From a65fd1d2d8b92ec383cf5c26f9f8c69212129b64 Mon Sep 17 00:00:00 2001
From: jzonthemtn <jeff.zemerick@mtnfog.com>
Date: Mon, 20 Jan 2025 08:18:03 -0500
Subject: [PATCH] Adding OSI blueprint.

Signed-off-by: jzonthemtn <jeff.zemerick@mtnfog.com>
---
 osi/blueprint-terraform.yaml | 51 ++++++++++++++++++++++++++++++++++++
 osi/blueprint.yaml           | 33 +++++++++++++++--------
 osi/main.tf                  |  2 +-
 3 files changed, 74 insertions(+), 12 deletions(-)
 create mode 100644 osi/blueprint-terraform.yaml

diff --git a/osi/blueprint-terraform.yaml b/osi/blueprint-terraform.yaml
new file mode 100644
index 0000000..5e82dfd
--- /dev/null
+++ b/osi/blueprint-terraform.yaml
@@ -0,0 +1,51 @@
+version: "2"
+ubi-pipeline:
+  source:
+    http:
+      path: "/ubi"
+  processor:
+    - date:
+        from_time_received: true
+        destination: "@timestamp"
+  route:
+    - ubi-events: '/type == "event"'
+    - ubi-queries: '/type == "query"'
+  sink:
+    - opensearch:
+        hosts: ["https://${aws_opensearch_domain.opensearch_ubi.endpoint}"]
+        index: "ubi_events"
+        aws:
+          sts_role_arn: "${aws_iam_role.ubi.arn}"   
+          region: "${data.aws_region.current.name}"
+        routes: [ubi-events]
+    - s3:
+        aws:
+          sts_role_arn: "${aws_iam_role.ubi.arn}"
+          region: "${data.aws_region.current.name}"
+        bucket: "${aws_s3_bucket.ubi_queries_events_bucket.id}"
+        object_key:
+          path_prefix: ubi_events/
+        threshold:
+          event_collect_timeout: "60s"
+        codec:
+          ndjson:
+        routes: [ubi-events]
+    - opensearch:
+        hosts: ["https://${aws_opensearch_domain.opensearch_ubi.endpoint}"]
+        index: "ubi_queries"
+        aws:
+          sts_role_arn: "${aws_iam_role.ubi.arn}"   
+          region: "${data.aws_region.current.name}"
+        routes: [ubi-queries]
+    - s3:
+        aws:
+          sts_role_arn: "${aws_iam_role.ubi.arn}"
+          region: "${data.aws_region.current.name}"
+        bucket: "${aws_s3_bucket.ubi_queries_events_bucket.id}"
+        object_key:
+          path_prefix: ubi_queries/
+        threshold:
+          event_collect_timeout: "60s"
+        codec:
+          ndjson:
+        routes: [ubi-queries]
diff --git a/osi/blueprint.yaml b/osi/blueprint.yaml
index 5e82dfd..7bc685e 100644
--- a/osi/blueprint.yaml
+++ b/osi/blueprint.yaml
@@ -12,17 +12,24 @@ ubi-pipeline:
     - ubi-queries: '/type == "query"'
   sink:
     - opensearch:
-        hosts: ["https://${aws_opensearch_domain.opensearch_ubi.endpoint}"]
+        # Provide an AWS OpenSearch Service domain endpoint
+        hosts: [ "<<https://search-mydomain-1a2a3a4a5a6a7a8a9a0a9a8a7a.us-east-1.es.amazonaws.com>>" ]
         index: "ubi_events"
         aws:
-          sts_role_arn: "${aws_iam_role.ubi.arn}"   
-          region: "${data.aws_region.current.name}"
+          # Enable the 'serverless' flag if the sink is an Amazon OpenSearch Serverless collection
+          serverless: false
+          # Provide a Role ARN with access to the domain. This role should have a trust relationship with osis-pipelines.amazonaws.com
+          sts_role_arn: "<<arn:aws:iam::123456789012:role/Example-Role>>" 
+          # Provide the region of the domain.
+          region: "<<us-east-1>>"
         routes: [ubi-events]
     - s3:
         aws:
-          sts_role_arn: "${aws_iam_role.ubi.arn}"
-          region: "${data.aws_region.current.name}"
-        bucket: "${aws_s3_bucket.ubi_queries_events_bucket.id}"
+          # Provide a Role ARN with access to the bucket. This role should have a trust relationship with osis-pipelines.amazonaws.com
+          sts_role_arn: "<<arn:aws:iam::123456789012:role/Example-Role>>" 
+          # Provide the region of the domain.
+          region: "<<us-east-1>>"
+        bucket: "<<bucket-name>>"
         object_key:
           path_prefix: ubi_events/
         threshold:
@@ -34,14 +41,18 @@ ubi-pipeline:
         hosts: ["https://${aws_opensearch_domain.opensearch_ubi.endpoint}"]
         index: "ubi_queries"
         aws:
-          sts_role_arn: "${aws_iam_role.ubi.arn}"   
-          region: "${data.aws_region.current.name}"
+          # Provide a Role ARN with access to the bucket. This role should have a trust relationship with osis-pipelines.amazonaws.com
+          sts_role_arn: "<<arn:aws:iam::123456789012:role/Example-Role>>" 
+          # Provide the region of the domain.
+          region: "<<us-east-1>>"
         routes: [ubi-queries]
     - s3:
         aws:
-          sts_role_arn: "${aws_iam_role.ubi.arn}"
-          region: "${data.aws_region.current.name}"
-        bucket: "${aws_s3_bucket.ubi_queries_events_bucket.id}"
+          # Provide a Role ARN with access to the bucket. This role should have a trust relationship with osis-pipelines.amazonaws.com
+          sts_role_arn: "<<arn:aws:iam::123456789012:role/Example-Role>>" 
+          # Provide the region of the domain.
+          region: "<<us-east-1>>"
+        bucket: "<<bucket-name>>"
         object_key:
           path_prefix: ubi_queries/
         threshold:
diff --git a/osi/main.tf b/osi/main.tf
index 9955587..ed9c54e 100644
--- a/osi/main.tf
+++ b/osi/main.tf
@@ -128,7 +128,7 @@ resource "aws_s3_bucket" "ubi_queries_events_bucket" {
 
 resource "aws_osis_pipeline" "ubi_events_pipeline" {
   pipeline_name               = "ubi-pipeline"
-  pipeline_configuration_body = file("blueprint.yaml")
+  pipeline_configuration_body = file("blueprint-terraform.yaml")
   max_units                   = 1
   min_units                   = 1
   log_publishing_options {