-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy pathamazon_monitor_us.tf
198 lines (160 loc) · 6.84 KB
/
amazon_monitor_us.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
terraform {
# Require Terraform version 0.15.x (recommended)
required_version = "~> 0.15.0"
required_providers {
site24x7 = {
source = "site24x7/site24x7"
# Update the latest version from https://registry.terraform.io/providers/site24x7/site24x7/latest
}
}
}
// Authentication API doc - https://www.site24x7.com/help/api/#authentication
provider "site24x7" {
// (Security recommendation - It is always best practice to store your credentials in a Vault of your choice.)
// (Required) The client ID will be looked up in the SITE24X7_OAUTH2_CLIENT_ID
// environment variable if the attribute is empty or omitted.
oauth2_client_id = "<SITE24X7_OAUTH2_CLIENT_ID>"
// (Security recommendation - It is always best practice to store your credentials in a Vault of your choice.)
// (Required) The client secret will be looked up in the SITE24X7_OAUTH2_CLIENT_SECRET
// environment variable if the attribute is empty or omitted.
oauth2_client_secret = "<SITE24X7_OAUTH2_CLIENT_SECRET>"
// (Security recommendation - It is always best practice to store your credentials in a Vault of your choice.)
// (Required) The refresh token will be looked up in the SITE24X7_OAUTH2_REFRESH_TOKEN
// environment variable if the attribute is empty or omitted.
oauth2_refresh_token = "<SITE24X7_OAUTH2_REFRESH_TOKEN>"
// (Required) Specify the data center from which you have obtained your
// OAuth client credentials and refresh token. It can be (US/EU/IN/AU/CN/JP/CA).
data_center = "US"
// (Optional) ZAAID of the customer under a MSP or BU
zaaid = "1234"
// (Optional) The minimum time to wait in seconds before retrying failed Site24x7 API requests.
retry_min_wait = 1
// (Optional) The maximum time to wait in seconds before retrying failed Site24x7 API
// requests. This is the upper limit for the wait duration with exponential
// backoff.
retry_max_wait = 30
// (Optional) Maximum number of Site24x7 API request retries to perform until giving up.
max_retries = 4
}
# Require aws provider
provider "aws" {
version = "~> 2.0"
region = "us-east-1"
}
# resource and data block to define AWS IAM Role with the name Site24x7Infrastructure-Integrations
resource "aws_iam_role" "site24x7" {
assume_role_policy = data.aws_iam_policy_document.assume_role.json
name = "Site24x7Infrastructure-Integrations"
}
# IAM role policy attachment
resource "aws_iam_role_policy_attachment" "read_only_access" {
policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
role = aws_iam_role.site24x7.name
}
# IAM role policy definition
data "aws_iam_policy_document" "assume_role" {
statement {
actions = [
"sts:AssumeRole"
]
condition {
test = "StringEquals"
values = [
data.site24x7_aws_external_id.s247aws.id
]
variable = "sts:ExternalId"
}
effect = "Allow"
# Site24x7 AWS account details
principals {
identifiers = [
"949777495771"
]
type = "AWS"
}
}
}
resource "site24x7_amazon_monitor" "aws_monitor_basic" {
// (Required) Display name for the monitor
display_name = "aws_added_via_terraform"
// (Security recommendation - It is always best practice to store your credentials in a Vault of your choice.)
// (Required) External ID for the AWS account
external_id = data.site24x7_aws_external_id.s247aws.id
// (Security recommendation - It is always best practice to store your credentials in a Vault of your choice.)
// (Required) AWS Role ARN
role_arn = data.aws_iam_role.role_arn.arn
// (Optional) AWS discover frequency
aws_discovery_frequency = 5
// (Optional) AWS services to discover. See https://www.site24x7.com/help/api/#aws_discover_services
// for knowing service ID.
aws_discover_services = [1,2,3,4,5,6,8,11,14,15,16,17,18,19,20,21,22,23,25,27,29,30,31,32,33,34,35,38,39,40,41,42,43,45,46,49,48,47,53,59,56,57,58,60,61,62,63,65,66,69,70,68,75,76,79,82,83,85,87,92,95,88]
}
// Site24x7 Amazon Monitor API doc - https://www.site24x7.com/help/api/#amazon-webservice-monitor
resource "site24x7_amazon_monitor" "aws_monitor_site24x7" {
// (Required) Display name for the monitor
display_name = "aws_added_via_terraform"
// (Security recommendation - It is always best practice to store your credentials in a Vault of your choice.)
// (Required) External ID for the AWS account
external_id = data.site24x7_aws_external_id.s247aws.id
// (Security recommendation - It is always best practice to store your credentials in a Vault of your choice.)
// (Required) AWS Role ARN
role_arn = data.aws_iam_role.role_arn.arn
// (Optional) AWS discover frequency
aws_discovery_frequency = 5
// (Optional) AWS services to discover. See https://www.site24x7.com/help/api/#aws_discover_services
// for knowing service ID.
aws_discover_services = [1]
// (Optional) Name of the notification profile that has to be associated with the monitor.
// Profile name matching works for both exact and partial match.
// Either specify notification_profile_id or notification_profile_name.
// If notification_profile_id and notification_profile_name are omitted,
// the first profile returned by the /api/notification_profiles endpoint
// (https://www.site24x7.com/help/api/#list-notification-profiles) will be
// used.
notification_profile_name = "Terraform Profile"
// (Optional) List if user group IDs to be notified on down.
// Either specify user_group_ids or user_group_names. If omitted, the
// first user group returned by the /api/user_groups endpoint
// (https://www.site24x7.com/help/api/#list-of-all-user-groups) will be used.
user_group_ids = [
"123",
]
// (Optional) List if user group names to be notified on down.
// Either specify user_group_ids or user_group_names. If omitted, the
// first user group returned by the /api/user_groups endpoint
// (https://www.site24x7.com/help/api/#list-of-all-user-groups) will be used.
user_group_names = [
"Terraform",
"Network",
"Admin",
]
// (Optional) List if tag IDs to be associated to the monitor.
tag_ids = [
"123",
]
// (Optional) List of tag names to be associated to the monitor. Tag name matching works for both exact and
// partial match. Either specify tag_ids or tag_names.
tag_names = [
"Terraform",
"Network",
]
// (Optional) List of Third Party Service IDs to be associated to the monitor.
third_party_service_ids = [
"4567"
]
}
# Data block to get the site24x7 external ID and Role ARN details
data "site24x7_aws_external_id" "s247aws" {}
// Displays AWS External ID
output "s247_external_id" {
description = "AWS External ID : "
value = data.site24x7_aws_external_id.s247aws.id
}
data "aws_iam_role" "role_arn" {
name = aws_iam_role.site24x7.name
}
// Displays AWS Role ARN
output "rolearn" {
description = "AWS rolearn : "
value = data.aws_iam_role.role_arn.arn
}