refactor files

ericdahl · Aug 9, 2020 · 2b6e79a · 2b6e79a
1 parent b191d21
commit 2b6e79a
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 87 deletions.
diff --git a/ecs_service_fargate_httpbin.tf b/ecs_service_fargate_httpbin.tf
@@ -88,6 +88,12 @@ resource "aws_lb_target_group" "httpbin" {
   }
 }
 
+# Logs from fluent-bit sidecar on httpbin service
+resource "aws_cloudwatch_log_group" "httpbin" {
+  name = "/ecs/httpbin-fargate-firelens-firehose"
+  retention_in_days = 7
+}
+
 resource "aws_route53_record" "httpbin" {
   zone_id = var.route53_zone_id
   name    = "httpbin"

diff --git a/iam_firehose_splunk.tf b/iam_firehose_splunk.tf
@@ -0,0 +1,74 @@
+
+resource "aws_iam_role" "firehose_splunk" {
+  name = "firehose-stream-splunk"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "firehose.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_policy" "firehose_splunk" {
+  name = "firehose-stream-splunk"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+
+  {
+            "Effect": "Allow",
+            "Action": [
+                "s3:AbortMultipartUpload",
+                "s3:GetBucketLocation",
+                "s3:GetObject",
+                "s3:ListBucket",
+                "s3:ListBucketMultipartUploads",
+                "s3:PutObject"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.httpbin.arn}",
+                "${aws_s3_bucket.httpbin.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kinesis:DescribeStream",
+                "kinesis:GetShardIterator",
+                "kinesis:GetRecords"
+            ],
+            "Resource": "${aws_kinesis_firehose_delivery_stream.splunk.arn}"
+        },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents"
+      ],
+      "Resource": "*"
+    }
+
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_role_policy_attachment" "httpbin" {
+  role       = aws_iam_role.firehose_splunk.name
+  policy_arn = aws_iam_policy.firehose_splunk.arn
+}
diff --git a/kinesis_firehose_splunk.tf b/kinesis_firehose_splunk.tf
@@ -1,10 +1,10 @@
-resource "aws_kinesis_firehose_delivery_stream" "httpbin" {
-  name = "httpbin-fargate-firelens-app"
+resource "aws_kinesis_firehose_delivery_stream" "splunk" {
+  name = "splunk"
 
   destination = "splunk"
 
   s3_configuration {
-    role_arn           = aws_iam_role.httpbin.arn
+    role_arn           = aws_iam_role.firehose_splunk.arn
     bucket_arn         = aws_s3_bucket.httpbin.arn
     buffer_size        = 10
     buffer_interval    = 400
@@ -17,88 +17,6 @@ resource "aws_kinesis_firehose_delivery_stream" "httpbin" {
 
     retry_duration = 30
   }
-
-}
-
-resource "aws_cloudwatch_log_group" "httpbin" {
-  name = "/ecs/httpbin-fargate-firelens-firehose"
-
-  retention_in_days = 7
-}
-
-
-resource "aws_iam_role" "httpbin" {
-  name = "httpbin-fargate-firehose"
-
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "firehose.amazonaws.com"
-      },
-      "Effect": "Allow",
-      "Sid": ""
-    }
-  ]
-}
-EOF
-
-}
-
-resource "aws_iam_policy" "httpbin" {
-  name = "httpbin"
-
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-
-  {
-            "Effect": "Allow",
-            "Action": [
-                "s3:AbortMultipartUpload",
-                "s3:GetBucketLocation",
-                "s3:GetObject",
-                "s3:ListBucket",
-                "s3:ListBucketMultipartUploads",
-                "s3:PutObject"
-            ],
-            "Resource": [
-                "${aws_s3_bucket.httpbin.arn}",
-                "${aws_s3_bucket.httpbin.arn}/*"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "kinesis:DescribeStream",
-                "kinesis:GetShardIterator",
-                "kinesis:GetRecords"
-            ],
-            "Resource": "${aws_kinesis_firehose_delivery_stream.httpbin.arn}"
-        },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "logs:CreateLogGroup",
-        "logs:CreateLogStream",
-        "logs:PutLogEvents"
-      ],
-      "Resource": "*"
-    }
-
-  ]
-}
-EOF
-
-}
-
-resource "aws_iam_role_policy_attachment" "httpbin" {
-  role       = aws_iam_role.httpbin.name
-  policy_arn = aws_iam_policy.httpbin.arn
 }
 
 resource "aws_s3_bucket" "httpbin" {

diff --git a/templates/httpbin-fargate-firehose.json b/templates/httpbin-fargate-firehose.json
@@ -19,7 +19,7 @@
       "options": {
         "Name": "firehose",
         "region": "us-east-1",
-        "delivery_stream": "httpbin-fargate-firelens-app"
+        "delivery_stream": "splunk"
       }
     }
   },
@@ -37,7 +37,7 @@
       "options": {
         "Name": "firehose",
         "region": "us-east-1",
-        "delivery_stream": "httpbin-fargate-firelens-app"
+        "delivery_stream": "splunk"
       }
     }
   },