rename ingester to forwarder, backfiller to subscriber

.github/workflows/ci.yaml

@@ -20,7 +20,7 @@ jobs:
       - run: wget https://github.com/mikefarah/yq/releases/download/v$YQ_VERSION/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/local/bin/yq
       - run: |-
           mkdir build
-          yq ".Resources.LogsLambda.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./handler.py)\""  cloudformation-stacks/ingester.template.yaml > build/axiom-cloudwatch-ingester-cloudformation-stack.yaml
-          yq ".Resources.BackfillerLambda.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./backfill.py)\""  cloudformation-stacks/backfiller.template.yaml > build/axiom-cloudwatch-backfiller-cloudformation-stack.yaml
-          yq ".Resources.AxiomCloudWatchLogsSubscriber.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./logs_subscriber.py)\""  cloudformation-stacks/subscriber.template.yaml > build/axiom-cloudwatch-subscriber-axiom-cloudformation-stack.yaml
+          yq ".Resources.LogsLambda.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./handler.py)\""  cloudformation-stacks/forwarder.template.yaml > build/axiom-cloudwatch-forwarder-cloudformation-stack.yaml
+          yq ".Resources.BackfillerLambda.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./backfill.py)\""  cloudformation-stacks/subscriber.template.yaml > build/axiom-cloudwatch-subscriber-cloudformation-stack.yaml
+          yq ".Resources.AxiomCloudWatchLogsSubscriber.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./logs_subscriber.py)\""  cloudformation-stacks/log-groups-listener.template.yaml > build/axiom-cloudwatch-log-groups-listener-cloudformation-stack.yaml
       - run: cat build/*

.github/workflows/release.yaml

@@ -21,9 +21,9 @@ jobs:
       - run: wget https://github.com/mikefarah/yq/releases/download/v$YQ_VERSION/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/local/bin/yq
       - run: |-
           mkdir build
-          yq ".Resources.LogsLambda.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./handler.py)\""  cloudformation-stacks/ingester.template.yaml > build/axiom-cloudwatch-ingester-cloudformation-stack.yaml
-          yq ".Resources.BackfillerLambda.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./backfill.py)\"" cloudformation-stacks/backfiller.template.yaml > build/axiom-cloudwatch-backfiller-cloudformation-stack.yaml
-          yq ".Resources.AxiomCloudWatchLogsSubscriber.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./logs_subscriber.py)\""  cloudformation-stacks/subscriber.template.yaml > build/axiom-cloudwatch-subscriber-cloudformation-stack.yaml
+          yq ".Resources.LogsLambda.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./handler.py)\""  cloudformation-stacks/forwarder.template.yaml > build/axiom-cloudwatch-forwarder-cloudformation-stack.yaml
+          yq ".Resources.BackfillerLambda.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./backfill.py)\"" cloudformation-stacks/subscriber.template.yaml > build/axiom-cloudwatch-subscriber-cloudformation-stack.yaml
+          yq ".Resources.AxiomCloudWatchLogsSubscriber.Properties.Code.ZipFile = \"$(sed  's/\"/\\\"/g' ./logs_subscriber.py)\""  cloudformation-stacks/subscriber.template.yaml > build/axiom-cloudwatch-log-groups-listener-cloudformation-stack.yaml
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:

README.md

@@ -1,21 +1,21 @@
-# Axiom CloudWatch Lambda [![CI](https://github.com/axiomhq/axiom-cloudwatch-lambda/actions/workflows/ci.yaml/badge.svg)](https://github.com/axiomhq/axiom-cloudwatch-lambda/actions/workflows/ci.yaml)
+# Axiom CloudWatch Forwarder [![CI](https://github.com/axiomhq/axiom-cloudwatch-forwarder/actions/workflows/ci.yaml/badge.svg)](https://github.com/axiomhq/axiom-cloudwatch-forwarder/actions/workflows/ci.yaml)
 
-Axiom CloudWatch Lambda is an easy-to-use AWS CloudFormation template to send logs from CloudWatch to [Axiom](https://axiom.co). It deploys a CloudWatch log group subscription filter and a Lambda.
+Axiom CloudWatch Lambda is an easy-to-use AWS CloudFormation template to send logs from CloudWatch to [Axiom](https://axiom.co). It deploys a Lambda and a subscriber to create the needed CloudWatch log group subscription filters.
 
 Axiom CloudWatch Lambda uses the following CloudFormation stacks:
 
-- Axiom Ingester creates a Lambda function that ingests logs from CloudWatch and sends them to Axiom.
-- Backfiller runs once to create subscription filters on the ingest Lambda for all existing CloudWatch log groups.
-- Logs Subscriber creates a Lambda function that listens for new log groups and creates subscription filters for them. This way, you don't have to create subscription filters manually for new log groups.
+- Axiom Forwarder creates a Lambda function that ingests logs from CloudWatch and sends them to Axiom.
+- Subscriber runs once to create subscription filters on the ingest Lambda for all existing CloudWatch log groups.
+- LogGroups Listener creates a Lambda function that listens for new log groups and creates subscription filters for them. This way, you don't have to create subscription filters manually for new log groups.
 
