From 500956237f9eee95243b922ec509a571c0f83964 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 2 May 2025 11:07:48 +0100 Subject: [PATCH 1/9] CCM-8197: Cross Account Observability --- .../modules/observability-source/README.md | 33 ++++++++++ .../iam_role_log_subscription_role.tf | 42 +++++++++++++ .../modules/observability-source/locals.tf | 23 +++++++ .../oam_link_cross_account_obs.tf | 61 +++++++++++++++++++ .../modules/observability-source/outputs.tf | 4 ++ .../modules/observability-source/variables.tf | 57 +++++++++++++++++ .../modules/observability-source/versions.tf | 9 +++ 7 files changed, 229 insertions(+) create mode 100644 infrastructure/modules/observability-source/README.md create mode 100644 infrastructure/modules/observability-source/iam_role_log_subscription_role.tf create mode 100644 infrastructure/modules/observability-source/locals.tf create mode 100644 infrastructure/modules/observability-source/oam_link_cross_account_obs.tf create mode 100644 infrastructure/modules/observability-source/outputs.tf create mode 100644 infrastructure/modules/observability-source/variables.tf create mode 100644 infrastructure/modules/observability-source/versions.tf diff --git a/infrastructure/modules/observability-source/README.md b/infrastructure/modules/observability-source/README.md new file mode 100644 index 0000000..fd67d61 --- /dev/null +++ b/infrastructure/modules/observability-source/README.md @@ -0,0 +1,33 @@ + + + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.9.0 | +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes | +| [component](#input\_component) | The name of the terraformscaffold component calling this module | `string` | n/a | yes | +| [default\_tags](#input\_default\_tags) | Default tag map for application to all taggable resources in the module | `map(string)` | `{}` | no | +| [environment](#input\_environment) | The name of the terraformscaffold environment the module is called for | `string` | n/a | yes | +| [name](#input\_name) | A unique name to distinguish this module invocation from others within the same CSI scope | `string` | n/a | yes | +| [oam\_sink\_id](#input\_oam\_sink\_id) | The ID of the Cloudwatch OAM sink in the appropriate observability account. | `string` | `""` | no | +| [observability\_account\_id](#input\_observability\_account\_id) | The Observability Account ID that needs access | `string` | n/a | yes | +| [project](#input\_project) | The name of the terraformscaffold project calling the module | `string` | n/a | yes | +| [region](#input\_region) | The AWS Region | `string` | n/a | yes | +## Modules + +No modules. +## Outputs + +| Name | Description | +|------|-------------| +| [log\_subscription\_role\_arn](#output\_log\_subscription\_role\_arn) | The ARN of the log subscription IAM role. | + + + diff --git a/infrastructure/modules/observability-source/iam_role_log_subscription_role.tf b/infrastructure/modules/observability-source/iam_role_log_subscription_role.tf new file mode 100644 index 0000000..698fa19 --- /dev/null +++ b/infrastructure/modules/observability-source/iam_role_log_subscription_role.tf @@ -0,0 +1,42 @@ +resource "aws_iam_role" "log_subscription_role" { + name = "${local.csi}-log-subscription-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Effect = "Allow" + Principal = { + Service = "logs.${var.region}.amazonaws.com" + } + Action = "sts:AssumeRole" + } + ] + }) +} + +resource "aws_iam_policy" "log_subscription_policy" { + name = "${local.csi}-log-subscription-policy" + description = "Policy for log subscription to send logs to the destination" + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Effect = "Allow" + Action = [ + "logs:PutSubscriptionFilter", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ] + Resource = "arn:aws:logs:${var.region}:${var.observability_account_id}:destination:nhs-notify-main-acct-firehose-logs" + } + ] + }) +} + +resource "aws_iam_role_policy_attachment" "log_subscription_policy_attachment" { + role = aws_iam_role.log_subscription_role.name + policy_arn = aws_iam_policy.log_subscription_policy.arn +} diff --git a/infrastructure/modules/observability-source/locals.tf b/infrastructure/modules/observability-source/locals.tf new file mode 100644 index 0000000..796ad69 --- /dev/null +++ b/infrastructure/modules/observability-source/locals.tf @@ -0,0 +1,23 @@ +locals { + module = "eventpub" + + csi = replace( + format( + "%s-%s-%s-%s", + var.project, + var.environment, + var.component, + var.name, + ), + "_", + "", + ) + default_tags = merge( + var.default_tags, + { + Module = local.module + Name = local.csi + }, + ) + +} diff --git a/infrastructure/modules/observability-source/oam_link_cross_account_obs.tf b/infrastructure/modules/observability-source/oam_link_cross_account_obs.tf new file mode 100644 index 0000000..7d86dbd --- /dev/null +++ b/infrastructure/modules/observability-source/oam_link_cross_account_obs.tf @@ -0,0 +1,61 @@ +resource "aws_oam_link" "cross_account_obs" { + count = var.oam_sink_id != "" ? 1 : 0 + label_template = "$AccountName" + resource_types = [ + "AWS::CloudWatch::Metric", + "AWS::Logs::LogGroup" + ] + sink_identifier = "arn:aws:oam:${var.region}:${var.observability_account_id}:sink/${var.oam_sink_id}" + tags = var.default_tags +} + +data "aws_iam_policy" "cloudwatch_read_only" { + count = var.oam_sink_id != "" ? 1 : 0 + name = "CloudWatchReadOnlyAccess" +} + +data "aws_iam_policy" "cloudwatch_automatic_dashboards" { + count = var.oam_sink_id != "" ? 1 : 0 + name = "CloudWatchAutomaticDashboardsAccess" +} + +data "aws_iam_policy" "aws_xray_read_only" { + count = var.oam_sink_id != "" ? 1 : 0 + name = "AWSXrayReadOnlyAccess" +} + +data "aws_iam_policy_document" "cross_account_obs_assume_role_policy" { + count = var.oam_sink_id != "" ? 1 : 0 + statement { + effect = "Allow" + principals { + type = "AWS" + identifiers = [var.observability_account_id] + } + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "cross_account_obs_role" { + count = var.oam_sink_id != "" ? 1 : 0 + name = "CloudWatch-CrossAccountSharingRole" + assume_role_policy = data.aws_iam_policy_document.cross_account_obs_assume_role_policy[0].json +} + +resource "aws_iam_role_policy_attachment" "cloudwatch_read_only_attachment" { + count = var.oam_sink_id != "" ? 1 : 0 + policy_arn = data.aws_iam_policy.cloudwatch_read_only[0].arn + role = aws_iam_role.cross_account_obs_role[0].name +} + +resource "aws_iam_role_policy_attachment" "cloudwatch_automatic_dashboards_attachment" { + count = var.oam_sink_id != "" ? 1 : 0 + policy_arn = data.aws_iam_policy.cloudwatch_automatic_dashboards[0].arn + role = aws_iam_role.cross_account_obs_role[0].name +} + +resource "aws_iam_role_policy_attachment" "aws_xray_read_only_attachment" { + count = var.oam_sink_id != "" ? 1 : 0 + policy_arn = data.aws_iam_policy.aws_xray_read_only[0].arn + role = aws_iam_role.cross_account_obs_role[0].name +} diff --git a/infrastructure/modules/observability-source/outputs.tf b/infrastructure/modules/observability-source/outputs.tf new file mode 100644 index 0000000..b82647f --- /dev/null +++ b/infrastructure/modules/observability-source/outputs.tf @@ -0,0 +1,4 @@ +output "log_subscription_role_arn" { + description = "The ARN of the log subscription IAM role." + value = aws_iam_role.log_subscription_role.arn +} diff --git a/infrastructure/modules/observability-source/variables.tf b/infrastructure/modules/observability-source/variables.tf new file mode 100644 index 0000000..ebd44bc --- /dev/null +++ b/infrastructure/modules/observability-source/variables.tf @@ -0,0 +1,57 @@ +## +# Basic inherited variables for terraformscaffold modules +## + +variable "project" { + type = string + description = "The name of the terraformscaffold project calling the module" +} + +variable "environment" { + type = string + description = "The name of the terraformscaffold environment the module is called for" +} + +variable "component" { + type = string + description = "The name of the terraformscaffold component calling this module" +} + +variable "aws_account_id" { + type = string + description = "The AWS Account ID (numeric)" +} + +## +# Variable specific to the module +## + +# We presume this will always be specified. The default of {} will cause an error if a valid map is not specified. +# If we ever want to define this but allow it to not be specified, then we must provide a default tag keypair will be applied +# as the true default. In any other case default_tags should be removed from the module. +variable "default_tags" { + type = map(string) + description = "Default tag map for application to all taggable resources in the module" + default = {} +} + +variable "region" { + type = string + description = "The AWS Region" +} + +variable "name" { + type = string + description = "A unique name to distinguish this module invocation from others within the same CSI scope" +} + +variable "oam_sink_id" { + description = "The ID of the Cloudwatch OAM sink in the appropriate observability account." + type = string + default = "" +} + +variable "observability_account_id" { + type = string + description = "The Observability Account ID that needs access" +} diff --git a/infrastructure/modules/observability-source/versions.tf b/infrastructure/modules/observability-source/versions.tf new file mode 100644 index 0000000..f8dc86e --- /dev/null +++ b/infrastructure/modules/observability-source/versions.tf @@ -0,0 +1,9 @@ + +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 1.9.0" +} From a502ab988692a9425eff0757917226837661ba60 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 2 May 2025 11:14:40 +0100 Subject: [PATCH 2/9] CCM-8197: Cross Account Observability --- .../{observability-source => observability-datasource}/README.md | 0 .../iam_role_log_subscription_role.tf | 0 .../{observability-source => observability-datasource}/locals.tf | 0 .../oam_link_cross_account_obs.tf | 0 .../{observability-source => observability-datasource}/outputs.tf | 0 .../variables.tf | 0 .../versions.tf | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename infrastructure/modules/{observability-source => observability-datasource}/README.md (100%) rename infrastructure/modules/{observability-source => observability-datasource}/iam_role_log_subscription_role.tf (100%) rename infrastructure/modules/{observability-source => observability-datasource}/locals.tf (100%) rename infrastructure/modules/{observability-source => observability-datasource}/oam_link_cross_account_obs.tf (100%) rename infrastructure/modules/{observability-source => observability-datasource}/outputs.tf (100%) rename infrastructure/modules/{observability-source => observability-datasource}/variables.tf (100%) rename infrastructure/modules/{observability-source => observability-datasource}/versions.tf (100%) diff --git a/infrastructure/modules/observability-source/README.md b/infrastructure/modules/observability-datasource/README.md similarity index 100% rename from infrastructure/modules/observability-source/README.md rename to infrastructure/modules/observability-datasource/README.md diff --git a/infrastructure/modules/observability-source/iam_role_log_subscription_role.tf b/infrastructure/modules/observability-datasource/iam_role_log_subscription_role.tf similarity index 100% rename from infrastructure/modules/observability-source/iam_role_log_subscription_role.tf rename to infrastructure/modules/observability-datasource/iam_role_log_subscription_role.tf diff --git a/infrastructure/modules/observability-source/locals.tf b/infrastructure/modules/observability-datasource/locals.tf similarity index 100% rename from infrastructure/modules/observability-source/locals.tf rename to infrastructure/modules/observability-datasource/locals.tf diff --git a/infrastructure/modules/observability-source/oam_link_cross_account_obs.tf b/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf