:::", aws_s3_bucket.cl_bucket116_f9_f6_b.id])', 'join("", ["arn:", data.aws_region.current.name, ":s3:::", aws_s3_bucket.cl_bucket116_f9_f6_b.id, "/*"])']}, {'Action': ['"kms:GenerateDataKey"', '"kms:Decrypt"'], 'Condition': {'StringEquals': {'kms:ViaService': 'join("", ["s3.", data.aws_region.current.name, ".amazonaws.com"])'}, 'StringLike': {'kms:EncryptionContext:aws:s3:arn': ['join("", ["arn:", data.aws_region.current.name, ":s3:::", aws_s3_bucket.cl_bucket116_f9_f6_b.id, "/*"])']}}, 'Effect': '"Allow"', 'Resource': 'join("", ["arn:", data.aws_region.current.name, ":kms:", data.aws_region.current.name, ":", data.aws_region.current.name, ":key/*"])'}, {'Action': ['"ec2:DescribeVpcs"', '"ec2:DescribeVpcAttribute"', '"ec2:DescribeSubnets"', '"ec2:DescribeSecurityGroups"', '"ec2:DescribeNetworkInterfaces"', '"ec2:CreateNetworkInterface"', '"ec2:CreateNetworkInterfacePermission"', '"ec2:DeleteNetworkInterface"'], 'Effect': '"Allow"', 'Resource': '"*"'}, {'Action': ['"es:DescribeElasticsearchDomain"', '"es:DescribeElasticsearchDomains"', '"es:DescribeElasticsearchDomainConfig"', '"es:ESHttpPost"', '"es:ESHttpPut"'], 'Effect': '"Allow"', 'Resource': ['join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn])', 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/*"])']}, {'Action': '"es:ESHttpGet"', 'Effect': '"Allow"', 'Resource': ['join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_all/_settings"])', 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_cluster/stats"])', 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/cwl-kinesis/_mapping/kinesis"])', 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_nodes"])', 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_nodes/*/stats"])', 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_stats"])', 'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/cwl-kinesis/_stats"])']}, {'Action': ['"logs:PutLogEvents"', '"logs:CreateLogStream"'], 'Effect': '"Allow"', 'Resource': 'aws_iot_thing_group.firehose_log_group1_b45149_b.arn'}, {'Action': '"kms:Decrypt"', 'Condition': {'StringEquals': {'kms:ViaService': 'join("", ["kinesis.", data.aws_region.current.name, ".amazonaws.com"])'}, 'StringLike': {'kms:EncryptionContext:aws:kinesis:arn': 'aws_kinesis_stream.cl_data_stream4_dfb5423.arn'}}, 'Effect': '"Allow"', 'Resource': 'join("", ["arn:", data.aws_region.current.name, ":kms:", data.aws_region.current.name, ":", data.aws_region.current.name, ":key/*"])'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "CL-Firehose-Policy" | |
| // CF Property(Roles) = ['aws_iam_role.firehose_role_aa67_c190.arn'] | |
| } | |
| resource "aws_kinesis_firehose_delivery_stream" "cl_firehose" { | |
| kinesis_source_configuration = { | |
| KeyType = "AWS_OWNED_CMK" | |
| } | |
| name = "CL-Firehose" | |
| type = "DirectPut" | |
| elasticsearch_configuration = { | |
| CloudWatchLoggingOptions = { | |
| Enabled = "True" | |
| LogGroupName = "/aws/kinesisfirehose/CL-Firehose" | |
| LogStreamName = aws_cloudwatch_log_stream.firehose_es_log_stream_c35_dd04_e.arn | |
| } | |
| DomainARN = aws_elasticsearch_domain.es_domain_b45006_da.arn | |
| IndexName = "cwl" | |
| IndexRotationPeriod = "OneDay" | |
| RoleARN = aws_iam_role.firehose_role_aa67_c190.arn | |
| S3BackupMode = "AllDocuments" | |
| S3Configuration = { | |
| BucketARN = aws_s3_bucket.cl_bucket116_f9_f6_b.arn | |
| CloudWatchLoggingOptions = { | |
| Enabled = "True" | |
| LogGroupName = "/aws/kinesisfirehose/CL-Firehose" | |
| LogStreamName = aws_cloudwatch_log_stream.firehose_s3_log_stream_b4_dcf7_b1.arn | |
| } | |
| RoleARN = aws_iam_role.firehose_role_aa67_c190.arn | |
| } | |
| VpcConfiguration = { | |