 ## Guide
 
 1. [Create an Axiom account](https://app.axiom.co).
 2. Create a dataset in Axiom.
 3. Create an API token in Axiom with permissions to ingest data to the dataset you created.
-4. [Click this link to launch the Stack](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=cloudwatch-ingester-axiom&templateURL=https://axiom-cloudformation.s3.amazonaws.com/stacks/axiom-cloudwatch-ingester-cloudformation-stack.yaml).
-5. [Click this link to automatically subscribe to all existing log groups](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=cloudwatch-backfiller-axiom&templateURL=https://axiom-cloudformation.s3.amazonaws.com/stacks/axiom-cloudwatch-backfiller-cloudformation-stack.yaml).
-6. [Click this link to automatically subscribe to new log groups](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=cloudwatch-subscriber-axiom&templateURL=https://axiom-cloudformation.s3.amazonaws.com/stacks/axiom-cloudwatch-subscriber-cloudformation-stack.yaml).
+4. [Click this link to launch the Stack](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=cloudwatch-ingester-axiom&templateURL=https://axiom-cloudformation.s3.amazonaws.com/stacks/axiom-cloudwatch-forwarder-cloudformation-stack.yaml).
+5. [Click this link to automatically subscribe to all existing log groups](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=cloudwatch-backfiller-axiom&templateURL=https://axiom-cloudformation.s3.amazonaws.com/stacks/axiom-cloudwatch-subscriber-cloudformation-stack.yaml).
+6. [Click this link to automatically subscribe to new log groups](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=cloudwatch-subscriber-axiom&templateURL=https://axiom-cloudformation.s3.amazonaws.com/stacks/axiom-cloudwatch-log-groups-listener-cloudformation-stack.yaml).
 
 ## Logs Subscriber architecture
 

cloudformation-stacks/ingester.template.yaml → cloudformation-stacks/forwarder.template.yaml

@@ -22,7 +22,7 @@ Parameters:
   LambdaFunctionName:
     Type: String
     Description: Name of the AWS Lambda Function.
-    Default: cloudwatch-ingester-axiom
+    Default: axiom-cloudwatch-forwarder
     AllowedPattern: ".+" # required
   DataTags:
     Type: String
@@ -107,5 +107,5 @@ Resources:
               LogGroupName: !Ref GroupName
 Outputs:
   LogsLambdaARN:
-    Description: The ARN of the created Ingester Lambda
+    Description: The ARN of the created Forwarder Lambda
     Value: !GetAtt LogsLambda.Arn

