Skip to content

Commit 6d72649

Browse files
anthony-nhsanthony-nhs
authored
Fix: [AEA-5895] - forward apigw logs to csoc (#2130)
## Summary - Routine Change ### Details - forward apigw logs to csoc
1 parent 32d8e51 commit 6d72649

File tree

8 files changed

+64
-21
lines changed

8 files changed

+64
-21
lines changed

.github/scripts/release_code.sh

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,4 +48,5 @@ sam deploy \
4848
Env="$TARGET_ENVIRONMENT" \
4949
ToggleGetStatusUpdates="$TOGGLE_GET_STATUS_UPDATES" \
5050
EnableAlerts="$ENABLE_ALERTS" \
51-
StateMachineLogLevel="$STATE_MACHINE_LOG_LEVEL"
51+
StateMachineLogLevel="$STATE_MACHINE_LOG_LEVEL" \
52+
ForwardCsocLogs="$FORWARD_CSOC_LOGS"

.github/workflows/ci.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,7 @@ jobs:
7878
STATE_MACHINE_LOG_LEVEL: ALL
7979
RUN_REGRESSION_TESTS: true
8080
REGRESSION_TEST_PRODUCT: PFP-APIGEE
81+
FORWARD_CSOC_LOGS: false
8182
secrets:
8283
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
8384
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -105,6 +106,7 @@ jobs:
105106
LOG_RETENTION_DAYS: 30
106107
STATE_MACHINE_LOG_LEVEL: ALL
107108
RUN_REGRESSION_TESTS: false
109+
FORWARD_CSOC_LOGS: false
108110
secrets:
109111
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
110112
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -138,6 +140,7 @@ jobs:
138140
STATE_MACHINE_LOG_LEVEL: ALL
139141
RUN_REGRESSION_TESTS: true
140142
REGRESSION_TEST_PRODUCT: PFP-APIGEE
143+
FORWARD_CSOC_LOGS: false
141144
secrets:
142145
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
143146
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/pull_request.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@ jobs:
105105
STATE_MACHINE_LOG_LEVEL: ALL
106106
RUN_REGRESSION_TESTS: true
107107
REGRESSION_TEST_PRODUCT: PFP-AWS
108+
FORWARD_CSOC_LOGS: false
108109
secrets:
109110
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
110111
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -128,6 +129,7 @@ jobs:
128129
LOG_RETENTION_DAYS: 30
129130
STATE_MACHINE_LOG_LEVEL: ALL
130131
RUN_REGRESSION_TESTS: false
132+
FORWARD_CSOC_LOGS: false
131133
secrets:
132134
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
133135
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/release.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@ jobs:
7474
STATE_MACHINE_LOG_LEVEL: ALL
7575
RUN_REGRESSION_TESTS: true
7676
REGRESSION_TEST_PRODUCT: PFP-APIGEE
77+
FORWARD_CSOC_LOGS: false
7778
secrets:
7879
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
7980
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -101,6 +102,7 @@ jobs:
101102
LOG_RETENTION_DAYS: 30
102103
STATE_MACHINE_LOG_LEVEL: ALL
103104
RUN_REGRESSION_TESTS: false
105+
FORWARD_CSOC_LOGS: false
104106
secrets:
105107
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
106108
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -133,6 +135,7 @@ jobs:
133135
ENABLE_ALERTS: true
134136
STATE_MACHINE_LOG_LEVEL: ERROR
135137
RUN_REGRESSION_TESTS: false
138+
FORWARD_CSOC_LOGS: false
136139
secrets:
137140
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
138141
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -166,6 +169,7 @@ jobs:
166169
STATE_MACHINE_LOG_LEVEL: ALL
167170
RUN_REGRESSION_TESTS: true
168171
REGRESSION_TEST_PRODUCT: PFP-APIGEE
172+
FORWARD_CSOC_LOGS: false
169173
secrets:
170174
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
171175
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -194,6 +198,7 @@ jobs:
194198
STATE_MACHINE_LOG_LEVEL: ALL
195199
RUN_REGRESSION_TESTS: true
196200
REGRESSION_TEST_PRODUCT: PFP-APIGEE
201+
FORWARD_CSOC_LOGS: false
197202
secrets:
198203
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
199204
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -221,6 +226,7 @@ jobs:
221226
LOG_RETENTION_DAYS: 30
222227
RUN_REGRESSION_TESTS: false
223228
STATE_MACHINE_LOG_LEVEL: ALL
229+
FORWARD_CSOC_LOGS: false
224230
secrets:
225231
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
226232
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -249,6 +255,7 @@ jobs:
249255
RUN_REGRESSION_TESTS: false
250256
ENABLE_ALERTS: true
251257
STATE_MACHINE_LOG_LEVEL: ERROR
258+
FORWARD_CSOC_LOGS: true
252259
secrets:
253260
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
254261
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/sam_release_code.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,9 @@ on:
6363
type: string
6464
REGRESSION_TEST_PRODUCT:
6565
type: string
66+
FORWARD_CSOC_LOGS:
67+
required: true
68+
type: boolean
6669
secrets:
6770
CLOUD_FORMATION_DEPLOY_ROLE:
6871
required: true
@@ -142,6 +145,7 @@ jobs:
142145
TOGGLE_GET_STATUS_UPDATES: ${{ inputs.TOGGLE_GET_STATUS_UPDATES }}
143146
ENABLE_ALERTS: ${{ inputs.ENABLE_ALERTS }}
144147
STATE_MACHINE_LOG_LEVEL: ${{ inputs.STATE_MACHINE_LOG_LEVEL }}
148+
FORWARD_CSOC_LOGS: ${{ inputs.FORWARD_CSOC_LOGS }}
145149
run: ./release_code.sh
146150

