cds-snc · ben851 · Dec 11, 2024 · Dec 10, 2024
@@ -0,0 +1,99 @@
+import {
+  to = aws_cloudwatch_metric_stream.newrelic_metric_stream[0]
+  id = "newrelic-metric-stream-${var.env}"
+}
+
+import {
+  to = aws_config_configuration_recorder_status.newrelic_recorder_status[0]
+  id = var.aws_config_recorder_name
+}
+
+import {
+  to = aws_iam_policy.newrelic_aws_permissions[0]
+  id = "arn:aws:iam::${var.account_id}:policy/NewRelicCloudStreamReadPermissions-${var.env}"
+}
+
+import {
+  to = aws_iam_role.firehose_newrelic_role[0]
+  id = "firehose_newrelic_role_${var.env}"
+}
+
+import {
+  to = aws_iam_role.metric_stream_to_firehose[0]
+  id = "newrelic_metric_stream_to_firehose_role_${var.env}"
+}
+
+import {
+  to = aws_iam_role.newrelic_aws_role[0]
+  id = "NewRelicInfrastructure-Integrations-${var.env}"
+}
+
+import {
+  to = aws_iam_role.newrelic_configuration_recorder[0]
+  id = "newrelic_configuration_recorder-${var.env}"
+}
+
+import {
+  to = aws_iam_role_policy.metric_stream_to_firehose[0]
+  id = "newrelic_metric_stream_to_firehose_role_${var.env}:default"
+}
+
+import {
+  to = aws_iam_role_policy.newrelic_configuration_recorder_s3[0]
+  id = "newrelic_configuration_recorder-${var.env}:newrelic-configuration-recorder-s3-${var.env}"
+}
+
+import {
+  to = aws_iam_role_policy_attachment.newrelic_aws_policy_attach[0]
+  id = "NewRelicInfrastructure-Integrations-${var.env}/arn:aws:iam::aws:policy/ReadOnlyAccess"
+}
+
+import {
+  to = aws_iam_role_policy_attachment.newrelic_configuration_recorder[0]
+  id = "newrelic_configuration_recorder-${var.env}/arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
+}
+
+import {
+  to = aws_kinesis_firehose_delivery_stream.newrelic_firehose_stream[0]
+  id = "arn:aws:firehose:ca-central-1:${var.account_id}:deliverystream/newrelic_firehose_stream_${var.env}"
+}
+
+import {
+  to = aws_s3_bucket.newrelic_aws_bucket[0]
+  id = "newrelic-aws-bucket-${random_string.s3-bucket-name[0].id}"
+}
+
+import {
+  to = aws_s3_bucket.newrelic_configuration_recorder_s3[0]
+  id = "newrelic-configuration-recorder-${random_string.s3-bucket-name[0].id}"
+}
+
+import {
+  to = aws_s3_bucket_ownership_controls.newrelic_ownership_controls[0]
+  id = "newrelic-aws-bucket-${random_string.s3-bucket-name[0].id}"
+}
+
+import {
+  to = newrelic_api_access_key.newrelic_aws_access_key[0]
+  id = "5EA911F90B135B0D61DB4012CB0DC376CCC5017C98EB1688932254CDDAFD3443:USER"
+}
+
+import {
+  to = newrelic_cloud_aws_integrations.newrelic_cloud_integration_pull[0]
+  id = var.env == "dev" ? "242485" : "225924"
+}
+
+import {
+  to = newrelic_cloud_aws_link_account.newrelic_cloud_integration_pull[0]
+  id = var.env == "dev" ? "242485" : "225924"
+}
+
+import {
+  to = newrelic_cloud_aws_link_account.newrelic_cloud_integration_push[0]
+  id = var.env == "dev" ? "242484" : "225918"
+}
+
+import {
+  to = random_string.s3-bucket-name[0]
+  id = var.env == "dev" ? "fiskyzxf" : "9p5x8bkb"
+}
@@ -1,3 +1,9 @@
+provider "newrelic" {
+  account_id = var.new_relic_account_id
+  api_key    = var.new_relic_api_key
+  region     = "US"
+}
+
 data "aws_iam_policy_document" "newrelic_assume_policy" {
   count = var.enable_new_relic ? 1 : 0
 