similarity index 100% rename from infrastructure/modules/observability-source/oam_link_cross_account_obs.tf rename to infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf diff --git a/infrastructure/modules/observability-source/outputs.tf b/infrastructure/modules/observability-datasource/outputs.tf similarity index 100% rename from infrastructure/modules/observability-source/outputs.tf rename to infrastructure/modules/observability-datasource/outputs.tf diff --git a/infrastructure/modules/observability-source/variables.tf b/infrastructure/modules/observability-datasource/variables.tf similarity index 100% rename from infrastructure/modules/observability-source/variables.tf rename to infrastructure/modules/observability-datasource/variables.tf diff --git a/infrastructure/modules/observability-source/versions.tf b/infrastructure/modules/observability-datasource/versions.tf similarity index 100% rename from infrastructure/modules/observability-source/versions.tf rename to infrastructure/modules/observability-datasource/versions.tf From 8d245d47a427ba87f02f122c3b9ea6bfb2bbcaae Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 2 May 2025 11:48:24 +0100 Subject: [PATCH 3/9] CCM-8197: Cross Account Observability --- .../observability-datasource/README.md | 2 + .../oam_link_cross_account_obs.tf | 45 +++++++++++-------- .../observability-datasource/variables.tf | 16 +++++++ 3 files changed, 44 insertions(+), 19 deletions(-) diff --git a/infrastructure/modules/observability-datasource/README.md b/infrastructure/modules/observability-datasource/README.md index fd67d61..862be7e 100644 --- a/infrastructure/modules/observability-datasource/README.md +++ b/infrastructure/modules/observability-datasource/README.md @@ -15,6 +15,8 @@ | [component](#input\_component) | The name of the terraformscaffold component calling this module | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | Default tag map for application to all taggable resources in the module | `map(string)` | `{}` | no | | [environment](#input\_environment) | The name of the terraformscaffold environment the module is called for | `string` | n/a | yes | +| [log\_group\_configuration](#input\_log\_group\_configuration) | Configuration for filtering log groups in the link configuration. | 
object({
    filter = string
  })
| `null` | no | +| [metric\_configuration](#input\_metric\_configuration) | Configuration for filtering metrics in the link configuration. | 
object({
    filter = string
  })
| `null` | no | | [name](#input\_name) | A unique name to distinguish this module invocation from others within the same CSI scope | `string` | n/a | yes | | [oam\_sink\_id](#input\_oam\_sink\_id) | The ID of the Cloudwatch OAM sink in the appropriate observability account. | `string` | `""` | no | | [observability\_account\_id](#input\_observability\_account\_id) | The Observability Account ID that needs access | `string` | n/a | yes | diff --git a/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf b/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf index 7d86dbd..d63ccea 100644 --- a/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf +++ b/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf @@ -1,5 +1,4 @@ resource "aws_oam_link" "cross_account_obs" { - count = var.oam_sink_id != "" ? 1 : 0 label_template = "$AccountName" resource_types = [ "AWS::CloudWatch::Metric", @@ -7,25 +6,37 @@ resource "aws_oam_link" "cross_account_obs" { ] sink_identifier = "arn:aws:oam:${var.region}:${var.observability_account_id}:sink/${var.oam_sink_id}" tags = var.default_tags + + link_configuration { + dynamic "log_group_configuration" { + for_each = var.log_group_configuration != null ? [var.log_group_configuration] : [] + content { + filter = log_group_configuration.value.filter + } + } + + dynamic "metric_configuration" { + for_each = var.metric_configuration != null ? [var.metric_configuration] : [] + content { + filter = metric_configuration.value.filter + } + } + } } data "aws_iam_policy" "cloudwatch_read_only" { - count = var.oam_sink_id != "" ? 