From 48e5539c45ad0307606fb92cf701e69aa9c36ca3 Mon Sep 17 00:00:00 2001 From: Ryan Deivert Date: Fri, 11 Oct 2019 13:57:29 -0700 Subject: [PATCH 1/3] adding documentation for optional kinesis stream name --- docs/source/clusters.rst | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/docs/source/clusters.rst b/docs/source/clusters.rst index bb98e632b..2ebd82ea7 100644 --- a/docs/source/clusters.rst +++ b/docs/source/clusters.rst @@ -461,15 +461,16 @@ Configuration Options The ``kinesis`` module expects a single key (``streams``) whose value is a dictionary with the following options: -======================= ============ =============== -**Key** **Default** **Description** ------------------------ ------------ --------------- -``create_user`` ``false`` Create an IAM user authorized to ``PutRecords`` on the stream -``retention`` --- Length of time (hours) data records remain in the stream -``shard_level_metrics`` ``[]`` Enable these `enhanced shard-level metrics `_ -``shards`` --- Number of shards (determines stream data capacity) -``trusted_accounts`` ``[]`` Authorize these account IDs to assume an IAM role which can write to the stream -======================= ============ =============== +======================= ============================== =============== +**Key** **Default** **Description** +----------------------- ------------------------------ --------------- +``create_user`` ``false`` Create an IAM user authorized to ``PutRecords`` on the stream +``retention`` --- Length of time (hours) data records remain in the stream +``shard_level_metrics`` ``[]`` Enable these `enhanced shard-level metrics `_ +``shards`` --- Number of shards (determines stream data capacity) +``trusted_accounts`` ``[]`` Authorize these account IDs to assume an IAM role which can write to the stream +``stream_name`` ``PREFIX_CLUSTER_streamalert`` [optional] Custom name for the stream that will be created +======================= ============================== =============== Scaling ~~~~~~~ From 3dbfb6664f417a7eeba2680b404c6bdb14d67da1 Mon Sep 17 00:00:00 2001 From: Ryan Deivert Date: Fri, 11 Oct 2019 14:00:14 -0700 Subject: [PATCH 2/3] nit change --- docs/source/clusters.rst | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/docs/source/clusters.rst b/docs/source/clusters.rst index 2ebd82ea7..18cb8464d 100644 --- a/docs/source/clusters.rst +++ b/docs/source/clusters.rst @@ -461,16 +461,16 @@ Configuration Options The ``kinesis`` module expects a single key (``streams``) whose value is a dictionary with the following options: -======================= ============================== =============== -**Key** **Default** **Description** ------------------------ ------------------------------ --------------- -``create_user`` ``false`` Create an IAM user authorized to ``PutRecords`` on the stream -``retention`` --- Length of time (hours) data records remain in the stream -``shard_level_metrics`` ``[]`` Enable these `enhanced shard-level metrics `_ -``shards`` --- Number of shards (determines stream data capacity) -``trusted_accounts`` ``[]`` Authorize these account IDs to assume an IAM role which can write to the stream -``stream_name`` ``PREFIX_CLUSTER_streamalert`` [optional] Custom name for the stream that will be created -======================= ============================== =============== +======================= ================================== =============== +**Key** **Default** **Description** +----------------------- ---------------------------------- --------------- +``create_user`` ``false`` Create an IAM user authorized to ``PutRecords`` on the stream +``retention`` --- Length of time (hours) data records remain in the stream +``shard_level_metrics`` ``[]`` Enable these `enhanced shard-level metrics `_ +``shards`` --- Number of shards (determines stream data capacity) +``trusted_accounts`` ``[]`` Authorize these account IDs to assume an IAM role which can write to the stream +``stream_name`` ``__streamalert`` [optional] Custom name for the stream that will be created +======================= ================================== =============== Scaling ~~~~~~~ @@ -589,16 +589,16 @@ for StreamAlert consumption. Configuration Options ~~~~~~~~~~~~~~~~~~~~~ -===================== ========================================== =============== -**Key** **Default** **Description** ---------------------- ------------------------------------------ --------------- -``cross_account_ids`` ``[]`` Authorize flow log delivery from these accounts -``enabled`` --- Toggle flow log creation -``enis`` ``[]`` Add flow logs for these ENIs -``log_group_name`` ``"PREFIX_CLUSTER_streamalert_flow_logs"`` Flow logs are directed to this log group -``subnets`` ``[]`` Add flow logs for these VPC subnet IDs -``vpcs`` ``[]`` Add flow logs for these VPC IDs -===================== ========================================== =============== +===================== ============================================ =============== +**Key** **Default** **Description** +--------------------- -------------------------------------------- --------------- +``cross_account_ids`` ``[]`` Authorize flow log delivery from these accounts +``enabled`` --- Toggle flow log creation +``enis`` ``[]`` Add flow logs for these ENIs +``log_group_name`` ``__streamalert_flow_logs`` Flow logs are directed to this log group +``subnets`` ``[]`` Add flow logs for these VPC subnet IDs +``vpcs`` ``[]`` Add flow logs for these VPC IDs +===================== ============================================ =============== .. _s3_events: From b6f7af7a957658c4f80483a692daff42412d60f1 Mon Sep 17 00:00:00 2001 From: Ryan Deivert Date: Fri, 11 Oct 2019 14:03:20 -0700 Subject: [PATCH 3/3] fixing iam group prefix --- terraform/modules/tf_kinesis_streams/iam.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/tf_kinesis_streams/iam.tf b/terraform/modules/tf_kinesis_streams/iam.tf index 9ed9931b3..1e925e9cf 100644 --- a/terraform/modules/tf_kinesis_streams/iam.tf +++ b/terraform/modules/tf_kinesis_streams/iam.tf @@ -14,7 +14,7 @@ resource "aws_iam_user" "streamalert" { resource "aws_iam_group" "streamalert" { count = "${var.create_user ? 1 : 0}" name = "${var.prefix}_${var.cluster}_streamalert_users" - path = "/" + path = "/streamalert/" } // IAM Group Membership: Assign streamalert user to group