@@ -19,14 +25,14 @@ data "aws_iam_policy_document" "newrelic_assume_policy" {
 }
 
 resource "aws_iam_role" "newrelic_aws_role" {
-  count              = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count              = var.enable_new_relic && var.env != "production" ? 1 : 0
   name               = "NewRelicInfrastructure-Integrations-${var.env}"
   description        = "New Relic Cloud integration role"
   assume_role_policy = data.aws_iam_policy_document.newrelic_assume_policy[0].json
 }
 
 resource "aws_iam_policy" "newrelic_aws_permissions" {
-  count       = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count       = var.enable_new_relic && var.env != "production" ? 1 : 0
   name        = "NewRelicCloudStreamReadPermissions-${var.env}"
   description = ""
   policy      = <<EOF
@@ -67,13 +73,13 @@ EOF
 }
 
 resource "aws_iam_role_policy_attachment" "newrelic_aws_policy_attach" {
-  count      = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count      = var.enable_new_relic && var.env != "production" ? 1 : 0
   role       = aws_iam_role.newrelic_aws_role[0].name
   policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
 }
 
 resource "newrelic_cloud_aws_link_account" "newrelic_cloud_integration_push" {
-  count                  = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count                  = var.enable_new_relic && var.env != "production" ? 1 : 0
   account_id             = var.new_relic_account_id
   arn                    = aws_iam_role.newrelic_aws_role[0].arn
   metric_collection_mode = "PUSH"
@@ -82,16 +88,15 @@ resource "newrelic_cloud_aws_link_account" "newrelic_cloud_integration_push" {
 }
 
 resource "newrelic_api_access_key" "newrelic_aws_access_key" {
-  count       = var.enable_new_relic && var.env == "staging" ? 1 : 0
-  account_id  = var.new_relic_account_id
-  key_type    = "INGEST"
-  ingest_type = "LICENSE"
-  name        = "Metric Stream Key for ${var.env}"
-  notes       = "AWS Cloud Integrations Metric Stream Key"
+  count      = var.enable_new_relic && var.env != "production" ? 1 : 0
+  account_id = var.new_relic_account_id
+  key_type   = "USER"
+  name       = "notify_tf_provider"
+  notes      = "Used by Notify Terraform Code to create New Relic Resources"
 }
 
 resource "aws_iam_role" "firehose_newrelic_role" {
-  count = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count = var.enable_new_relic && var.env != "production" ? 1 : 0
   name  = "firehose_newrelic_role_${var.env}"
 
   assume_role_policy = <<EOF
@@ -112,28 +117,28 @@ EOF
 }
 
 resource "random_string" "s3-bucket-name" {
-  count   = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count   = var.enable_new_relic && var.env != "production" ? 1 : 0
   length  = 8
-  special = false
-  upper   = false
+  special = true
+  upper   = true
 }
 
 resource "aws_s3_bucket" "newrelic_aws_bucket" {
-  count         = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count         = var.enable_new_relic && var.env != "production" ? 1 : 0
   bucket        = "newrelic-aws-bucket-${random_string.s3-bucket-name[0].id}"
   force_destroy = true
 }
 
 resource "aws_s3_bucket_ownership_controls" "newrelic_ownership_controls" {
-  count  = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count  = var.enable_new_relic && var.env != "production" ? 1 : 0
   bucket = aws_s3_bucket.newrelic_aws_bucket[0].id
   rule {
     object_ownership = "BucketOwnerEnforced"
   }
 }
 
 resource "aws_kinesis_firehose_delivery_stream" "newrelic_firehose_stream" {
-  count       = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count       = var.enable_new_relic && var.env != "production" ? 1 : 0
   name        = "newrelic_firehose_stream_${var.env}"
   destination = "http_endpoint"
   http_endpoint_configuration {
@@ -158,7 +163,7 @@ resource "aws_kinesis_firehose_delivery_stream" "newrelic_firehose_stream" {
 }
 
