SumoLogic
diff --git a/‎.gitignore‎
Lines changed: 8 additions & 0 deletions b/‎.gitignore‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎aws/cloudtrail/README.md‎
Lines changed: 49 additions & 25 deletions b/‎aws/cloudtrail/README.md‎
Lines changed: 49 additions & 25 deletions
diff --git a/‎aws/cloudtrail/cloudtrail.tf‎
Lines changed: 9 additions & 1 deletion b/‎aws/cloudtrail/cloudtrail.tf‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎aws/cloudtrail/examples/default/README.md‎
Lines changed: 44 additions & 0 deletions b/‎aws/cloudtrail/examples/default/README.md‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎aws/cloudtrail/examples/default/data.tf‎
Lines changed: 5 additions & 0 deletions b/‎aws/cloudtrail/examples/default/data.tf‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎aws/cloudtrail/examples/default/locals.tf‎
Lines changed: 10 additions & 0 deletions b/‎aws/cloudtrail/examples/default/locals.tf‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎aws/cloudtrail/examples/default/main.auto.tfvars‎
Lines changed: 5 additions & 0 deletions b/‎aws/cloudtrail/examples/default/main.auto.tfvars‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎aws/cloudtrail/examples/default/main.tf‎
Lines changed: 41 additions & 0 deletions b/‎aws/cloudtrail/examples/default/main.tf‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎aws/cloudwatchmetrics/examples/provider.tf‎ renamed to ‎aws/cloudtrail/examples/default/provider.tf‎ b/‎aws/cloudwatchmetrics/examples/provider.tf‎ renamed to ‎aws/cloudtrail/examples/default/provider.tf‎
@@ -13,3 +13,11 @@
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
+
+
+# Terraform files
+*.terraform
+*.tfstate
+*.tfstate.backup
+*.terraform.lock.hcl
+.idea
@@ -30,7 +30,7 @@ The modules configure/create the following resources:
         }
         sumologic = {
           source  = "sumologic/sumologic"
-          version = "~> 2.1.0"
+          version = ">= 2.28.3, < 3.0.0"
         }
         jira = {
           source  = "fourplusone/jira"
 
