Skip to content

Commit

Permalink
set a new condition SetForwarderBucket so that some resources could b…
Browse files Browse the repository at this point in the history
…e created based on this condition (#785)
  • Loading branch information
perzycharles authored May 14, 2024
1 parent 84c542a commit 00ccbe0
Showing 1 changed file with 43 additions and 26 deletions.
69 changes: 43 additions & 26 deletions aws/logs_monitoring/template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -433,6 +433,13 @@ Conditions:
- Fn::Equals:
- Ref: ReservedConcurrency
- ""
SetForwarderBucket:
Fn::Or:
- Condition: CreateS3Bucket
- Fn::Not:
- Fn::Equals:
- Ref: DdForwarderExistingBucketName
- ""
Rules:
MustSetDdApiKey:
Assertions:
Expand Down Expand Up @@ -561,7 +568,10 @@ Resources:
- Ref: DdPort
- Ref: AWS::NoValue
DD_STORE_FAILED_EVENTS:
Ref: DdStoreFailedEvents
Fn::If:
- SetForwarderBucket
- Ref: DdStoreFailedEvents
- Ref: AWS::NoValue
REDACT_IP:
Fn::If:
- SetRedactIp
Expand Down Expand Up @@ -702,33 +712,39 @@ Resources:
Version: "2012-10-17"
Statement:
# Access the s3 bucket that is used by the forwarder as a datastore
- Action:
- s3:GetObject
- s3:PutObject
- s3:DeleteObject
- s3:ListBucket
Resource:
- Fn::If:
- CreateS3Bucket
- Fn::Join:
- "/"
- - Fn::GetAtt: ForwarderBucket.Arn
- "*"
- Fn::Sub: "arn:aws:s3:::${DdForwarderExistingBucketName}/*"
Effect: Allow
- Fn::If:
- SetForwarderBucket
- Action:
- s3:GetObject
- s3:PutObject
- s3:DeleteObject
- s3:ListBucket
Resource:
- Fn::If:
- CreateS3Bucket
- Fn::Join:
- "/"
- - Fn::GetAtt: ForwarderBucket.Arn
- "*"
- Fn::Sub: "arn:aws:s3:::${DdForwarderExistingBucketName}/*"
Effect: Allow
- Ref: AWS::NoValue
# Get the actual log content from the s3 bucket based on the received s3 event.
# Use PermissionsBoundaryArn to limit (allow/deny) access if needed.
- Action:
- s3:ListBucket
Resource:
- Fn::If:
- CreateS3Bucket
- Fn::GetAtt: ForwarderBucket.Arn
- Fn::Sub: "arn:aws:s3:::${DdForwarderExistingBucketName}"
Condition:
StringLike:
s3:prefix: "retry/*"
Effect: Allow
- Fn::If:
- SetForwarderBucket
- Action:
- s3:ListBucket
Resource:
- Fn::If:
- CreateS3Bucket
- Fn::GetAtt: ForwarderBucket.Arn
- Fn::Sub: "arn:aws:s3:::${DdForwarderExistingBucketName}"
Condition:
StringLike:
s3:prefix: "retry/*"
Effect: Allow
- Ref: AWS::NoValue
- Action:
- s3:GetObject
Resource: "*"
Expand Down Expand Up @@ -1074,6 +1090,7 @@ Outputs:
Fn::Sub: ${AWS::StackName}-ApiKeySecretArn
Condition: CreateDdApiKeySecret
ForwarderBucketName:
Condition: SetForwarderBucket
Description: Name of the S3 bucket used by the Forwarder
Value:
Fn::If:
Expand Down

0 comments on commit 00ccbe0

Please sign in to comment.