| RoleARN = aws_iam_role.firehose_role_aa67_c190.arn | |
| SecurityGroupIds = ['aws_security_group.essge420_b5_a1.id'] | |
| SubnetIds = ['aws_subnet.esvpces_isolated_subnet_subnet1_subnet_bc48_a527.id', 'aws_subnet.esvpces_isolated_subnet_subnet2_subnet_f8_d4_db34.id'] | |
| } | |
| } | |
| } | |
| resource "aws_iam_role" "cw_destination_role20_a8055_f" { | |
| assume_role_policy = { | |
| Statement = [{'Effect': '"Allow"', 'Principal': {'Service': '"logs.amazonaws.com"'}, 'Action': '"sts:AssumeRole"'}] | |
| Version = "2012-10-17" | |
| } | |
| } | |
| resource "aws_iam_policy" "cw_dest_policy3_dd10_f82" { | |
| policy = { | |
| Statement = [{'Action': '"kinesis:PutRecord"', 'Effect': '"Allow"', 'Resource': 'aws_kinesis_stream.cl_data_stream4_dfb5423.arn'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "CWDestPolicy3DD10F82" | |
| // CF Property(Roles) = ['aws_iam_role.cw_destination_role20_a8055_f.arn'] | |
| } | |
| resource "aws_iam_policy" "helper_role_policy285_d208_f4" { | |
| policy = { | |
| Statement = [{'Action': '"iam:PassRole"', 'Effect': '"Allow"', 'Resource': 'aws_iam_role.cw_destination_role20_a8055_f.arn'}] | |
| Version = "2012-10-17" | |
| } | |
| name = "HelperRolePolicy285D208F4" | |
| // CF Property(Roles) = ['aws_iam_role.helper_role_d1833_f54.arn'] | |
| } | |
| resource "aws_cloudwatch_log_destination" "cw_destination" { | |
| // CF Property(ServiceToken) = aws_lambda_function.helper_providerframeworkon_event1079_de9_d.arn | |
| // CF Property(Regions) = var.spoke_regions | |
| name = join("", ["CL-Destination-", aws_shield_protection.create_uuid.id]) | |
| role_arn = aws_iam_role.cw_destination_role20_a8055_f.arn | |
| // CF Property(DataStream) = aws_kinesis_stream.cl_data_stream4_dfb5423.arn | |
| // CF Property(SpokeAccounts) = var.spoke_accounts | |
| } | |
| resource "aws_security_group" "cl_jumpbox_jumpbox_sgd93_e94_fc" { | |
| description = "CL-PrimaryStack/CL-Jumpbox/JumpboxSG" | |
| egress = [{'cidr_blocks': '"0.0.0.0/0"', 'description': '"allow outbound https"', 'from_port': '"80"', 'protocol': '"tcp"', 'to_port': '"80"'}, {'cidr_blocks': '"0.0.0.0/0"', 'description': '"allow outbound https"', 'from_port': '"443"', 'protocol': '"tcp"', 'to_port': '"443"'}] | |
| vpc_id = aws_vpc.esvpc3_cead2_a7.arn | |
| } | |
| resource "aws_iam_role" "cl_jumpbox_jumpbox_ec2_instance_role92_dda704" { | |
| assume_role_policy = { | |
| Statement = [{'Action': '"sts:AssumeRole"', 'Effect': '"Allow"', 'Principal': {'Service': 'join("", ["ec2.", data.aws_partition.current.dns_suffix])'}}] | |
| Version = "2012-10-17" | |
| } | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/CL-Jumpbox/JumpboxEC2"'}] | |
| } | |
| resource "aws_iam_instance_profile" "cl_jumpbox_jumpbox_ec2_instance_profile10_a8921_d" { | |
| role = ['aws_iam_role.cl_jumpbox_jumpbox_ec2_instance_role92_dda704.arn'] | |
| } | |
| resource "aws_instance" "cl_jumpbox_jumpbox_ec210_de4297" { | |
| availability_zone = element(data.aws_availability_zones.available.names, 0) | |
| iam_instance_profile = aws_iam_instance_profile.cl_jumpbox_jumpbox_ec2_instance_profile10_a8921_d.arn | |
| private_ip = var.windows_ami | |
| instance_type = "t3.micro" | |
| key_name = var.jumpbox_key | |
| vpc_security_group_ids = ['aws_security_group.cl_jumpbox_jumpbox_sgd93_e94_fc.id'] | |
| subnet_id = aws_subnet.esvpces_public_subnet_subnet1_subnet12560704.id | |
| tags = [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/CL-Jumpbox/JumpboxEC2"'}] | |
| user_data = base64encode(<powershell></powershell>) | |
| } | |
| resource "aws_cloudformation_stack" "cl_demo_stack_nested_stack_cl_demo_stack_nested_stack_resource3_db21482" { | |
