Merge pull request #35 from SumoLogic/awso-v2.11

himsharma01 · web-flow · commit 8a62028a0935 · 2025-01-24T11:13:43.000+05:30
Awso v2.11
diff --git a/aws/cloudwatchlogsforwarder/README.md b/aws/cloudwatchlogsforwarder/README.md
diff --git a/aws/cloudwatchlogsforwarder/cloudwatchlogsforwarder.tf b/aws/cloudwatchlogsforwarder/cloudwatchlogsforwarder.tf
@@ -196,6 +196,7 @@ resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable
     DestinationArnType  = "Lambda"
     DestinationArnValue = aws_lambda_function.logs_lambda_function.arn
     LogGroupPattern     = var.auto_enable_logs_subscription_options.filter
+    LogGroupTags        = var.auto_enable_logs_subscription_options.tags_filter
     UseExistingLogs     = local.auto_enable_existing
   }
 }
diff --git a/aws/cloudwatchlogsforwarder/examples/default/main.tf b/aws/cloudwatchlogsforwarder/examples/default/main.tf
@@ -21,9 +21,10 @@ module "cloudwatch_logs_lambda_log_forwarder_module" {
   }
 
   auto_enable_logs_subscription = "Both"
-  app_semantic_version = "1.0.11"
+  app_semantic_version = "1.0.14"
   auto_enable_logs_subscription_options = {
     filter = "lambda|rds"
+    tags_filter = ""
   }
 }
 
diff --git a/aws/cloudwatchlogsforwarder/variables.tf b/aws/cloudwatchlogsforwarder/variables.tf
@@ -78,7 +78,7 @@ variable "source_details" {
 variable "app_semantic_version" {
   type        = string
   description = "Provide the latest version of Serverless Application Repository 'sumologic-loggroup-connector'."
-  default = "1.0.11"
+  default = "1.0.14"
 }
 
 variable "auto_enable_logs_subscription" {
@@ -103,14 +103,17 @@ variable "auto_enable_logs_subscription" {
 variable "auto_enable_logs_subscription_options" {
   type = object({
     filter = string
+    tags_filter = string
   })
 
   description = <<EOT
-		filter - Enter regex for matching logGroups. Regex will check for the name. Visit https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Auto-Subscribe_AWS_Log_Groups_to_a_Lambda_Function#Configuring_parameters
+		filter - Enter regex for matching logGroups. Regex will check for the name.
+        tags_filter - Enter comma separated key value pairs for filtering logGroups using tags. Ex KeyName1=string,KeyName2=string. This is optional leave it blank if tag based filtering is not needed.
+        Visit https://help.sumologic.com/docs/send-data/collect-from-other-data-sources/autosubscribe-arn-destination/#configuringparameters
 	EOT
 
   default = {
     filter = "lambda"
+    tags_filter = ""
   }
 }
-
diff --git a/aws/cloudwatchmetrics/cloudwatchmetrics.tf b/aws/cloudwatchmetrics/cloudwatchmetrics.tf
@@ -19,8 +19,6 @@ resource "aws_iam_role" "source_iam_role" {
     ENVIRONMENT           = data.sumologic_caller_identity.current.environment,
     SUMO_LOGIC_ORG_ID     = var.sumologic_organization_id
   })
-
-  managed_policy_arns = [aws_iam_policy.iam_policy["iam_policy"].arn]
 }
 
 resource "aws_iam_policy" "iam_policy" {
@@ -30,6 +28,14 @@ resource "aws_iam_policy" "iam_policy" {
   policy = templatefile("${path.module}/templates/sumologic_source_policy.tmpl", {})
 }
 