@@ -12,43 +12,67 @@ This module is used to create AWS and Sumo Logic resource to collect CloudTrail
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.13.0 |
-| aws | >= 3.42.0 |
-| random | >=3.1.0 |
-| sumologic | >= 2.9.0 |
-| time | >=0.7.1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.16.2, < 6.0.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >=3.1.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.28.3, < 3.0.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >=0.7.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 3.42.0 |
-| random | >=3.1.0 |
-| sumologic | >= 2.9.0 |
-| time | >=0.7.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.16.2, < 6.0.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | >=3.1.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.28.3, < 3.0.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | >=0.7.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudtrail.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource |
+| [aws_iam_policy.iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_role.source_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_s3_bucket.s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_notification.bucket_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) | resource |
+| [aws_s3_bucket_policy.s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
+| [aws_sns_topic.sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
+| [aws_sns_topic_subscription.subscription](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
+| [random_string.aws_random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [sumologic_cloudtrail_source.source](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/cloudtrail_source) | resource |
+| [sumologic_collector.collector](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/collector) | resource |
+| [time_sleep.wait_for_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [sumologic_caller_identity.current](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/data-sources/caller_identity) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| cloudtrail\_details | Provide details for the AWS CloudTrail. If not provided, then defaults will be used. | <pre>object({<br>    name                          = string<br>    is_multi_region_trail         = bool<br>    is_organization_trail         = bool<br>    include_global_service_events = bool<br>  })</pre> | <pre>{<br>  "include_global_service_events": false,<br>  "is_multi_region_trail": false,<br>  "is_organization_trail": false,<br>  "name": "SumoLogic-Terraform-CloudTrail-random-id"<br>}</pre> | no |
-| collector\_details | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic CloudTrail Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS cloudtrail module to collect AWS cloudtrail logs.",<br>  "fields": {}<br>}</pre> | no |
-| create\_collector | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
-| create\_trail | Provide "true" if you would like to create the AWS CloudTrail. If the bucket is created by the module, module by default creates the AWS cloudtrail. | `bool` | n/a | yes |
-| source\_details | Provide details for the Sumo Logic CloudTrail source. If not provided, then defaults will be used. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    collector_id    = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    paused               = bool<br>    scan_interval        = string<br>    sumo_account_id      = number<br>    cutoff_relative_time = string<br>    fields               = map(string)<br>    iam_details = object({<br>      create_iam_role = bool<br>      iam_role_arn    = string<br>    })<br>    sns_topic_details = object({<br>      create_sns_topic = bool<br>      sns_topic_arn    = string<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "cloudtrail-logs-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "AWSLogs/<ACCOUNT-ID>/CloudTrail/<REGION-NAME>/*"<br>  },<br>  "collector_id": "",<br>  "cutoff_relative_time": "-1d",<br>  "description": "This source is created using Sumo Logic terraform AWS cloudtrail module to collect AWS cloudtrail logs.",<br>  "fields": {},<br>  "iam_details": {<br>    "create_iam_role": true,<br>    "iam_role_arn": null<br>  },<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "sns_topic_details": {<br>    "create_sns_topic": true,<br>    "sns_topic_arn": null<br>  },<br>  "source_category": "Labs/aws/cloudtrail",<br>  "source_name": "CloudTrail Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
-| sumologic\_organization\_id | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
-| wait\_for\_seconds | wait\_for\_seconds is used to delay sumo logic source creation. This helps persisting IAM role in AWS system.<br>        Default value is 180 seconds.<br>        If the AWS IAM role is created outside the module, the value can be decreased to 1 second. | `number` | `180` | no |