cloudformation-stacks/log-groups-listener.template.yaml

@@ -0,0 +1,176 @@
+Description: A lambda function to auto subscribe Axiom Forwarder to new CloudWatch Log Groups.
+Parameters:
+  LambdaFunctionName:
+    Type: String
+    Description: Name of the AWS Lambda Function.
+    Default: cloudwatch-subscriber-axiom
+    AllowedPattern: ".+" # required
+  AxiomCloudWatchLambdaIngesterARN:
+    Type: String
+    Description: The ARN of the AWS Lambda Function that is used to ingest data to axiom.
+    AllowedPattern: ".+" # required
+  CloudWatchLogGroupsPrefix:
+    Type: String
+    Description: The Prefix of cloudwatch log groups to subscribe to the AWS Lambda ingester.
+    Default: "" # all
+  AxiomLambdaLogRetention:
+    Type: "Number"
+    Description: "The number of days to retain CloudWatch logs for the created lambda functions."
+    Default: 1
+  EnableCloudTrail:
+    Description: "Enable Cloudtrail for cloudwatch CreateLogGroup event notification? If already enabled, choose 'false'"
+    Default: true
+    Type: String
+    AllowedValues: [true, false]
+Conditions:
+  ShouldEnableCloudTrail: !Equals [true, !Ref EnableCloudTrail]
+Resources:
+  AxiomCloudWatchLogsSubscriberS3Bucket:
+    Condition: ShouldEnableCloudTrail
+    Type: AWS::S3::Bucket
+    Properties:
+      AccessControl: BucketOwnerFullControl
+      BucketName: !Join ["-", [!Ref AWS::StackName, "cloudtrail"]]
+  AxiomCloudWatchLogsSubscriberS3BucketPolicy:
+    Type: AWS::S3::BucketPolicy
+    Condition: ShouldEnableCloudTrail
+    DependsOn: AxiomCloudWatchLogsSubscriberS3Bucket
+    Properties:
+      Bucket: !Ref AxiomCloudWatchLogsSubscriberS3Bucket
+      PolicyDocument:
+        {
+          "Version": "2012-10-17",
+          "Statement":
+            [
+              {
+                "Sid": "AWSCloudTrailAclCheck20150319",
+                "Effect": "Allow",
+                "Principal": { "Service": "cloudtrail.amazonaws.com" },
+                "Action": "s3:GetBucketAcl",
+                "Resource":
+                  !GetAtt ["AxiomCloudWatchLogsSubscriberS3Bucket", "Arn"],
+              },
+              {
+                "Sid": "AWSCloudTrailWrite20150319",
+                "Effect": "Allow",
+                "Principal": { "Service": "cloudtrail.amazonaws.com" },
+                "Action": "s3:PutObject",
+                "Resource":
+                  !Join [
+                    "",
+                    [
+                      !GetAtt ["AxiomCloudWatchLogsSubscriberS3Bucket", "Arn"],
+                      "/AWSLogs/",
+                      { "Ref": "AWS::AccountId" },
+                      "/*",
+                    ],
+                  ],
+                "Condition":
+                  {
+                    "StringEquals":
+                      { "s3:x-amz-acl": "bucket-owner-full-control" },
+                  },
+              },
+            ],
+        }
+  AxiomLogsSubscriberCloudTrail:
+    Type: AWS::CloudTrail::Trail
+    Condition: ShouldEnableCloudTrail
+    DependsOn: AxiomCloudWatchLogsSubscriberS3BucketPolicy
+    Properties:
+      EnableLogFileValidation: false
+      IncludeGlobalServiceEvents: true
+      IsMultiRegionTrail: true
+      IsLogging: true
+      S3BucketName: !Ref AxiomCloudWatchLogsSubscriberS3Bucket
+      TrailName: !Join ["-", [!Ref AWS::StackName, { "Ref": "AWS::AccountId" }]]
+  AxiomLogsSubscriberEventRule:
+    DependsOn: AxiomCloudWatchLogsSubscriber
+    Type: AWS::Events::Rule
+    Properties:
+      Description: Axiom log group auto subscription event rule.,
+      EventPattern:
+        source: ["aws.logs"]
+        detail-type: ["AWS API Call via CloudTrail"]
+        detail:
+          eventSource: ["logs.amazonaws.com"]
+          eventName: ["CreateLogGroup"]
+      Name:
+        "Fn::Join":
+          ["-", [{ "Ref": "AWS::StackName" }, "auto-subscription-rule"]]
+      Targets:
+        - Id: !Join ["-", [!Ref "AWS::StackName", "auto-subscription-rule"]]
+          Arn: !GetAtt ["AxiomCloudWatchLogsSubscriber", "Arn"]
+  AxiomCloudWatchLogsSubscriberPolicy:
+    Type: AWS::IAM::Policy
+    Properties:
+      PolicyDocument:
+        Statement:
+          - Action:
+              - logs:DeleteSubscriptionFilter
+              - logs:PutSubscriptionFilter
+              - logs:DescribeLogGroups
+              - lambda:AddPermission
+              - lambda:RemovePermission
+              - lambda:InvokeFunction
+              - lambda:GetFunction
+              - logs:DescribeLogStreams
+              - logs:DescribeSubscriptionFilters
+              - logs:FilterLogEvents
+              - logs:GetLogEvents
+            Effect: Allow
+            Resource: "*"
+      PolicyName: cloudwatch-subscriber-axiom-policy
+      Roles:
+        - !Ref "AxiomCloudWatchLogsSubscriberRole"
+  AxiomCloudWatchLogsSubscriberRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+          - Action:
+              - "sts:AssumeRole"
+            Effect: Allow
+            Principal:
+              Service:
+                - lambda.amazonaws.com
+                - logs.amazonaws.com
+      ManagedPolicyArns:
+        - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+  AxiomCloudWatchLogsSubscriber:
+    Type: AWS::Lambda::Function
+    DependsOn:
+      - AxiomCloudWatchLogsSubscriberRole
+    Properties:
+      FunctionName: !Ref LambdaFunctionName
+      Runtime: python3.9
+      Handler: index.lambda_handler
+      Code:
+        ZipFile: |
+          # DO NOT EDIT
+          # CI will replace these comments with the code from ./logs_subscriber.py
+      Role: !GetAtt
+        - AxiomCloudWatchLogsSubscriberRole
+        - Arn
+      Description: Axiom CloudWatch Automatic Logs Subscriber Lambda
+      Environment:
+        Variables:
+          AXIOM_CLOUDWATCH_LAMBDA_INGESTER_ARN: !Ref "AxiomCloudWatchLambdaIngesterARN"
+          LOG_GROUP_PREFIX: !Ref "CloudWatchLogGroupsPrefix"
+  AxiomCloudWatchLogsSubscriberPermission:
+    Type: AWS::Lambda::Permission
+    Properties:
+      Action: "lambda:InvokeFunction"
+      FunctionName: { "Fn::GetAtt": ["AxiomCloudWatchLogsSubscriber", "Arn"] }
+      Principal: "events.amazonaws.com"
+      SourceAccount:
+        Ref: AWS::AccountId
+      SourceArn: !GetAtt ["AxiomLogsSubscriberEventRule", "Arn"]
+  AxiomCloudWatchLogsSubscriberLogGroup:
+    DependsOn: ["AxiomCloudWatchLogsSubscriberRole"]
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName:
+        !Join ["", ["/aws/lambda/", { "Ref": "AxiomCloudWatchLogsSubscriber" }]]
+      RetentionInDays:
+        Ref: "AxiomLambdaLogRetention"