generated from dynatrace-oss/template-project
-
Notifications
You must be signed in to change notification settings - Fork 5
/
eventbridge-cross-region-or-account-forward-rules.yaml
214 lines (196 loc) · 8.28 KB
/
eventbridge-cross-region-or-account-forward-rules.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
AWSTemplateFormatVersion: "2010-09-09"
Description: |
dynatrace-aws-s3-log-forwarder-eventbridge-cross-region-or-account-notification-forward-rules
This template deploys an Amazon EventBridge rule to forward S3 Object Created notifications
to the AWS EventBridge event bus in the AWS account and/or region region where the dynatrace-aws-s3-log-forwader
is deployed.
For more information: https://github.com/dynatrace-oss/dynatrace-aws-s3-log-forwarder
Metadata:
License:
Description: |
Copyright 2022 Dynatrace LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Version:
Description: dev
Instructions:
Description: |
Deploy this template on the AWS Account and/or region where your S3 bucket is (different than
where the dynatrace-aws-s3-log-forwarder is deployed). LogBucketPrefix# parameters
are optional, only use them if you want to narrow down forwarding Object Created events for
specific prefixes in your S3 bucket.
You can find the CrossRegionCrossAccountEventBusArn on the Cloudformation outputs
of your dynatrace-aws-s3-log-forwarder stack.
Example AWS CLI command:
aws cloudformation deploy \
--template-file eventbridge-cross-region-or-account-forward-rules.yaml \
--stack-name dynatrace-aws-s3-log-forwarder-cross-account-notifications-{your-bucket-name} \
--parameter-overrides CrossRegionCrossAccountEventBusArn={event-bus-arn} \
LogsBucketName={your-bucket-name} \
LogsBucketPrefix1={optional-bucket-prefix-1}/ \
LogsBucketPrefix2={optional-bucket-prefix-2}/ \
LogsBucketPrefix3={optional-bucket-prefix-3}/ \
--capabilities CAPABILITY_IAM \
--region {region_of_your_s3-bucket}
If your bucket is on a different AWS account than where the dynatrace-aws-s3-log-forwarder is deployed, you can use the
--profile {aws_credentials_profile_of_the_account_where_the_bucket_is} parameter on the above command to
deploy the stack on the right AWS account. For further information, check the AWS CLI docs:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-using-profiles
Once deployed, configure your S3 Bucket to send notifications to Amazon EventBridge following instructions here:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications-eventbridge.html
Then, deploy the dynatrace-aws-s3-log-forwarder-s3-bucket-configuration.yaml template for this S3 bucket on the AWS account
and/or region where the dynatrace-aws-s3-log-forwarder is deployed.
Parameters:
CrossRegionCrossAccountEventBusArn:
Type: String
Description: "ARN of the dynatrace-aws-s3-log-forwarder Event Bus for cross-account and cross-region events, e.g. arn:aws:events:us-east-1:0123456789:event-bus/dynatrace-aws-s3-log-forwarder-{your_forwarder_stack_name}-cross-region-cross-account-s3-events"
LogsBucketName:
Type: String
Description: Name of the S3 bucket to send "New Object Created" notifications to the dynatrace-aws-s3-log-forwarder
AllowedPattern: "^[0-9a-z]+([0-9a-z-.]{1,61}[0-9a-z])$"
LogsBucketPrefix1:
Type: String
Description: Prefix 1 to send logs from
Default: ""
LogsBucketPrefix2:
Type: String
Description: Prefix 2 to send logs from
Default: ""
LogsBucketPrefix3:
Type: String
Description: Prefix 3 to send logs from
Default: ""
LogsBucketPrefix4:
Type: String
Description: Prefix 4 to send logs from
Default: ""
LogsBucketPrefix5:
Type: String
Description: Prefix 5 to send logs from
Default: ""
LogsBucketPrefix6:
Type: String
Description: Prefix 6 to send logs from
Default: ""
LogsBucketPrefix7:
Type: String
Description: Prefix 7 to send logs from
Default: ""
LogsBucketPrefix8:
Type: String
Description: Prefix 8 to send logs from
Default: ""
LogsBucketPrefix9:
Type: String
Description: Prefix 9 to send logs from
Default: ""
LogsBucketPrefix10:
Type: String
Description: Prefix 10 to send logs from
Default: ""
Conditions:
FirstS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix1, ""]]
SecondS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix2, ""]]
ThirdS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix3, ""]]
FourthS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix4, ""]]
FithS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix5, ""]]
SixthS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix6, ""]]
SeventhS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix7, ""]]
EighthS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix8, ""]]
NinethS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix9, ""]]
TenthS3PrefixSpecified: !Not [!Equals [!Ref LogsBucketPrefix10, ""]]
Resources:
LogsBucketForwardToRegionRule:
Type: AWS::Events::Rule
Properties:
Name:
!Join
- "-"
- - "dt-s3-log-fwd-to"
# Get AWS Account Id from ARN
- !Select [4, !Split [':', !Ref CrossRegionCrossAccountEventBusArn]]
# Get AWS Region from ARN
- !Select [3, !Split [':', !Ref CrossRegionCrossAccountEventBusArn]]
# Get "random" string from AWS::StackId
- !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]
EventBusName: default
State: ENABLED
EventPattern:
source:
- "aws.s3"
detail-type:
- "Object Created"
detail:
bucket:
name:
- !Ref LogsBucketName
object:
key:
- !If
- FirstS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix1
- prefix: ""
- !If
- SecondS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix2
- !Ref AWS::NoValue
- !If
- ThirdS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix3
- !Ref AWS::NoValue
- !If
- FourthS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix4
- !Ref AWS::NoValue
- !If
- FithS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix5
- !Ref AWS::NoValue
- !If
- SixthS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix6
- !Ref AWS::NoValue
- !If
- EighthS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix8
- !Ref AWS::NoValue
- !If
- NinethS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix9
- !Ref AWS::NoValue
- !If
- TenthS3PrefixSpecified
- prefix: !Ref LogsBucketPrefix10
- !Ref AWS::NoValue
Targets:
- Id: "CrossRegionCrossAccountEventBus"
Arn: !Ref CrossRegionCrossAccountEventBusArn
RoleArn: !GetAtt EventBridgeCrossRegionIamRole.Arn
EventBridgeCrossRegionIamRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- events.amazonaws.com
Action:
- 'sts:AssumeRole'
Policies:
- PolicyName: FwdNotificationsToRegion
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "events:PutEvents"
Resource: !Ref CrossRegionCrossAccountEventBusArn