 resource "aws_iam_role" "metric_stream_to_firehose" {
-  count = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count = var.enable_new_relic && var.env != "production" ? 1 : 0
   name  = "newrelic_metric_stream_to_firehose_role_${var.env}"
 
   assume_role_policy = <<EOF
@@ -179,7 +184,7 @@ EOF
 }
 
 resource "aws_iam_role_policy" "metric_stream_to_firehose" {
-  count = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count = var.enable_new_relic && var.env != "production" ? 1 : 0
   name  = "default"
   role  = aws_iam_role.metric_stream_to_firehose[0].id
 
@@ -202,15 +207,15 @@ EOF
 
 resource "aws_cloudwatch_metric_stream" "newrelic_metric_stream" {
   # Disabled for now
-  count         = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count         = var.enable_new_relic && var.env != "production" ? 1 : 0
   name          = "newrelic-metric-stream-${var.env}"
   role_arn      = aws_iam_role.metric_stream_to_firehose[0].arn
   firehose_arn  = aws_kinesis_firehose_delivery_stream.newrelic_firehose_stream[0].arn
   output_format = "opentelemetry0.7"
 }
 
 resource "newrelic_cloud_aws_link_account" "newrelic_cloud_integration_pull" {
-  count                  = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count                  = var.enable_new_relic && var.env != "production" ? 1 : 0
   account_id             = var.new_relic_account_id
   arn                    = aws_iam_role.newrelic_aws_role[0].arn
   metric_collection_mode = "PULL"
@@ -219,22 +224,25 @@ resource "newrelic_cloud_aws_link_account" "newrelic_cloud_integration_pull" {
 }
 
 resource "newrelic_cloud_aws_integrations" "newrelic_cloud_integration_pull" {
-  count             = var.env == "staging" ? 1 : 0
+  count             = var.env != "production" ? 1 : 0
   account_id        = var.new_relic_account_id
   linked_account_id = newrelic_cloud_aws_link_account.newrelic_cloud_integration_pull[0].id
 
-  lambda {}
+  lambda {
+    fetch_tags               = true
+    metrics_polling_interval = 300
+  }
 
 }
 
 resource "aws_s3_bucket" "newrelic_configuration_recorder_s3" {
-  count         = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count         = var.enable_new_relic && var.env != "production" ? 1 : 0
   bucket        = "newrelic-configuration-recorder-${random_string.s3-bucket-name[0].id}"
   force_destroy = true
 }
 
 resource "aws_iam_role" "newrelic_configuration_recorder" {
-  count              = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count              = var.enable_new_relic && var.env != "production" ? 1 : 0
   name               = "newrelic_configuration_recorder-${var.env}"
   assume_role_policy = <<EOF
 {
@@ -254,7 +262,7 @@ EOF
 }
 
 resource "aws_iam_role_policy" "newrelic_configuration_recorder_s3" {
-  count = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count = var.enable_new_relic && var.env != "production" ? 1 : 0
   name  = "newrelic-configuration-recorder-s3-${var.env}"
   role  = aws_iam_role.newrelic_configuration_recorder[0].id
 
@@ -278,14 +286,14 @@ POLICY
 }
 
 resource "aws_iam_role_policy_attachment" "newrelic_configuration_recorder" {
-  count      = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count      = var.enable_new_relic && var.env != "production" ? 1 : 0
   role       = aws_iam_role.newrelic_configuration_recorder[0].name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
 }
 
 
 resource "aws_config_configuration_recorder_status" "newrelic_recorder_status" {
-  count      = var.enable_new_relic && var.env == "staging" ? 1 : 0
+  count      = var.enable_new_relic && var.env != "production" ? 1 : 0
   name       = var.aws_config_recorder_name
   is_enabled = true
 }
@@ -0,0 +1,9 @@
+variable "newrelic_account_region" {
+  type    = string
+  default = "US"
+
+  validation {
+    condition     = contains(["US", "EU"], var.newrelic_account_region)
+    error_message = "Valid values for region are 'US' or 'EU'."
+  }
+}