A terraform module connecting AWS account to Lightlytics built by Kaltura.
environment= variable environmentaccount_id= variable nameaws_region= variable aws_regionvpc_id= variable vpc_idendpoint_subnet_ids= variable subnets ids for VPC Endpointlightlytics_api_url= "https://< ORGANIZATION NAME >-${var.aws_region}-pvl.lightlytics.com"lightlytics_external_api_url= "https://< ORGANIZATION NAME >.lightlytics.com"lightlytics_endpoint_service_name= GET FROM LIGHTLYTICS AFTER THEY CREATE IT PER REGION\ACCOUNTlambda_init_s3_source_code_bucket= "<Lightlytics_S3_Bucket>-${var.aws_region}"lambda_init_s3_source_code_key= S3_Keylambda_layer_source_code_bucket= "<Lightlytics_S3_Bucket>-${var.aws_region}"lambda_layer_source_code_key= S3_Keylambda_flow_logs_s3_source_code_bucket= "<Lightlytics_S3_Bucket>-${var.aws_region}"lambda_flow_logs_s3_source_code_key= S3_Keylambda_cloud_watch_s3_source_code_bucket= "<Lightlytics_S3_Bucket>-${var.aws_region}"lambda_cloud_watch_s3_source_code_key= S3_Keylightlytics_account= variable lightlytics_accountLightlyticsInternalAccountId= variable LightlyticsInternalAccountIdlightlytics_account_externalID= variable lightlytics_account_externalIDlightlytics_auth_token= variable lightlytics_auth_tokencollection_token= variable collection_token
module "lightlytics" {
source = "github.com/kaltura/ovp-tf-module-lightlytics/<VERSION>"
environment =
account_id =
aws_region =
vpc_id =
endpoint_subnet_ids =
lightlytics_api_url =
lightlytics_external_api_url =
lightlytics_endpoint_service_name =
lambda_init_s3_source_code_bucket = "<LightLytics_S3_Bucket_Name>-${var.aws_region}"
lambda_init_s3_source_code_key = "<Lambda_S3_Key_Name>"
lambda_layer_source_code_bucket = "<LightLytics_S3_Bucket_Name>-${var.aws_region}"
lambda_layer_source_code_key = "<Lambda_S3_Key_Name>"
lambda_flow_logs_s3_source_code_bucket = "<LightLytics_S3_Bucket_Name>-${var.aws_region}"
lambda_flow_logs_s3_source_code_key = "<Lambda_S3_Key_Name>"
lambda_cloud_watch_s3_source_code_bucket = "<LightLytics_S3_Bucket_Name>-${var.aws_region}"
lambda_cloud_watch_s3_source_code_key = "<Lambda_S3_Key_Name>"
lightlytics_account =
LightlyticsInternalAccountId =
lightlytics_account_externalID =
lightlytics_auth_token =
collection_token =
tags {
"Environment" = "${var.environment}"
}
}-
MUST BE SIGNED IN BROWSER TO THE ACCOUNT YOU ARE ABOUT TO ADD
-
Under the relevant Workspace --> Settings "mechanical wheel" --> "Integrations" --> Click the plus sign "+" to add and account --> Input the Account ID + display name and click "Add Account" --> click the "Launch Stack" which will open it in the AWS Account and navigate to the URL which points to the CloudFormation.yaml --> click "Continue" --> click "Close and Cancel"
-
North Virginia has to be added as a default region in Lightlytics
-
Get the values and update them in the Secret Manager - "lightlytics-secrets":
- LightlyticsInternalAccountId
- AccountAuthToken
- LightlyticsCollectionToken
- ExternalId
-
The following vars are taken from the main tf.state:
- variable "environment" {}
- variable "account_id" {}
- variable "aws_region" {}
- variable "vpc_id" {}
- variable "endpoint_subnet_ids" {}
-
VAR - might change\need update:
- lightlytics_account
- Lambda source code and key:
- s3_bucket = "prod-lightlytics-artifacts-us-east-1"
- s3_key - depending on the lambda
- lightlytics_api_url
- lightlytics_external_api_url
- lightlytics_endpoint_service_name
-
Lambda
- Init - Scans initially (and nightly) the entire AWS account and sends data to Lightlytics
- CloudWatch - Creates a CloudWatch rule to monitor events and sends data to Lightlytics In real time
- FLowLogs - Monitors S3 bucket and sends the flow logs to Lightlytics
- collect_flow_logs_enabled -
true\false- select your requirements
- collect_flow_logs_enabled -
-
Curl command that enables the Account
curl -X POST '${var.lightlytics_external_api_url}/graphql' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${var.lightlytics_auth_token}' \
-d '{"query":"mutation AccountAcknowledge($input: AccountAckInput){\r\n accountAcknowledge(account: $input)\r\n }","variables": {"input": {"lightlytics_internal_account_id":"${var.LightlyticsInternalAccountId}","role_arn":"arn:aws:iam::${var.account_id}:role/${var.environment}-lightlytics-role","account_type":"AWS","account_aliases":"","aws_account_id":"${var.account_id}","stack_region":"${var.aws_region}","stack_id":"","init_stack_version":1}}}'- Lambda
- IAM Policy & Roles
- Var
- VPC Flow Logs & S3 Bucket
- Cloud Watch Rule
- curl
- New Cloud Watch Rules
- Flow Logs S3 Bucket LifeCycle Rule
- Extracted S3 Lambda source + Key
- Lambda Batch updates from 1000 to 4000
- Changed Lambda to send the FlowLogs + CloudWatch logs via AWS VPC Endpoint
Thank you for helping Kaltura grow! If you'd like to contribute please follow these steps:
- Use the repository issues tracker to report bugs or feature requests
- Read Contributing Code to the Kaltura Platform
- Sign the Kaltura Contributor License Agreement
- Join the Kaltura Community Forums to ask questions or start discussions
- Read the Code of conduct and be patient and respectful
You can learn more about Kaltura and start a free trial at: http://corp.kaltura.com
Contact us via Twitter @Kaltura or email: community@kaltura.com
We'd love to hear from you!
All code in this project is released under the AGPLv3 license unless a different license for a particular library is specified in the applicable library path.
Copyright © Kaltura Inc. All rights reserved.
@denlitvakka Authors and contributors: See GitHub contributors list.
| Name | Version |
|---|---|
| aws | 3.70.0 |
| null | 3.1.0 |
| time | n/a |