From 7a6a63ea0064d572be9af55633d6b671a71f252c Mon Sep 17 00:00:00 2001 From: Pat Heard Date: Fri, 17 May 2024 14:33:52 -0400 Subject: [PATCH] feat: enable RDS Sentinel forwarding in Production (#1336) Send RDS postgresql logs that match the potentially malcious filters to Sentinel. Remove an `eks` module variable that is no longer used. --- .github/workflows/merge_to_main_production.yml | 2 +- .github/workflows/terragrunt_plan_production.yml | 2 +- aws/eks/variables.tf | 5 ----- 3 files changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/merge_to_main_production.yml b/.github/workflows/merge_to_main_production.yml index 550789a01..9170c4b1e 100644 --- a/.github/workflows/merge_to_main_production.yml +++ b/.github/workflows/merge_to_main_production.yml @@ -53,7 +53,7 @@ env: TF_VAR_pr_bot_app_id: ${{ secrets.NOTIFY_PR_BOT_APP_ID }} TF_VAR_pr_bot_private_key: ${{ secrets.NOTIFY_PR_BOT_PRIVATE_KEY }} TF_VAR_budget_sre_bot_webhook: ${{ secrets.PRODUCTION_BUDGET_SRE_BOT_WEBHOOK }} - TF_VAR_enable_sentinel_forwarding: false + TF_VAR_enable_sentinel_forwarding: true jobs: terraform-apply: diff --git a/.github/workflows/terragrunt_plan_production.yml b/.github/workflows/terragrunt_plan_production.yml index f77a9cb34..5135db590 100644 --- a/.github/workflows/terragrunt_plan_production.yml +++ b/.github/workflows/terragrunt_plan_production.yml @@ -48,7 +48,7 @@ env: TF_VAR_pr_bot_app_id: ${{ secrets.NOTIFY_PR_BOT_APP_ID }} TF_VAR_pr_bot_private_key: ${{ secrets.NOTIFY_PR_BOT_PRIVATE_KEY }} TF_VAR_budget_sre_bot_webhook: ${{ secrets.PRODUCTION_BUDGET_SRE_BOT_WEBHOOK }} - TF_VAR_enable_sentinel_forwarding: false + TF_VAR_enable_sentinel_forwarding: true jobs: terragrunt-plan-production: diff --git a/aws/eks/variables.tf b/aws/eks/variables.tf index 276a63078..5912ee36c 100644 --- a/aws/eks/variables.tf +++ b/aws/eks/variables.tf @@ -178,11 +178,6 @@ variable "route_53_zone_arn" { default = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" } -variable "enable_sentinel_forwarding" { - type = bool - description = "Flag to enable or disable log forwarding to sentinel." - default = false -} variable "enable_delete_protection" { type = bool description = "Flag to enable or disable delete protection on resources."