+| <a name="input_cloudtrail_details"></a> [cloudtrail\_details](#input\_cloudtrail\_details) | Provide details for the AWS CloudTrail. If not provided, then defaults will be used. | <pre>object({<br>    name                          = string<br>    is_multi_region_trail         = bool<br>    is_organization_trail         = bool<br>    include_global_service_events = bool<br>  })</pre> | <pre>{<br>  "include_global_service_events": false,<br>  "is_multi_region_trail": false,<br>  "is_organization_trail": false,<br>  "name": "SumoLogic-Terraform-CloudTrail-random-id"<br>}</pre> | no |
+| <a name="input_collector_details"></a> [collector\_details](#input\_collector\_details) | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic CloudTrail Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS cloudtrail module to collect AWS cloudtrail logs.",<br>  "fields": {}<br>}</pre> | no |
+| <a name="input_create_collector"></a> [create\_collector](#input\_create\_collector) | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
+| <a name="input_create_trail"></a> [create\_trail](#input\_create\_trail) | Provide "true" if you would like to create the AWS CloudTrail. If the bucket is created by the module, module by default creates the AWS cloudtrail. | `bool` | n/a | yes |
+| <a name="input_source_details"></a> [source\_details](#input\_source\_details) | Provide details for the Sumo Logic CloudTrail source. If not provided, then defaults will be used. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    collector_id    = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    paused               = bool<br>    scan_interval        = string<br>    sumo_account_id      = number<br>    cutoff_relative_time = string<br>    fields               = map(string)<br>    iam_details = object({<br>      create_iam_role = bool<br>      iam_role_arn    = string<br>    })<br>    sns_topic_details = object({<br>      create_sns_topic = bool<br>      sns_topic_arn    = string<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "cloudtrail-logs-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "AWSLogs/<ACCOUNT-ID>/CloudTrail/<REGION-NAME>/*"<br>  },<br>  "collector_id": "",<br>  "cutoff_relative_time": "-1d",<br>  "description": "This source is created using Sumo Logic terraform AWS cloudtrail module to collect AWS cloudtrail logs.",<br>  "fields": {},<br>  "iam_details": {<br>    "create_iam_role": true,<br>    "iam_role_arn": null<br>  },<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "sns_topic_details": {<br>    "create_sns_topic": true,<br>    "sns_topic_arn": null<br>  },<br>  "source_category": "Labs/aws/cloudtrail",<br>  "source_name": "CloudTrail Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
+| <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
+| <a name="input_wait_for_seconds"></a> [wait\_for\_seconds](#input\_wait\_for\_seconds) | wait\_for\_seconds is used to delay sumo logic source creation. This helps persisting IAM role in AWS system.<br>        Default value is 180 seconds.<br>        If the AWS IAM role is created outside the module, the value can be decreased to 1 second. | `number` | `180` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| aws\_cloudtrail | AWS Trail created to send CloudTrail logs to AWS S3 bucket. |
-| aws\_iam\_role | AWS IAM role with permission to allow Sumo Logic to read logs from S3 Bucket. |
-| aws\_s3\_bucket | AWS S3 Bucket name created to Store the CloudTrail logs. |
-| aws\_s3\_bucket\_notification | AWS S3 Bucket Notification attached to the AWS S3 Bucket |
-| aws\_sns\_subscription | AWS SNS subscription to Sumo Logic AWS CloudTrail source. |
-| aws\_sns\_topic | AWS SNS topic attached to the AWS S3 bucket. |
-| random\_string | Random String value created. |
-| sumologic\_collector | Sumo Logic hosted collector. |
-| sumologic\_source | Sumo Logic AWS CloudTrail source. |
+| <a name="output_aws_cloudtrail"></a> [aws\_cloudtrail](#output\_aws\_cloudtrail) | AWS Trail created to send CloudTrail logs to AWS S3 bucket. |
+| <a name="output_aws_iam_role"></a> [aws\_iam\_role](#output\_aws\_iam\_role) | AWS IAM role with permission to allow Sumo Logic to read logs from S3 Bucket. |
+| <a name="output_aws_s3_bucket"></a> [aws\_s3\_bucket](#output\_aws\_s3\_bucket) | AWS S3 Bucket name created to Store the CloudTrail logs. |
+| <a name="output_aws_s3_bucket_notification"></a> [aws\_s3\_bucket\_notification](#output\_aws\_s3\_bucket\_notification) | AWS S3 Bucket Notification attached to the AWS S3 Bucket |
+| <a name="output_aws_sns_subscription"></a> [aws\_sns\_subscription](#output\_aws\_sns\_subscription) | AWS SNS subscription to Sumo Logic AWS CloudTrail source. |
+| <a name="output_aws_sns_topic"></a> [aws\_sns\_topic](#output\_aws\_sns\_topic) | AWS SNS topic attached to the AWS S3 bucket. |
+| <a name="output_random_string"></a> [random\_string](#output\_random\_string) | Random String value created. |
+| <a name="output_sumologic_collector"></a> [sumologic\_collector](#output\_sumologic\_collector) | Sumo Logic hosted collector. |
+| <a name="output_sumologic_source"></a> [sumologic\_source](#output\_sumologic\_source) | Sumo Logic AWS CloudTrail source. |
@@ -12,14 +12,21 @@ resource "random_string" "aws_random" {
   upper   = false
 }
 
