Rework Axiom Cloudwatch Forwarder

[dasfmi]

This PR revises the naming of CloudFormation stack elements to make their purpose clearer, and allows greater flexibility in filtering log groups that are applied as subscription filters to the (newly named) Lambda Forwarder, now using a combination of names, prefix and regular expression. It also introduces versioning to the CloudFormation stacks so breaking changes do not impact users, and introduces a new Unsubscriber stack for convenience.

TODO:

• Renames the Ingester to Forwarder, Backfiller to Subscriber and the LogsSubscriber to LogGroupsListener.
• Moves the stack templates to their own folder to improve readability with shorter file names
• Moves out the responsibility of creating log group subscription filters and gives it to the Subscriber component
• Subscriber component to handle different inputs for log groups selection (names list, prefix or regex pattern)
• Create Unsubscriber component
• Versioning the released stack templates
• Removes the ambiguous * from permissions and creates a statement per log group
• Provides a terraform example
• Prefix the created log groups names with /aws/axiom to easily discard them from being forwarded

[dominicchapman]

Some copy nits. Hopefully easy to merge suggestions ⚡

[dominicchapman]

Refinements to README

[a-khaledf]

Suggested change

	template_body = file("forwarder_stack_url")
	template_url = file("forwarder_stack_url")

[a-khaledf]

Suggested change

	template_body = file("subscriber-stack-url")
	template_url = file("subscriber-stack-url")

[dasfmi]

are you sure? this is how we used it in our testing.

[a-khaledf]

i don't think you need these if statements, the default args should work fine, right?

[dasfmi]

I think it didn't because the environment variables are empty string not an empty list

[a-khaledf]

I think a better check would be the destinationArn == functionArn?

[dasfmi]

This would check if the log group is subscribed to the same Forwarder, which is not the case. Here, we need to check if the log group has subscription for another/previous Forwarder and avoid overriding it. Not sure what is a good solution here.

@dominicchapman This is part of the mechanism of the Subscriber that tries to help the users overcome the limit size of permissions. Currently, when a Subscriber is checking which groups to add subscription on, it checks if there is any subscription filters on it, if there is already, it will skip it. This might not be what the users want since they might have subscriptions that send to other places, or maybe be they intend to have that log group forwarded to 2 different datasets, which they won't be able to do here. What's your thoughts?

[a-khaledf]

I think we should do something like

      AdvancedEventSelectors:
        - Name: "LogGroupCreationEvents"
          FieldSelectors:
            - Field: "eventSource"
              Equals:
                - "logs.amazonaws.com"
            - Field: "eventName"
              Equals:
                - "CreateLogGroup"

to decrease the risk of $$$

[dasfmi]

Added it, but still needs testing.

[dasfmi]

archiving this to keep it as a reference, moved work to #74