147151
- name: create_int_release_notes

SAMtemplates/apis/api_resources.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,17 @@ Parameters:
1818

1919
EnableSplunk:
2020
Type: String
21+
ForwardCsocLogs:
22+
Type: String
23+
Default: false
2124

2225
Conditions:
2326
ShouldUseSplunk: !Equals
2427
- true
2528
- !Ref EnableSplunk
29+
ShouldForwardCsocLogs: !Equals
30+
- true
31+
- !Ref ForwardCsocLogs
2632

2733
Resources:
2834
ApiGwRole:
@@ -65,6 +71,15 @@ Resources:
6571
FilterPattern: ""
6672
DestinationArn: !ImportValue lambda-resources:SplunkDeliveryStream
6773

74+
ApiGwAccessLogsCsocSubscriptionFilter:
75+
Condition: ShouldForwardCsocLogs
76+
Type: AWS::Logs::SubscriptionFilter
77+
Properties:
78+
RoleArn: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
79+
LogGroupName: !Ref ApiGwAccessLogs
80+
FilterPattern: ""
81+
DestinationArn: "arn:aws:logs:eu-west-2:693466633220:destination:api_gateway_log_destination"
82+
6883
Outputs:
6984
ApiGwRoleArn:
7085
Description: The API GW role ARN

SAMtemplates/apis/main.yaml

Lines changed: 23 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ Parameters:
1010

1111
EnableMutualTLS:
1212
Type: String
13-
13+
1414
TruststoreVersion:
1515
Type: String
1616

@@ -20,33 +20,35 @@ Parameters:
2020
GetMyPrescriptionsStateMachineName:
2121
Type: String
2222
Default: none
23-
23+
2424
GetMyPrescriptionsStateMachineArn:
2525
Type: String
2626
Default: none
27-
27+
2828
CapabilityStatementFunctionName:
2929
Type: String
3030
Default: none
31-
31+
3232
CapabilityStatementFunctionArn:
3333
Type: String
3434
Default: none
35-
35+
3636
StatusFunctionName:
3737
Type: String
3838
Default: none
39-
39+
4040
StatusFunctionArn:
4141
Type: String
4242
Default: none
43-
43+
4444
LogRetentionInDays:
4545
Type: Number
46-
46+
4747
EnableSplunk:
4848
Type: String
49-
49+
ForwardCsocLogs:
50+
Type: String
51+
Default: false
5052
Conditions:
5153
ShouldUseMutualTLS: !Equals
5254
- true
@@ -68,7 +70,7 @@ Resources:
6870
- - !Ref StackName
6971
- !ImportValue eps-route53-resources:EPS-domain
7072
HostedZoneId: !ImportValue eps-route53-resources:EPS-ZoneID
71-
73+
7274
RestApiGateway:
7375
Type: AWS::ApiGateway::RestApi
7476
Properties:
@@ -80,7 +82,7 @@ Resources:
8082
EndpointConfiguration:
8183
Types:
8284
- REGIONAL
83-
85+
8486
RestApiDomain:
8587
Type: AWS::ApiGateway::DomainName
8688
Properties:
@@ -89,7 +91,7 @@ Resources:
8991
- - !Ref StackName
9092
- !ImportValue eps-route53-resources:EPS-domain
9193
RegionalCertificateArn: !Ref GenerateCertificate
92-
EndpointConfiguration:
94+
EndpointConfiguration:
9395
Types:
9496
- REGIONAL
9597
SecurityPolicy: TLS_1_2
@@ -110,7 +112,7 @@ Resources:
110112
- ShouldUseMutualTLS
111113
- !Ref TruststoreVersion
112114
- !Ref AWS::NoValue
113-
115+
114116
RestApiRecordSet:
115117
Type: AWS::Route53::RecordSet
116118
Properties:
@@ -123,7 +125,7 @@ Resources:
123125
AliasTarget:
124126
DNSName: !GetAtt RestApiDomain.RegionalDomainName
125127
HostedZoneId: !GetAtt RestApiDomain.RegionalHostedZoneId
126-
128+
127129
GetMyPrescriptionsResource:
128130
Type: AWS::ApiGateway::Resource
129131
Properties:
@@ -223,7 +225,7 @@ Resources:
223225
224226
$payload.Payload.body
225227
MethodResponses:
226-
- StatusCode: "200"
228+
- StatusCode: "200"
227229

