Fix: [AEA-5895] - forward apigw logs to csoc (#2316)

## Summary

- Routine Change

### Details

- forward apigw logs to csoc

Author: anthony-nhs

.github/scripts/release_code.sh

@@ -71,4 +71,5 @@ sam deploy \
             NotifyRoutingPlanIDValue="$NOTIFY_ROUTING_PLAN_ID" \
             NotifyAPIBaseURLValue="$NOTIFY_API_BASE_URL" \
             RequireApplicationName="$REQUIRE_APPLICATION_NAME" \
-            EnableBackup="$ENABLE_BACKUP"
+            EnableBackup="$ENABLE_BACKUP" \
+            ForwardCsocLogs="$FORWARD_CSOC_LOGS"

.github/workflows/ci.yml

@@ -90,6 +90,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
@@ -129,6 +130,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -165,6 +167,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/pull_request.yml

@@ -118,6 +118,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: true
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
@@ -152,6 +153,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: true
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}

.github/workflows/release.yml

@@ -89,6 +89,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
@@ -127,6 +128,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
@@ -170,6 +172,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
@@ -213,6 +216,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
@@ -251,6 +255,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
       DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
@@ -289,6 +294,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }}
@@ -334,6 +340,7 @@ jobs:
       NOTIFY_API_BASE_URL: "https://api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
+      FORWARD_CSOC_LOGS: true
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_DEPLOY_ROLE }}
       DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}

.github/workflows/run_release_code_and_api.yml

@@ -102,6 +102,9 @@ on:
       MTLS_KEY:
         type: string
         required: true
+      FORWARD_CSOC_LOGS:
+        required: true
+        type: boolean
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE:
         required: true
@@ -203,6 +206,7 @@ jobs:
           BLOCKED_SITE_ODS_CODES: ${{ inputs.BLOCKED_SITE_ODS_CODES }}
           NOTIFY_ROUTING_PLAN_ID: ${{ inputs.NOTIFY_ROUTING_PLAN_ID }}
           NOTIFY_API_BASE_URL: ${{ inputs.NOTIFY_API_BASE_URL }}
+          FORWARD_CSOC_LOGS: ${{ inputs.FORWARD_CSOC_LOGS }}
         run: ./release_code.sh
 
       - name: get mtls secrets

SAMtemplates/apis/api_resources.yaml

@@ -19,10 +19,17 @@ Parameters:
   EnableSplunk:
     Type: String
 
+  ForwardCsocLogs:
+    Type: String
+    Default: false
+
 Conditions:
   ShouldUseSplunk: !Equals
     - true
     - !Ref EnableSplunk
+  ShouldForwardCsocLogs: !Equals
+    - true
+    - !Ref ForwardCsocLogs
 
 Resources:
   ApiGwRole:
@@ -65,6 +72,15 @@ Resources:
       FilterPattern: ""
       DestinationArn: !ImportValue lambda-resources:SplunkDeliveryStream
 
+  ApiGwAccessLogsCsocSubscriptionFilter:
+    Condition: ShouldForwardCsocLogs
+    Type: AWS::Logs::SubscriptionFilter
+    Properties:
+      RoleArn: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
+      LogGroupName: !Ref ApiGwAccessLogs
+      FilterPattern: ""
+      DestinationArn: "arn:aws:logs:eu-west-2:693466633220:destination:api_gateway_log_destination"
+
 Outputs:
   ApiGwRoleArn:
     Description: The API GW role ARN

SAMtemplates/apis/main.yaml

@@ -61,7 +61,7 @@ Parameters:
   NHSNotifyUpdateCallbackFunctionArn:
     Type: String
     Default: none
-    
+
   LogRetentionInDays:
     Type: Number
 
@@ -71,6 +71,9 @@ Parameters:
   DeployCheckPrescriptionStatusUpdate:
     Type: String
 
+  ForwardCsocLogs:
+    Type: String
+    Default: false
 Conditions:
   ShouldUseMutualTLS: !Equals
     - true
@@ -573,8 +576,7 @@ Resources:
       TracingEnabled: true
       AccessLogSetting:
         DestinationArn: !GetAtt RestApiGatewayResources.Outputs.ApiGwAccessLogsArn
-        Format: '{ "requestTime": "$context.requestTime", "apiId": "$context.apiId", "accountId": "$context.accountId", "resourcePath": "$context.resourcePath", "stage": "$context.stage", "requestId": "$context.requestId", "extendedRequestId": "$context.extendedRequestId", "status": "$context.status", "httpMethod": "$context.httpMethod", "protocol": "$context.protocol", "path": "$context.path", "responseLatency": "$context.responseLatency", "responseLength": "$context.responseLength", "domainName": "$context.domainName", "identity": { "sourceIp": "$context.identity.sourceIp", "userAgent": "$context.identity.userAgent", "clientCert":{ "subjectDN": "$context.identity.clientCert.subjectDN", "issuerDN": "$context.identity.clientCert.issuerDN", "serialNumber": "$context.identity.clientCert.serialNumber", "validityNotBefore": "$context.identity.clientCert.validity.notBefore", "validityNotAfter": "$context.identity.clientCert.validity.notAfter" }}, "integration":{ "error": "$context.integration.error", "integrationStatus": "$context.integration.integrationStatus", "latency": "$context.integration.latency", "requestId": "$context.integration.requestId", "status": "$context.integration.status" }}'
-
+        Format: '{ "requestId": "$context.requestId", "ip": "$context.identity.sourceIp", "caller":"$context.identity.caller", "user":"$context.identity.user","requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath", "status":"$context.status","protocol":"$context.protocol", "responseLength":"$context.responseLength", "accountId":"$context.accountId", "apiId":"$context.apiId", "stage" : "$context.stage", "api_key" : "$context.identity.apiKey", "identity": { "sourceIp": "$context.identity.sourceIp", "userAgent": "$context.identity.userAgent", "clientCert":{ "subjectDN": "$context.identity.clientCert.subjectDN", "issuerDN": "$context.identity.clientCert.issuerDN", "serialNumber": "$context.identity.clientCert.serialNumber", "validityNotBefore": "$context.identity.clientCert.validity.notBefore", "validityNotAfter": "$context.identity.clientCert.validity.notAfter" }}, "integration":{ "error": "$context.integration.error", "integrationStatus": "$context.integration.integrationStatus", "latency": "$context.integration.latency", "requestId": "$context.integration.requestId", "status": "$context.integration.status" } }'
   RestApiDomainMapping:
     Type: AWS::ApiGateway::BasePathMapping
     Properties:
@@ -602,3 +604,4 @@ Resources:
         ApiName: !Sub ${StackName}-apigw
         LogRetentionInDays: !Ref LogRetentionInDays
         EnableSplunk: !Ref EnableSplunk
+        ForwardCsocLogs: !Ref ForwardCsocLogs

SAMtemplates/main_template.yaml

@@ -137,6 +137,13 @@ Parameters:
       - true
       - false
 
+  ForwardCsocLogs:
+    Type: String
+    Default: false
+    AllowedValues:
+      - true
+      - false
+
 Resources:
   Secrets:
     Type: AWS::Serverless::Application
@@ -198,6 +205,7 @@ Resources:
         LogRetentionInDays: !Ref LogRetentionInDays
         EnableSplunk: !Ref EnableSplunk
         DeployCheckPrescriptionStatusUpdate: !Ref DeployCheckPrescriptionStatusUpdate
+        ForwardCsocLogs: !Ref ForwardCsocLogs
 
   Functions:
     Type: AWS::Serverless::Application