| template_url = "https://solutions-reference.s3.amazonaws.com/centralized-logging/v4.0.1/aws-centralized-logging-demo.template" | |
| parameters = { | |
| CWDestinationParm = join("", ["arn:", data.aws_region.current.name, ":logs:", data.aws_region.current.name, ":", data.aws_region.current.name, ":destination:CL-Destination-", aws_shield_protection.create_uuid.id]) | |
| } | |
| } | |
| resource "aws_ecs_task_set" "cdk_metadata" { | |
| // CF Property(Analytics) = "v2:deflate64:H4sIAAAAAAAA/2VTXW/bMAz8LX1X1CUdsNel2VoM2DAv6fquyEzCxhY9fTgIDP/3UZLteOuTjifS5J3opVw+rOSHu8/q4ha6PN93mizIbueVPovNwRTKqho82Bj8UE2D5hjhhkyJHsmItXPgOf+Ybsg4b4P2YhOcp3oLjoLVEEsmPCenRj+Db4LvRRykQ1XLbktVrotnQRXqa5poQt+4lzIaCksHrKAXlar3pZLdUzA6zcZJE/7agvG71Him4z3bC/ewUFGUk0kbx7J7DPoM/lE5EBnG4gHl4zbXPO6FpqNBT7L77cAWRFVMmfAIvlCt0Myv3jPxTLpLnhn9dfzYPI5mrT2beqqZZEvo6GT3nY7PlkITsyfMYOctqHpgc9AL0CvZvTY60q/FRhQWW+VhF/Ymy76hLQUPL2qfHyrzN47dI40quV+EPdvxX2V+RF4uJp+5xUVdh6ZDdFMiniq68JDpSQe4Ax0s656k/UuM6zFfFVZXKedRO1BWn2R3czkjfv0/bNivACEVJsCkYfKFGkyuZMBinLbYjJs2j/nZKwrlRfnYZF0pm1xOoBdnNODQxd9s9H80f7g6oIUTOZBxMKiwBXsdU3T6sxZ2+Iuc5P1vsQTbC0MlyDd33y4/yuUnubp7c4gLG3g9apDbfP4F2FLoQfQDAAA=" | |
| } | |
| output "destination_subscription_command" { | |
| description = "Command to run in spoke accounts/regions" | |
| value = join("", ["aws logs put-subscription-filter --destination-arn arn:", data.aws_region.current.name, ":logs:<region>:", data.aws_region.current.name, ":destination:CL-Destination-", aws_shield_protection.create_uuid.id, " --log-group-name <MyLogGroup> --filter-name <MyFilterName> --filter-pattern <MyFilterPattern> --profile <MyAWSProfile> "]) | |
| } | |
| output "unique_id" { | |
| description = "UUID for Centralized Logging Stack" | |
| value = aws_shield_protection.create_uuid.id | |
| } | |
| output "admin_email" { | |
| description = "Admin Email address" | |
| value = var.admin_email | |
| } | |
| output "domain_name" { | |
| description = "ES Domain Name" | |
| value = var.domain_name | |
| } | |
| output "kibana_url" { | |
| description = "Kibana URL" | |
| value = join("", ["https://", aws_elasticsearch_domain.es_domain_b45006_da.endpoint, "/_plugin/kibana/"]) | |
| } | |
| output "cluster_size" { | |
| description = "ES Cluster Size" | |
| value = var.cluster_size | |
| } | |
| output "demo_deployment" { | |
| description = "Demo data deployed?" | |
| value = var.demo_template | |
| } |
@chunkingz sure thing. Just remember that this will need some manual work before it will validate or deploy with Terraform.
So once again thanks for this tool...I downloaded it to my mac and opened it in vscode, I think there might be a bug with the converter, as you can see from the image above, I duplicated line 40 to line 41, when I get rid of the single quotes and backslashes, the error goes away, even tho it says double quotes, but actually the double quotes dont work.
Dont worry about the error on line 41, that's just an attribute redefined error
So we may want to look into checking if it's CDKMetadataAvailable and not add single quotes?
After manual cleanup of that line, this is what it looks like (when using line breaks).
As we can see, no more errors. Also there's a lot of this reoccurence so manual cleanup would be a bit time consuming since it's a huge template. However, let me know what you think @shadycuz
@chunkingz sure thing. Just remember that this will need some manual work before it will validate or deploy with Terraform.
Oh just seeing this
anytrue is definitely bugged but should be fixable.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@shadycuz awesome man! thanks alot for this! anyway we can keep in touch? I have some more pressing issues at hand if you don't mind.