228230
CapabilityStatementResource:
229231
Type: AWS::ApiGateway::Resource
@@ -251,7 +253,7 @@ Resources:
251253
RestApiId: !Ref RestApiGateway
252254
ParentId: !GetAtt RestApiGateway.RootResourceId
253255
PathPart: _status
254-
256+
255257
StatusMethod:
256258
Type: AWS::ApiGateway::Method
257259
Properties:
@@ -278,7 +280,7 @@ Resources:
278280
- StatusMethod
279281
Properties:
280282
RestApiId: !Ref RestApiGateway
281-
283+
282284
RestApiGatewayStage:
283285
Type: AWS::ApiGateway::Stage
284286
Properties:
@@ -289,15 +291,15 @@ Resources:
289291
TracingEnabled: true
290292
AccessLogSetting:
291293
DestinationArn: !GetAtt RestApiGatewayResources.Outputs.ApiGwAccessLogsArn
292-
Format: '{ "requestTime": "$context.requestTime", "apiId": "$context.apiId", "accountId": "$context.accountId", "resourcePath": "$context.resourcePath", "stage": "$context.stage", "requestId": "$context.requestId", "extendedRequestId": "$context.extendedRequestId", "status": "$context.status", "httpMethod": "$context.httpMethod", "protocol": "$context.protocol", "path": "$context.path", "responseLatency": "$context.responseLatency", "responseLength": "$context.responseLength", "domainName": "$context.domainName", "identity": { "sourceIp": "$context.identity.sourceIp", "userAgent": "$context.identity.userAgent", "clientCert":{ "subjectDN": "$context.identity.clientCert.subjectDN", "issuerDN": "$context.identity.clientCert.issuerDN", "serialNumber": "$context.identity.clientCert.serialNumber", "validityNotBefore": "$context.identity.clientCert.validity.notBefore", "validityNotAfter": "$context.identity.clientCert.validity.notAfter" }}, "integration":{ "error": "$context.integration.error", "integrationStatus": "$context.integration.integrationStatus", "latency": "$context.integration.latency", "requestId": "$context.integration.requestId", "status": "$context.integration.status" }}'
293-
294+
Format: '{ "requestId": "$context.requestId", "ip": "$context.identity.sourceIp", "caller":"$context.identity.caller", "user":"$context.identity.user","requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath", "status":"$context.status","protocol":"$context.protocol", "responseLength":"$context.responseLength", "accountId":"$context.accountId", "apiId":"$context.apiId", "stage" : "$context.stage", "api_key" : "$context.identity.apiKey", "identity": { "sourceIp": "$context.identity.sourceIp", "userAgent": "$context.identity.userAgent", "clientCert":{ "subjectDN": "$context.identity.clientCert.subjectDN", "issuerDN": "$context.identity.clientCert.issuerDN", "serialNumber": "$context.identity.clientCert.serialNumber", "validityNotBefore": "$context.identity.clientCert.validity.notBefore", "validityNotAfter": "$context.identity.clientCert.validity.notAfter" }}, "integration":{ "error": "$context.integration.error", "integrationStatus": "$context.integration.integrationStatus", "latency": "$context.integration.latency", "requestId": "$context.integration.requestId", "status": "$context.integration.status" } }'
295+
294296
RestApiDomainMapping:
295297
Type: AWS::ApiGateway::BasePathMapping
296298
Properties:
297299
DomainName: !Ref RestApiDomain
298300
RestApiId: !Ref RestApiGateway
299301
Stage: !Ref RestApiGatewayStage
300-
302+
301303
RestApiGatewayResources:
302304
Type: AWS::Serverless::Application
303305
Properties:
@@ -311,3 +313,4 @@ Resources:
311313
ApiName: !Sub ${StackName}-apigw
312314
LogRetentionInDays: !Ref LogRetentionInDays
313315
EnableSplunk: !Ref EnableSplunk
316+
ForwardCsocLogs: !Ref ForwardCsocLogs

SAMtemplates/main_template.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,13 @@ Parameters:
9696
StateMachineLogLevel:
9797
Type: String
9898

99+
ForwardCsocLogs:
100+
Type: String
101+
Default: false
102+
AllowedValues:
103+
- true
104+
- false
105+
99106
Resources:
100107
Apis:
101108
Type: AWS::Serverless::Application
@@ -114,6 +121,7 @@ Resources:
114121
StatusFunctionArn: !GetAtt Functions.Outputs.StatusFunctionArn
115122
LogRetentionInDays: !Ref LogRetentionInDays
116123
EnableSplunk: !Ref EnableSplunk
124+
ForwardCsocLogs: !Ref ForwardCsocLogs
117125

118126
Functions:
119127
Type: AWS::Serverless::Application

0 commit comments

Comments
 (0)