+# Default s3 bucket acl is private, if you want to update uncomment the following block
+# For more details refer https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl
 resource "aws_s3_bucket" "s3_bucket" {
   for_each = toset(var.source_details.bucket_details.create_bucket ? ["s3_bucket"] : [])
 
   bucket        = local.bucket_name
   force_destroy = var.source_details.bucket_details.force_destroy_bucket
+}
 
+resource "aws_s3_bucket_policy" "s3_bucket" {
+  for_each = toset(var.source_details.bucket_details.create_bucket ? ["s3_bucket"] : [])
+  
+  bucket = aws_s3_bucket.s3_bucket["s3_bucket"].id
   policy = templatefile("${path.module}/templates/cloudtrail_bucket_policy.tmpl", {
-    BUCKET_NAME = local.bucket_name
+    BUCKET_NAME     = aws_s3_bucket.s3_bucket["s3_bucket"].id
   })
 }
 
@@ -47,6 +54,7 @@ resource "aws_s3_bucket_notification" "bucket_notification" {
 }
 
 resource "aws_cloudtrail" "cloudtrail" {
+  depends_on = [aws_s3_bucket_policy.s3_bucket]
   for_each = toset(local.create_trail ? ["cloudtrail"] : [])
 
   name                          = local.cloudtrail_name
 
@@ -0,0 +1,44 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.16.2, < 6.0.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >=3.1.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.28.3, < 3.0.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.43.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.6.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.28.3 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_cloudtrail_module"></a> [cloudtrail\_module](#module\_cloudtrail\_module) | SumoLogic/sumo-logic-integrations/sumologic//aws/cloudtrail | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [random_string.aws_random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [sumologic_caller_identity.current](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/data-sources/caller_identity) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
@@ -0,0 +1,5 @@
+data "aws_region" "current" {}
+
+data "aws_caller_identity" "current" {}
+
+data "sumologic_caller_identity" "current" {}
@@ -0,0 +1,10 @@
+locals {
+  # AWS account details
+  aws_account_id = data.aws_caller_identity.current.account_id
+  aws_region = data.aws_region.current.name
+
+  # CloudTrail inputs
+  bucket_name          = "aws-observability-random-${random_string.aws_random.id}"
+  path_expression      = "AWSLogs/${local.aws_account_id}/CloudTrail/${local.aws_region}/*"
+  cloudtrail_fields      = { account = local.aws_account_id }
+}
@@ -0,0 +1,5 @@
+####### BELOW ARE REQUIRED PARAMETERS FOR TERRAFORM SCRIPT #######
+sumologic_environment       = "<YOUR SUMO DEPLOYMENT>"   # Please replace <YOUR SUMO DEPLOYMENT> (including brackets) with au, ca, de, eu, jp, us2, in, fed or us1.
+sumologic_organization_id   = "<YOUR SUMO ORG ID>"       # Please replace <YOUR SUMO ORG ID> (including brackets) with your Sumo Logic Organization ID.
+sumologic_access_id         = "<YOUR SUMO ACCESS ID>"    # Please replace <YOUR SUMO ACCESS ID> (including brackets) with your Sumo Logic Access ID.
+sumologic_access_key        = "<YOUR SUMO ACCESS KEY>"   # Please replace <YOUR SUMO ACCESS KEY> (including brackets) with your Sumo Logic Access KEY.
@@ -0,0 +1,41 @@
+
+resource "random_string" "aws_random" {
+  length  = 10
+  upper   = false
+  special = false
+}
+
+module "cloudtrail_module" {
+  source = "SumoLogic/sumo-logic-integrations/sumologic//aws/cloudtrail"
+
+  create_collector          = true
+  create_trail              = true
+  sumologic_organization_id = var.sumologic_organization_id
+  wait_for_seconds          = 20
+
+  source_details = {
+    source_name     = "CloudTrail Logs (Region)"
+    source_category = "aws/observability/cloudtrail/logs"
+    description     = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS cloudtrail logs."
+    collector_id    = module.cloudtrail_module.sumologic_collector.collector.id
+    bucket_details = {
+      create_bucket        = true
+      bucket_name          = local.bucket_name
+      path_expression      = local.path_expression
+      force_destroy_bucket = false
+    }
+    paused               = false
+    scan_interval        = 60000
+    sumo_account_id      = 926226587429
+    cutoff_relative_time = "-1d"
+    fields               = local.cloudtrail_fields
+    iam_details = {
+      create_iam_role = true
+      iam_role_arn    = null
+    }
+    sns_topic_details = {
+      create_sns_topic = true
+      sns_topic_arn = null
+    }
+  }
+}
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ The modules configure/create the following resources:`
`30`	`30`	`}`
`31`	`31`	`sumologic = {`
`32`	`32`	`source = "sumologic/sumologic"`
`33`		`- version = "~> 2.1.0"`
	`33`	`+ version = ">= 2.28.3, < 3.0.0"`
`34`	`34`	`}`
`35`	`35`	`jira = {`
`36`	`36`	`source = "fourplusone/jira"`