1 : 0 - name = "CloudWatchReadOnlyAccess" + name = "CloudWatchReadOnlyAccess" } data "aws_iam_policy" "cloudwatch_automatic_dashboards" { - count = var.oam_sink_id != "" ? 1 : 0 - name = "CloudWatchAutomaticDashboardsAccess" + name = "CloudWatchAutomaticDashboardsAccess" } data "aws_iam_policy" "aws_xray_read_only" { - count = var.oam_sink_id != "" ? 1 : 0 - name = "AWSXrayReadOnlyAccess" + name = "AWSXrayReadOnlyAccess" } data "aws_iam_policy_document" "cross_account_obs_assume_role_policy" { - count = var.oam_sink_id != "" ? 1 : 0 statement { effect = "Allow" principals { @@ -37,25 +48,21 @@ data "aws_iam_policy_document" "cross_account_obs_assume_role_policy" { } resource "aws_iam_role" "cross_account_obs_role" { - count = var.oam_sink_id != "" ? 1 : 0 name = "CloudWatch-CrossAccountSharingRole" - assume_role_policy = data.aws_iam_policy_document.cross_account_obs_assume_role_policy[0].json + assume_role_policy = data.aws_iam_policy_document.cross_account_obs_assume_role_policy.json } resource "aws_iam_role_policy_attachment" "cloudwatch_read_only_attachment" { - count = var.oam_sink_id != "" ? 1 : 0 - policy_arn = data.aws_iam_policy.cloudwatch_read_only[0].arn - role = aws_iam_role.cross_account_obs_role[0].name + policy_arn = data.aws_iam_policy.cloudwatch_read_only.arn + role = aws_iam_role.cross_account_obs_role.name } resource "aws_iam_role_policy_attachment" "cloudwatch_automatic_dashboards_attachment" { - count = var.oam_sink_id != "" ? 1 : 0 - policy_arn = data.aws_iam_policy.cloudwatch_automatic_dashboards[0].arn - role = aws_iam_role.cross_account_obs_role[0].name + policy_arn = data.aws_iam_policy.cloudwatch_automatic_dashboards.arn + role = aws_iam_role.cross_account_obs_role.name } resource "aws_iam_role_policy_attachment" "aws_xray_read_only_attachment" { - count = var.oam_sink_id != "" ? 1 : 0 - policy_arn = data.aws_iam_policy.aws_xray_read_only[0].arn - role = aws_iam_role.cross_account_obs_role[0].name + policy_arn = data.aws_iam_policy.aws_xray_read_only.arn + role = aws_iam_role.cross_account_obs_role.name } diff --git a/infrastructure/modules/observability-datasource/variables.tf b/infrastructure/modules/observability-datasource/variables.tf index ebd44bc..e1b241e 100644 --- a/infrastructure/modules/observability-datasource/variables.tf +++ b/infrastructure/modules/observability-datasource/variables.tf @@ -55,3 +55,19 @@ variable "observability_account_id" { type = string description = "The Observability Account ID that needs access" } + +variable "log_group_configuration" { + description = "Configuration for filtering log groups in the link configuration." + type = object({ + filter = string + }) + default = null +} + +variable "metric_configuration" { + description = "Configuration for filtering metrics in the link configuration." # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/oam_link#link_configuration-block + type = object({ + filter = string + }) + default = null +} From 2b095cc3ee297758a5699ac7326bee3605b36c34 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 2 May 2025 11:50:03 +0100 Subject: [PATCH 4/9] CCM-8197: Cross Account Observability --- infrastructure/modules/observability-datasource/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/modules/observability-datasource/variables.tf b/infrastructure/modules/observability-datasource/variables.tf index e1b241e..5171567 100644 --- a/infrastructure/modules/observability-datasource/variables.tf +++ b/infrastructure/modules/observability-datasource/variables.tf @@ -57,7 +57,7 @@ variable "observability_account_id" { } variable "log_group_configuration" { - description = "Configuration for filtering log groups in the link configuration." + description = "Configuration for filtering log groups in the link configuration." # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/oam_link#link_configuration-block