+resource "aws_iam_role_policy_attachment" "policy_attachment" {
+  depends_on = [aws_iam_policy.iam_policy]
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["source_iam_role"] : [])
+
+  role       = aws_iam_role.source_iam_role[each.key].name
+  policy_arn = aws_iam_policy.iam_policy["iam_policy"].arn
+}
+
 resource "sumologic_collector" "collector" {
   for_each    = toset(var.create_collector ? ["collector"] : [])
   name        = local.collector_name
@@ -64,6 +70,14 @@ resource "sumologic_cloudwatch_source" "cloudwatch_metrics_sources" {
     type                = "CloudWatchPath"
     limit_to_regions    = var.source_details.limit_to_regions
     limit_to_namespaces = var.source_details.limit_to_namespaces
+
+    dynamic "tag_filters" {
+    for_each = var.source_details.tag_filters
+    content {
+      type = tag_filters.value.type
+      namespace = tag_filters.value.namespace
+      tags = tag_filters.value.tags
+    }
+   }
   }
 }
-
diff --git a/aws/cloudwatchmetrics/examples/default/main.tf b/aws/cloudwatchmetrics/examples/default/main.tf
@@ -12,7 +12,20 @@ module "cloudwatch_metrics" {
             "create_iam_role": true,
             "iam_role_arn": null
         },
-        "limit_to_namespaces": ["aws/ec2"],
+        "limit_to_namespaces": ["AWS/EC2", "AWS/ApiGateway", "AWS/ApplicationELB"],
+        "tag_filters": [{
+          "type" = "TagFilters"
+          "namespace" = "AWS/EC2"
+          "tags" = ["env=prod;dev"]
+        },{
+          "type" = "TagFilters"
+          "namespace" = "AWS/ApiGateway"
+          "tags" = ["env=prod;dev"]
+        },{
+          "type" = "TagFilters"
+          "namespace" = "AWS/ApplicationELB"
+          "tags" = ["env=dev"]
+        }],
         "limit_to_regions": ["eu-central-1"],
         "paused": false,
         "scan_interval": 300000,
diff --git a/aws/cloudwatchmetrics/variables.tf b/aws/cloudwatchmetrics/variables.tf
@@ -25,6 +25,11 @@ variable "source_details" {
     description         = string
     limit_to_regions    = list(string)
     limit_to_namespaces = list(string)
+    tag_filters = list(object({
+      type      = string
+      namespace = string
+      tags      = list(string)
+    }))
     paused              = bool
     scan_interval       = number
     sumo_account_id     = number
@@ -42,6 +47,7 @@ variable "source_details" {
     collector_id        = ""
     limit_to_regions    = ["us-east-1"]
     limit_to_namespaces = ["AWS/ApplicationELB","AWS/ApiGateway","AWS/DynamoDB","AWS/Lambda","AWS/RDS","AWS/ECS","AWS/ElastiCache","AWS/ELB","AWS/NetworkELB","AWS/SQS","AWS/SNS"]
+    tag_filters         = []
     scan_interval       = 300000
     paused              = false
     sumo_account_id     = 926226587429
diff --git a/aws/kinesisfirehoseforlogs/README.md b/aws/kinesisfirehoseforlogs/README.md
diff --git a/aws/kinesisfirehoseforlogs/examples/default/main.tf b/aws/kinesisfirehoseforlogs/examples/default/main.tf
@@ -24,8 +24,9 @@ module "kinesis_firehose_for_logs_module" {
   }
 
   auto_enable_logs_subscription = "Both"
-  app_semantic_version = "1.0.11"
+  app_semantic_version = "1.0.14"
   auto_enable_logs_subscription_options = {
     filter = "lambda|rds"
+    tags_filter = ""
   }
 }
diff --git a/aws/kinesisfirehoseforlogs/kinesisfirehoseforlogs.tf b/aws/kinesisfirehoseforlogs/kinesisfirehoseforlogs.tf
@@ -178,6 +178,7 @@ resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable
     DestinationArnType  = "Kinesis"
     DestinationArnValue = aws_kinesis_firehose_delivery_stream.logs_delivery_stream.arn
     LogGroupPattern     = var.auto_enable_logs_subscription_options.filter
+    LogGroupTags        = var.auto_enable_logs_subscription_options.tags_filter
     UseExistingLogs     = local.auto_enable_existing
     RoleArn             = aws_iam_role.logs_role.arn
   }
diff --git a/aws/kinesisfirehoseforlogs/variables.tf b/aws/kinesisfirehoseforlogs/variables.tf
@@ -56,7 +56,7 @@ variable "source_details" {
 variable "app_semantic_version" {
   type        = string
   description = "Provide the latest version of Serverless Application Repository 'sumologic-loggroup-connector'."
-  default = "1.0.11"
+  default = "1.0.14"
 }
 
 variable "auto_enable_logs_subscription" {
@@ -81,14 +81,17 @@ variable "auto_enable_logs_subscription" {
 variable "auto_enable_logs_subscription_options" {
   type = object({
     filter = string
+    tags_filter = string
   })
 
   description = <<EOT
-		filter - Enter regex for matching logGroups. Regex will check for the name. Visit https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Auto-Subscribe_AWS_Log_Groups_to_a_Lambda_Function#Configuring_parameters
+		filter - Enter regex for matching logGroups. Regex will check for the name.
+        tags_filter - Enter comma separated key value pairs for filtering logGroups using tags. Ex KeyName1=string,KeyName2=string. This is optional leave it blank if tag based filtering is not needed.
+        Visit https://help.sumologic.com/docs/send-data/collect-from-other-data-sources/autosubscribe-arn-destination/#configuringparameters
 	EOT
 
