Skip to content

Commit

Permalink
Merge pull request #62 from axiomhq/feat/allow-to-input-multiple-groups
Browse files Browse the repository at this point in the history 
Allow users to input multiple cloudwatch log groups
  • Loading branch information
@a-khaledf
a-khaledf authored Jun 19, 2024
2 parents f9f2cf4 + 2d3aa88 commit eae5d1a
Showing 1 changed file with 46 additions and 40 deletions.
86 changes: 46 additions & 40 deletions cloudwatch-ingester-axiom-cloudformation-stack.template.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
Transform: "AWS::LanguageExtensions"
Parameters:
AxiomToken:
Description: The Token of User in Axiom. Must start with xaat- or xait-.
Expand All @@ -13,9 +15,9 @@ Parameters:
Type: String
Description: The Name of the Dataset in Axiom to push events to.
AllowedPattern: ".+" # required
CloudWatchLogGroupName:
Type: String
Description: The name of the AWS Cloudwatch Log Group to subscribe to.
CloudWatchLogGroupNames:
Type: CommaDelimitedList
Description: The names of the AWS Cloudwatch Log Groups to subscribe to. Comma Seperated string of cloudwatch log group names.
AllowedPattern: ".*" # optional
LambdaFunctionName:
Type: String
Expand All @@ -33,36 +35,36 @@ Parameters:
Default: false
Description: Whether or not disable json logs. defaults to false.
Conditions:
HasCloudWatchLogGroupName: !Not
HasCloudWatchLogGroupNames: !Not
- !Equals
- ''
- !Ref CloudWatchLogGroupName
- !Join ["", !Ref CloudWatchLogGroupNames]
- ""
Resources:
LogGroupSubscriptionFilter:
Type: AWS::Logs::SubscriptionFilter
Condition: HasCloudWatchLogGroupName
Properties:
DestinationArn: !GetAtt
- LogsLambda
- Arn
FilterPattern: ""
LogGroupName: !If
- HasCloudWatchLogGroupName
- !Ref CloudWatchLogGroupName
- !Ref AWS::NoValue
"Fn::ForEach::SubscriptionFilters":
- groupName
- !Ref CloudWatchLogGroupNames
- "lgsf&{groupName}":
Type: AWS::Logs::SubscriptionFilter
Condition: HasCloudWatchLogGroupNames
Properties:
DestinationArn: !GetAtt
- LogsLambda
- Arn
FilterPattern: ""
LogGroupName: !Ref groupName
LogsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- 'sts:AssumeRole'
- "sts:AssumeRole"
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
LogsLambda:
Type: AWS::Lambda::Function
Properties:
Expand All @@ -78,28 +80,32 @@ Resources:
- Arn
Environment:
Variables:
AXIOM_TOKEN: !Ref 'AxiomToken'
AXIOM_DATASET: !Ref 'AxiomDataset'
AXIOM_URL: !Ref 'AxiomURL'
AXIOM_TOKEN: !Ref "AxiomToken"
AXIOM_DATASET: !Ref "AxiomDataset"
AXIOM_URL: !Ref "AxiomURL"
DISABLE_JSON: !Ref DisableJSON
DATA_TAGS: !Ref DataTags
LogsLambdaPermission:
Type: AWS::Lambda::Permission
DependsOn:
- LogsLambda
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref 'LogsLambda'
Principal: !Sub
- 'logs.${Region}.amazonaws.com'
- Region: !Ref 'AWS::Region'
SourceAccount: !Ref 'AWS::AccountId'
SourceArn: !Sub
- 'arn:aws:logs:${Region}:${AccountID}:log-group:${LogGroupName}:*'
- AccountID: !Ref 'AWS::AccountId'
Region: !Ref 'AWS::Region'
LogGroupName: !Ref 'CloudWatchLogGroupName'
"Fn::ForEach::LambdaPermissions":
- groupName
- !Ref CloudWatchLogGroupNames
- "LogsLambdaPermission&{groupName}":
Type: AWS::Lambda::Permission
Condition: HasCloudWatchLogGroupNames
DependsOn:
- LogsLambda
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref "LogsLambda"
Principal: !Sub
- "logs.${Region}.amazonaws.com"
- Region: !Ref "AWS::Region"
SourceAccount: !Ref "AWS::AccountId"
SourceArn: !Sub
- "arn:aws:logs:${Region}:${AccountID}:log-group:${LogGroupName}:*"
- AccountID: !Ref "AWS::AccountId"
Region: !Ref "AWS::Region"
LogGroupName: !Ref groupName
Outputs:
LogsLambdaARN:
Description: The ARN of the created Ingester Lambda
Value: !GetAtt LogsLambda.Arn
Value: !GetAtt LogsLambda.Arn

0 comments on commit eae5d1a

Please sign in to comment.