type = object({ filter = string }) From f9c41d571fbccfc855018f73eaded0eebaa0e374 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Fri, 2 May 2025 11:55:54 +0100 Subject: [PATCH 5/9] CCM-8197: Cross Account Observability --- .../modules/observability-datasource/README.md | 1 + .../oam_link_cross_account_obs.tf | 5 +---- .../modules/observability-datasource/variables.tf | 9 +++++++++ 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/infrastructure/modules/observability-datasource/README.md b/infrastructure/modules/observability-datasource/README.md index 862be7e..2ce7fee 100644 --- a/infrastructure/modules/observability-datasource/README.md +++ b/infrastructure/modules/observability-datasource/README.md @@ -22,6 +22,7 @@ | [observability\_account\_id](#input\_observability\_account\_id) | The Observability Account ID that needs access | `string` | n/a | yes | | [project](#input\_project) | The name of the terraformscaffold project calling the module | `string` | n/a | yes | | [region](#input\_region) | The AWS Region | `string` | n/a | yes | +| [resource\_types](#input\_resource\_types) | The resource types to include in the OAM link. | `list(string)` | 
[
  "AWS::CloudWatch::Metric",
  "AWS::Logs::LogGroup"
]
| no | ## Modules No modules. diff --git a/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf b/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf index d63ccea..b0c062f 100644 --- a/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf +++ b/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf @@ -1,9 +1,6 @@ resource "aws_oam_link" "cross_account_obs" { label_template = "$AccountName" - resource_types = [ - "AWS::CloudWatch::Metric", - "AWS::Logs::LogGroup" - ] + resource_types = var.resource_types sink_identifier = "arn:aws:oam:${var.region}:${var.observability_account_id}:sink/${var.oam_sink_id}" tags = var.default_tags diff --git a/infrastructure/modules/observability-datasource/variables.tf b/infrastructure/modules/observability-datasource/variables.tf index 5171567..14f01d5 100644 --- a/infrastructure/modules/observability-datasource/variables.tf +++ b/infrastructure/modules/observability-datasource/variables.tf @@ -71,3 +71,12 @@ variable "metric_configuration" { }) default = null } + +variable "resource_types" { + type = list(string) + description = "The resource types to include in the OAM link." + default = [ + "AWS::CloudWatch::Metric", + "AWS::Logs::LogGroup" + ] +} From a2d09ac50040205a7c6c88e988253fc8f34f4653 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Tue, 6 May 2025 10:19:40 +0100 Subject: [PATCH 6/9] CCM-8197: Cross Account Observability --- example/main.tf | 23 +++++++++++++++++++ .../observability-datasource/locals.tf | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 example/main.tf diff --git a/example/main.tf b/example/main.tf new file mode 100644 index 0000000..5ad7ce5 --- /dev/null +++ b/example/main.tf @@ -0,0 +1,23 @@ +module "observability_datasource" { + source = "../infrastructure/modules/observability-datasource" + + project = "example-project" + environment = "dev" + component = "observability" + aws_account_id = "123456789012" + region = "us-east-1" + name = "example-datasource" + oam_sink_id = "example-sink-id" + observability_account_id = "098765432109" + default_tags = { Owner = "team-example", Environment = "dev" } + resource_types = [ + "AWS::CloudWatch::Metric", + "AWS::Logs::LogGroup" + ] + log_group_configuration = { + filter = "example-log-group-filter" + } + metric_configuration = { + filter = "example-metric-filter" + } +} diff --git a/infrastructure/modules/observability-datasource/locals.tf b/infrastructure/modules/observability-datasource/locals.tf index 796ad69..11734e2 100644 --- a/infrastructure/modules/observability-datasource/locals.tf +++ b/infrastructure/modules/observability-datasource/locals.tf @@ -1,5 +1,5 @@ locals { - module = "eventpub" + module = "obersvability-datasource" csi = replace( format( From f537f396a50842dfe70e67313a1f95155c7d7788 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Tue, 6 May 2025 10:27:05 +0100 Subject: [PATCH 7/9] CCM-8197: Cross Account Observability --- .../{observability-datasource => obs-datasouce}/README.md | 0 .../iam_role_log_subscription_role.tf | 0 .../{observability-datasource => obs-datasouce}/locals.tf | 2 +- .../oam_link_cross_account_obs.tf | 0 .../{observability-datasource => obs-datasouce}/outputs.tf | 0 .../{observability-datasource => obs-datasouce}/variables.tf | 0 .../{observability-datasource => obs-datasouce}/versions.tf | 0 7 files changed, 1 insertion(+), 1 deletion(-) rename infrastructure/modules/{observability-datasource => obs-datasouce}/README.md (100%) rename infrastructure/modules/{observability-datasource => obs-datasouce}/iam_role_log_subscription_role.tf (100%) rename infrastructure/modules/{observability-datasource => obs-datasouce}/locals.tf (88%) rename infrastructure/modules/{observability-datasource => obs-datasouce}/oam_link_cross_account_obs.tf (100%) rename infrastructure/modules/{observability-datasource => obs-datasouce}/outputs.tf (100%) rename infrastructure/modules/{observability-datasource => obs-datasouce}/variables.tf (100%) rename infrastructure/modules/{observability-datasource => obs-datasouce}/versions.tf (100%) diff --git a/infrastructure/modules/observability-datasource/README.md b/infrastructure/modules/obs-datasouce/README.md similarity index 100% rename from infrastructure/modules/observability-datasource/README.md rename to infrastructure/modules/obs-datasouce/README.md diff --git a/infrastructure/modules/observability-datasource/iam_role_log_subscription_role.tf b/infrastructure/modules/obs-datasouce/iam_role_log_subscription_role.tf similarity index 100% rename from infrastructure/modules/observability-datasource/iam_role_log_subscription_role.tf rename to infrastructure/modules/obs-datasouce/iam_role_log_subscription_role.tf diff --git a/infrastructure/modules/observability-datasource/locals.tf b/infrastructure/modules/obs-datasouce/locals.tf similarity index 88% rename from infrastructure/modules/observability-datasource/locals.tf rename to infrastructure/modules/obs-datasouce/locals.tf index 11734e2..f3bdfa0 100644 --- a/infrastructure/modules/observability-datasource/locals.tf +++ b/infrastructure/modules/obs-datasouce/locals.tf @@ -1,5 +1,5 @@ locals { - module = "obersvability-datasource" + module = "obs-datasource" csi = replace( format( diff --git a/infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf b/infrastructure/modules/obs-datasouce/oam_link_cross_account_obs.tf similarity index 100% rename from infrastructure/modules/observability-datasource/oam_link_cross_account_obs.tf rename to infrastructure/modules/obs-datasouce/oam_link_cross_account_obs.tf diff --git a/infrastructure/modules/observability-datasource/outputs.tf b/infrastructure/modules/obs-datasouce/outputs.tf similarity index 100% rename from infrastructure/modules/observability-datasource/outputs.tf rename to infrastructure/modules/obs-datasouce/outputs.tf diff --git a/infrastructure/modules/observability-datasource/variables.tf b/infrastructure/modules/obs-datasouce/variables.tf similarity index 100% rename from infrastructure/modules/observability-datasource/variables.tf rename to infrastructure/modules/obs-datasouce/variables.tf diff --git a/infrastructure/modules/observability-datasource/versions.tf b/infrastructure/modules/obs-datasouce/versions.tf similarity index 100% rename from infrastructure/modules/observability-datasource/versions.tf rename to infrastructure/modules/obs-datasouce/versions.tf From 2c259f8f067712d5d0b15c02b9259e0d6d195916 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Tue, 6 May 2025 10:30:02 +0100 Subject: [PATCH 8/9] CCM-8197: Cross Account Observability --- example/main.tf | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 example/main.tf diff --git