From a7b8b803ceaef0e9993f89737fa8176803b74204 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 27 Jun 2024 14:34:25 +0530 Subject: [PATCH 1/3] adding awso cf telemetry resources --- aws-observability/scripts/YamlToS3.sh | 2 +- ...mologic_observability.master.template.yaml | 127 ++++++++++++++++++ 2 files changed, 128 insertions(+), 1 deletion(-) diff --git a/aws-observability/scripts/YamlToS3.sh b/aws-observability/scripts/YamlToS3.sh index 7b5c7cf7..1089c653 100755 --- a/aws-observability/scripts/YamlToS3.sh +++ b/aws-observability/scripts/YamlToS3.sh @@ -50,7 +50,7 @@ fi # Upload all templates to sumologic-appdev-aws-sam-apps bucket with version information. if [[ ${AWS_PROFILE} == 'default' ]] then - export version=v2.8.0 + export version=v2.9.0 aws s3 cp apps/ s3://${bucket_name}/aws-observability-versions/${version}/ --recursive --include "*.template.yaml" --exclude '*.zip' --exclude '*.sh' --exclude 'apps/*/test/*' --exclude '*/test/*' --acl public-read --profile ${AWS_PROFILE} diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index ca4b1deb..4276c61b 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1cSumoLogicAccessKey - Section1dSumoLogicOrganizationId - Section1eSumoLogicResourceRemoveOnDeleteStack + - Section1fSumoLogicSendTelemetry - Label: default: "2. AWS Account Alias" @@ -87,6 +88,8 @@ Metadata: default: "Sumo Logic Organization Id" Section1eSumoLogicResourceRemoveOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1fSumoLogicSendTelemetry: + default: "Send telemetry to Sumo Logic" Section2aAccountAlias: default: "Alias for AWS Account Identification. Please leave this blank if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts." @@ -189,6 +192,13 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1fSumoLogicSendTelemetry: + AllowedValues: + - true + - false + Default: true + Description: "To send telemetry to Sumo Logic, set this parameter to True. Default is True." + Type: String Section2aAccountAlias: Type: String @@ -457,6 +467,9 @@ Conditions: # Condition for Stacks creation. Calling Nested Stack EveryTime to create FER and Metric Rule. If already present, marked as duplicate in Resource. install_overview_dashboards: !Equals [ !Ref Section3aInstallObservabilityApps, 'Yes' ] + # Condition for sending solution telemetry to sumo logic. + send_telemetry_to_sumo: !Equals [ !Ref Section1fSumoLogicSendTelemetry, 'true' ] + Mappings: CommonData: NestedTemplate: @@ -474,6 +487,120 @@ Mappings: ELBLogsSourceCategory: "aws/observability/clb/logs" Resources: + LambdaRole: + Condition: send_telemetry_to_sumo + Type: AWS::IAM::Role + DeletionPolicy: Retain + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: "Operations are performed across resources." + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + Path: / + Policies: + - PolicyName: LambdaExecutePolicies + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - lambda:InvokeFunction + - lambda:DeleteFunction + Resource: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:*TelemetryLambda*' + - PolicyName: BasicLambdaPolicies + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: "*" + - PolicyName: CloudFormationRead + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - cloudformation:Describe* + Resource: !Sub '${AWS::StackId}' + + TelemetryLambda: + Condition: send_telemetry_to_sumo + Type: AWS::Lambda::Function + DeletionPolicy: Retain + Properties: + Handler: lambda_function.lambda_handler + Runtime: python3.12 + Code: + S3Bucket: hsharma-codes + S3Key: 'telemetry.zip' + MemorySize: 128 + Timeout: 900 + Role: !GetAtt LambdaRole.Arn + + LambdaPermission: + Condition: send_telemetry_to_sumo + Type: 'AWS::Lambda::Permission' + # DeletionPolicy: Retain + Properties: + FunctionName: !GetAtt TelemetryLambda.Arn + Action: 'lambda:InvokeFunction' + Principal: 'cloudformation.amazonaws.com' + + Primerinvoke: + Condition: send_telemetry_to_sumo + Type: AWS::CloudFormation::CustomResource + Version: "1.0" + Properties: + ServiceToken: !GetAtt TelemetryLambda.Arn + Handler: lambda_function.lambda_handler + stackID: + Ref: "AWS::StackId" + sumoDeployment: + !Ref Section1aSumoLogicDeployment + sumoOrgId: + !Ref Section1dSumoLogicOrganizationId + solutionName: 'AWSO' + solutionVersion: 'v2.9.0' + deploymentSource: 'cloudFormation' + TelemetryEndpoint: "https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV24CA_LXFO0iHFPLWH8VaEczkwtk-GZYMlTG_Dl2CPQ6YNbmKXf9K3dZQ2aAjTREC_C3TECzVQc1XN7zw5CI5lIR4O4-uYsk4bTELB1MU57AQ==" + scanInterval: 60 + ToUpdate: + Fn::Base64: !Sub + - "${a}-${b}-${c}-${d}-${e}-${f}-${g}-${h}-${i}-${j}-${k}-${l}-${m}-${n}-${o}-${p}-${q}-${r}-${s}-${t}-${u}-${v}" + - a: !Ref Section2aAccountAlias + b: !Ref Section3aInstallObservabilityApps + c: !Ref Section4aCreateMetricsSourceOptions + d: !Ref Section4bMetricsNameSpaces + e: !Ref Section4cCloudWatchExistingSourceAPIUrl + f: !Ref Section5aAutoEnableS3LogsALBResourcesOptions + g: !Ref Section5bALBCreateLogSource + h: !Ref Section5cALBLogsSourceUrl + i: !Ref Section5dALBS3LogsBucketName + j: !Ref Section6aCreateCloudTrailLogSource + k: !Ref Section6bCloudTrailLogsSourceUrl + l: !Ref Section6cCloudTrailLogsBucketName + m: !Ref Section7aLambdaCreateCloudWatchLogsSourceOptions + n: !Ref Section7bLambdaCloudWatchLogsSourceUrl + o: !Ref Section7cAutoSubscribeLogGroupsOptions + p: !Ref Section7dAutoSubscribeLogGroupPattern + q: !Ref Section9aAutoEnableS3LogsELBResourcesOptions + r: !Ref Section9bELBCreateLogSource + s: !Ref Section9cELBLogsSourceUrl + t: !Ref Section9dELBS3LogsBucketName + u: !Ref Section10aAppInstallLocation + v: !FindInMap [CommonData, NestedTemplate, Version] + CreateCommonResources: Type: AWS::CloudFormation::Stack Properties: From 162d32b77af16bc655ccdb765be6aaedd84e4134 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 27 Jun 2024 17:07:45 +0530 Subject: [PATCH 2/3] deployed telemetry zip to multiple regions --- ...mologic_observability.master.template.yaml | 53 ++++++++++++++++++- 1 file changed, 51 insertions(+), 2 deletions(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 4276c61b..9b07950b 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -485,6 +485,55 @@ Mappings: InventorySourceCategory: "aws/observability/inventory" XraySourceCategory: "aws/observability/xray" ELBLogsSourceCategory: "aws/observability/clb/logs" + RegionMap: + us-east-1: + bucketname: appdevzipfiles-us-east-1 + us-east-2: + bucketname: appdevzipfiles-us-east-2 + us-west-1: + bucketname: appdevzipfiles-us-west-1 + us-west-2: + bucketname: appdevzipfiles-us-west-2 + ap-south-1: + bucketname: appdevzipfiles-ap-south-1 + ap-northeast-2: + bucketname: appdevzipfiles-ap-northeast-2 + ap-southeast-1: + bucketname: appdevzipfiles-ap-southeast-1 + ap-southeast-2: + bucketname: appdevzipfiles-ap-southeast-2 + ap-northeast-1: + bucketname: appdevzipfiles-ap-northeast-1 + ca-central-1: + bucketname: appdevzipfiles-ca-central-1 + eu-central-1: + bucketname: appdevzipfiles-eu-central-1 + eu-west-1: + bucketname: appdevzipfiles-eu-west-1 + eu-west-2: + bucketname: appdevzipfiles-eu-west-2 + eu-west-3: + bucketname: appdevzipfiles-eu-west-3 + eu-north-1: + bucketname: appdevzipfiles-eu-north-1s + sa-east-1: + bucketname: appdevzipfiles-sa-east-1 + ap-east-1: + bucketname: appdevzipfiles-ap-east-1s + af-south-1: + bucketname: appdevzipfiles-af-south-1s + eu-south-1: + bucketname: appdevzipfiles-eu-south-1 + me-south-1: + bucketname: appdevzipfiles-me-south-1s + me-central-1: + bucketname: appdevzipfiles-me-central-1 + eu-central-2: + bucketname: appdevzipfiles-eu-central-2ss + ap-northeast-3: + bucketname: appdevzipfiles-ap-northeast-3s + ap-southeast-3: + bucketname: appdevzipfiles-ap-southeast-3 Resources: LambdaRole: @@ -542,8 +591,8 @@ Resources: Handler: lambda_function.lambda_handler Runtime: python3.12 Code: - S3Bucket: hsharma-codes - S3Key: 'telemetry.zip' + S3Bucket: !FindInMap [ RegionMap, !Ref 'AWS::Region', bucketname ] + S3Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/telemetryv1.0.0.zip" MemorySize: 128 Timeout: 900 Role: !GetAtt LambdaRole.Arn From 79b5a214ef3ac2494d2667b856f3dd7394ed793e Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 27 Jun 2024 17:09:13 +0530 Subject: [PATCH 3/3] removing collection endpoint --- .../templates/sumologic_observability.master.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 9b07950b..1780ec23 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -622,7 +622,7 @@ Resources: solutionName: 'AWSO' solutionVersion: 'v2.9.0' deploymentSource: 'cloudFormation' - TelemetryEndpoint: "https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV24CA_LXFO0iHFPLWH8VaEczkwtk-GZYMlTG_Dl2CPQ6YNbmKXf9K3dZQ2aAjTREC_C3TECzVQc1XN7zw5CI5lIR4O4-uYsk4bTELB1MU57AQ==" + TelemetryEndpoint: "" scanInterval: 60 ToUpdate: Fn::Base64: !Sub