Merge pull request #34 from SumoLogic/sumo_251869

Added support for AWS tag filters

Author: himsharma01

aws/cloudwatchmetrics/cloudwatchmetrics.tf

@@ -19,8 +19,6 @@ resource "aws_iam_role" "source_iam_role" {
     ENVIRONMENT           = data.sumologic_caller_identity.current.environment,
     SUMO_LOGIC_ORG_ID     = var.sumologic_organization_id
   })
-
-  managed_policy_arns = [aws_iam_policy.iam_policy["iam_policy"].arn]
 }
 
 resource "aws_iam_policy" "iam_policy" {
@@ -30,6 +28,14 @@ resource "aws_iam_policy" "iam_policy" {
   policy = templatefile("${path.module}/templates/sumologic_source_policy.tmpl", {})
 }
 
+resource "aws_iam_role_policy_attachment" "policy_attachment" {
+  depends_on = [aws_iam_policy.iam_policy]
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["source_iam_role"] : [])
+
+  role       = aws_iam_role.source_iam_role[each.key].name
+  policy_arn = aws_iam_policy.iam_policy["iam_policy"].arn
+}
+
 resource "sumologic_collector" "collector" {
   for_each    = toset(var.create_collector ? ["collector"] : [])
   name        = local.collector_name
@@ -64,6 +70,14 @@ resource "sumologic_cloudwatch_source" "cloudwatch_metrics_sources" {
     type                = "CloudWatchPath"
     limit_to_regions    = var.source_details.limit_to_regions
     limit_to_namespaces = var.source_details.limit_to_namespaces
+
+    dynamic "tag_filters" {
+    for_each = var.source_details.tag_filters
+    content {
+      type = tag_filters.value.type
+      namespace = tag_filters.value.namespace
+      tags = tag_filters.value.tags
+    }
+   }
   }
 }
-

aws/cloudwatchmetrics/examples/default/main.tf

@@ -12,7 +12,20 @@ module "cloudwatch_metrics" {
             "create_iam_role": true,
             "iam_role_arn": null
         },
-        "limit_to_namespaces": ["aws/ec2"],
+        "limit_to_namespaces": ["AWS/EC2", "AWS/ApiGateway", "AWS/ApplicationELB"],
+        "tag_filters": [{
+          "type" = "TagFilters"
+          "namespace" = "AWS/EC2"
+          "tags" = ["env=prod;dev"]
+        },{
+          "type" = "TagFilters"
+          "namespace" = "AWS/ApiGateway"
+          "tags" = ["env=prod;dev"]
+        },{
+          "type" = "TagFilters"
+          "namespace" = "AWS/ApplicationELB"
+          "tags" = ["env=dev"]
+        }],
         "limit_to_regions": ["eu-central-1"],
         "paused": false,
         "scan_interval": 300000,

aws/cloudwatchmetrics/variables.tf

@@ -25,6 +25,11 @@ variable "source_details" {
     description         = string
     limit_to_regions    = list(string)
     limit_to_namespaces = list(string)
+    tag_filters = list(object({
+      type      = string
+      namespace = string
+      tags      = list(string)
+    }))
     paused              = bool
     scan_interval       = number
     sumo_account_id     = number
@@ -42,6 +47,7 @@ variable "source_details" {
     collector_id        = ""
     limit_to_regions    = ["us-east-1"]
     limit_to_namespaces = ["AWS/ApplicationELB","AWS/ApiGateway","AWS/DynamoDB","AWS/Lambda","AWS/RDS","AWS/ECS","AWS/ElastiCache","AWS/ELB","AWS/NetworkELB","AWS/SQS","AWS/SNS"]
+    tag_filters         = []
     scan_interval       = 300000
     paused              = false
     sumo_account_id     = 926226587429

aws/kinesisfirehoseformetrics/examples/default/main.tf

@@ -17,6 +17,19 @@ module "kinesis_firehose_for_metrics_source_module" {
     description         = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloud Watch metrics."
     collector_id        = null
     limit_to_namespaces = []
+    "tag_filters": [{
+      "type" = "TagFilters"
+      "namespace" = "AWS/EC2"
+      "tags" = ["env=prod;dev"]
+    },{
+      "type" = "TagFilters"
+      "namespace" = "AWS/ApiGateway"
+      "tags" = ["env=prod;dev"]
+    },{
+      "type" = "TagFilters"
+      "namespace" = "AWS/ApplicationELB"
+      "tags" = ["env=dev"]
+    }],
     sumo_account_id     = 926226587429
     fields              = {}
     iam_details = {

aws/kinesisfirehoseformetrics/kinesisfirehoseformetrics.tf

@@ -164,8 +164,6 @@ resource "aws_iam_role" "source_iam_role" {
     SUMO_LOGIC_ORG_ID     = var.sumologic_organization_id,
     ARN                   = local.arn_map[local.aws_region]
   })
-
-  managed_policy_arns = [aws_iam_policy.iam_policy["iam_policy"].arn]
 }
 
 resource "aws_iam_policy" "iam_policy" {
@@ -175,6 +173,14 @@ resource "aws_iam_policy" "iam_policy" {
   policy = templatefile("${path.module}/templates/sumologic_source_policy.tmpl", {})
 }
 
+resource "aws_iam_role_policy_attachment" "policy_attachment" {
+  depends_on = [aws_iam_policy.iam_policy]
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["source_iam_role"] : [])
+
+  role       = aws_iam_role.source_iam_role[each.key].name
+  policy_arn = aws_iam_policy.iam_policy["iam_policy"].arn
+}
+
 resource "sumologic_collector" "collector" {
   for_each    = toset(var.create_collector ? ["collector"] : [])
   name        = local.collector_name
@@ -205,5 +211,13 @@ resource "sumologic_kinesis_metrics_source" "source" {
 
   path {
     type = "KinesisMetricPath"
+    dynamic "tag_filters" {
+    for_each = var.source_details.tag_filters
+    content {
+      type = tag_filters.value.type
+      namespace = tag_filters.value.namespace
+      tags = tag_filters.value.tags
+    }
+   }
   }
 }

aws/kinesisfirehoseformetrics/variables.tf

@@ -43,6 +43,11 @@ variable "source_details" {
     description         = string
     sumo_account_id     = number
     limit_to_namespaces = list(string)
+    tag_filters = list(object({
+      type      = string
+      namespace = string
+      tags      = list(string)
+    }))
     fields              = map(string)
     iam_details = object({
       create_iam_role = bool
@@ -57,6 +62,7 @@ variable "source_details" {
     description         = "This source is created using Sumo Logic terraform AWS Kinesis Firehose for metrics module to collect AWS Cloudwatch metrics."
     sumo_account_id     = 926226587429
     limit_to_namespaces = []
+    tag_filters         = []
     fields              = {}
     iam_details = {
       create_iam_role = true