a/example/main.tf b/example/main.tf deleted file mode 100644 index 5ad7ce5..0000000 --- a/example/main.tf +++ /dev/null @@ -1,23 +0,0 @@ -module "observability_datasource" { - source = "../infrastructure/modules/observability-datasource" - - project = "example-project" - environment = "dev" - component = "observability" - aws_account_id = "123456789012" - region = "us-east-1" - name = "example-datasource" - oam_sink_id = "example-sink-id" - observability_account_id = "098765432109" - default_tags = { Owner = "team-example", Environment = "dev" } - resource_types = [ - "AWS::CloudWatch::Metric", - "AWS::Logs::LogGroup" - ] - log_group_configuration = { - filter = "example-log-group-filter" - } - metric_configuration = { - filter = "example-metric-filter" - } -} From 3a86589080c40efcc718bceadc1263825dca9b16 Mon Sep 17 00:00:00 2001 From: jamesthompson26-nhs Date: Tue, 6 May 2025 10:35:09 +0100 Subject: [PATCH 9/9] CCM-8197: Cross Account Observability --- .../modules/{obs-datasouce => obs-datasource}/README.md | 0 .../iam_role_log_subscription_role.tf | 0 .../modules/{obs-datasouce => obs-datasource}/locals.tf | 0 .../oam_link_cross_account_obs.tf | 0 .../modules/{obs-datasouce => obs-datasource}/outputs.tf | 0 .../modules/{obs-datasouce => obs-datasource}/variables.tf | 0 .../modules/{obs-datasouce => obs-datasource}/versions.tf | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename infrastructure/modules/{obs-datasouce => obs-datasource}/README.md (100%) rename infrastructure/modules/{obs-datasouce => obs-datasource}/iam_role_log_subscription_role.tf (100%) rename infrastructure/modules/{obs-datasouce => obs-datasource}/locals.tf (100%) rename infrastructure/modules/{obs-datasouce => obs-datasource}/oam_link_cross_account_obs.tf (100%) rename infrastructure/modules/{obs-datasouce => obs-datasource}/outputs.tf (100%) rename infrastructure/modules/{obs-datasouce => obs-datasource}/variables.tf (100%) rename infrastructure/modules/{obs-datasouce => obs-datasource}/versions.tf (100%) diff --git a/infrastructure/modules/obs-datasouce/README.md b/infrastructure/modules/obs-datasource/README.md similarity index 100% rename from infrastructure/modules/obs-datasouce/README.md rename to infrastructure/modules/obs-datasource/README.md diff --git a/infrastructure/modules/obs-datasouce/iam_role_log_subscription_role.tf b/infrastructure/modules/obs-datasource/iam_role_log_subscription_role.tf similarity index 100% rename from infrastructure/modules/obs-datasouce/iam_role_log_subscription_role.tf rename to infrastructure/modules/obs-datasource/iam_role_log_subscription_role.tf diff --git a/infrastructure/modules/obs-datasouce/locals.tf b/infrastructure/modules/obs-datasource/locals.tf similarity index 100% rename from infrastructure/modules/obs-datasouce/locals.tf rename to infrastructure/modules/obs-datasource/locals.tf diff --git a/infrastructure/modules/obs-datasouce/oam_link_cross_account_obs.tf b/infrastructure/modules/obs-datasource/oam_link_cross_account_obs.tf similarity index 100% rename from infrastructure/modules/obs-datasouce/oam_link_cross_account_obs.tf rename to infrastructure/modules/obs-datasource/oam_link_cross_account_obs.tf diff --git a/infrastructure/modules/obs-datasouce/outputs.tf b/infrastructure/modules/obs-datasource/outputs.tf similarity index 100% rename from infrastructure/modules/obs-datasouce/outputs.tf rename to infrastructure/modules/obs-datasource/outputs.tf diff --git a/infrastructure/modules/obs-datasouce/variables.tf b/infrastructure/modules/obs-datasource/variables.tf similarity index 100% rename from infrastructure/modules/obs-datasouce/variables.tf rename to infrastructure/modules/obs-datasource/variables.tf diff --git a/infrastructure/modules/obs-datasouce/versions.tf b/infrastructure/modules/obs-datasource/versions.tf similarity index 100% rename from infrastructure/modules/obs-datasouce/versions.tf rename to infrastructure/modules/obs-datasource/versions.tf