   default = {
     filter = "lambda"
+    tags_filter = ""
   }
 }
-
diff --git a/aws/kinesisfirehoseformetrics/examples/default/main.tf b/aws/kinesisfirehoseformetrics/examples/default/main.tf
@@ -17,6 +17,19 @@ module "kinesis_firehose_for_metrics_source_module" {
     description         = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloud Watch metrics."
     collector_id        = null
     limit_to_namespaces = []
+    "tag_filters": [{
+      "type" = "TagFilters"
+      "namespace" = "AWS/EC2"
+      "tags" = ["env=prod;dev"]
+    },{
+      "type" = "TagFilters"
+      "namespace" = "AWS/ApiGateway"
+      "tags" = ["env=prod;dev"]
+    },{
+      "type" = "TagFilters"
+      "namespace" = "AWS/ApplicationELB"
+      "tags" = ["env=dev"]
+    }],
     sumo_account_id     = 926226587429
     fields              = {}
     iam_details = {
diff --git a/aws/kinesisfirehoseformetrics/kinesisfirehoseformetrics.tf b/aws/kinesisfirehoseformetrics/kinesisfirehoseformetrics.tf
@@ -164,8 +164,6 @@ resource "aws_iam_role" "source_iam_role" {
     SUMO_LOGIC_ORG_ID     = var.sumologic_organization_id,
     ARN                   = local.arn_map[local.aws_region]
   })
-
-  managed_policy_arns = [aws_iam_policy.iam_policy["iam_policy"].arn]
 }
 
 resource "aws_iam_policy" "iam_policy" {
@@ -175,6 +173,14 @@ resource "aws_iam_policy" "iam_policy" {
   policy = templatefile("${path.module}/templates/sumologic_source_policy.tmpl", {})
 }
 
+resource "aws_iam_role_policy_attachment" "policy_attachment" {
+  depends_on = [aws_iam_policy.iam_policy]
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["source_iam_role"] : [])
+
+  role       = aws_iam_role.source_iam_role[each.key].name
+  policy_arn = aws_iam_policy.iam_policy["iam_policy"].arn
+}
+
 resource "sumologic_collector" "collector" {
   for_each    = toset(var.create_collector ? ["collector"] : [])
   name        = local.collector_name
@@ -205,5 +211,13 @@ resource "sumologic_kinesis_metrics_source" "source" {
 
   path {
     type = "KinesisMetricPath"
+    dynamic "tag_filters" {
+    for_each = var.source_details.tag_filters
+    content {
+      type = tag_filters.value.type
+      namespace = tag_filters.value.namespace
+      tags = tag_filters.value.tags
+    }
+   }
   }
 }
diff --git a/aws/kinesisfirehoseformetrics/variables.tf b/aws/kinesisfirehoseformetrics/variables.tf
@@ -43,6 +43,11 @@ variable "source_details" {
     description         = string
     sumo_account_id     = number
     limit_to_namespaces = list(string)
+    tag_filters = list(object({
+      type      = string
+      namespace = string
+      tags      = list(string)
+    }))
     fields              = map(string)
     iam_details = object({
       create_iam_role = bool
@@ -57,6 +62,7 @@ variable "source_details" {
     description         = "This source is created using Sumo Logic terraform AWS Kinesis Firehose for metrics module to collect AWS Cloudwatch metrics."
     sumo_account_id     = 926226587429
     limit_to_namespaces = []
+    tag_filters         = []
     fields              = {}
     iam_details = {
       create_iam_role = true

Original file line number	Diff line number	Diff line change
`@@ -196,6 +196,7 @@ resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable`
`196`	`196`	`DestinationArnType = "Lambda"`
`197`	`197`	`DestinationArnValue = aws_lambda_function.logs_lambda_function.arn`
`198`	`198`	`LogGroupPattern = var.auto_enable_logs_subscription_options.filter`
	`199`	`+ LogGroupTags = var.auto_enable_logs_subscription_options.tags_filter`
`199`	`200`	`UseExistingLogs = local.auto_enable_existing`
`200`	`201`	`}`
`201`	`202`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,9 +21,10 @@ module "cloudwatch_logs_lambda_log_forwarder_module" {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`auto_enable_logs_subscription = "Both"`
`24`		`- app_semantic_version = "1.0.11"`
	`24`	`+ app_semantic_version = "1.0.14"`
`25`	`25`	`auto_enable_logs_subscription_options = {`
`26`	`26`	`filter = "lambda\|rds"`
	`27`	`+ tags_filter = ""`
`27`	`28`	`}`
`28`	`29`	`}`
`29`	`30`
Original file line number	Diff line number	Diff line change
`@@ -24,8 +24,9 @@ module "kinesis_firehose_for_logs_module" {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`auto_enable_logs_subscription = "Both"`
`27`		`- app_semantic_version = "1.0.11"`
	`27`	`+ app_semantic_version = "1.0.14"`
`28`	`28`	`auto_enable_logs_subscription_options = {`
`29`	`29`	`filter = "lambda\|rds"`
	`30`	`+ tags_filter = ""`
`30`	`31`	`}`
`31`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -178,6 +178,7 @@ resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable`
`178`	`178`	`DestinationArnType = "Kinesis"`
`179`	`179`	`DestinationArnValue = aws_kinesis_firehose_delivery_stream.logs_delivery_stream.arn`
`180`	`180`	`LogGroupPattern = var.auto_enable_logs_subscription_options.filter`
	`181`	`+ LogGroupTags = var.auto_enable_logs_subscription_options.tags_filter`
`181`	`182`	`UseExistingLogs = local.auto_enable_existing`
`182`	`183`	`RoleArn = aws_iam_role.logs_role.arn`
`183`	`184`	`}`