change splunk template

CHANGELOG.md

@@ -165,3 +165,10 @@
 * 1.15.5 -- 2022-05-27
   - iam-saml
     - add tags
+
+* 1.16.0 -- 2022-07-15
+  - change splunk template for
+    - cloudtrail
+    - config
+    - configrules
+    - description

cloudtrail/README.md

@@ -128,8 +128,8 @@ module "org_cloudtrail" {
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
 | <a name="provider_null"></a> [null](#provider\_null) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_template"></a> [template](#provider\_template) | n/a |
 
 ## Modules
@@ -158,9 +158,9 @@ No modules.
 | [aws_sqs_queue.cloudtrail_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
 | [aws_sqs_queue_policy.cloudtrail_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
 | [aws_sqs_queue_policy.cloudtrail_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
+| [local_file.splunk_cloudtrail](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [null_resource.policy_delay](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.splunk_cloudtrail](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_uuid.splunk_cloudtrail](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

cloudtrail/generate_splunk.cloudtrail.tf

@@ -4,28 +4,42 @@
 data "template_file" "splunk_cloudtrail" {
   template = file("${path.module}/templates/inputs.cloudtrail.conf.tpl")
   vars = {
-    account_id      = local.account_id
-    account_alias   = local.account_alias
-    entry_uuid      = random_uuid.splunk_cloudtrail.result
+    account_id    = local.account_id
+    account_alias = local.account_alias
+    #    entry_uuid      = random_uuid.splunk_cloudtrail.result
     region          = local.region
     cloudtrail_name = local.splunk_name
     queue_url       = var.enable_sqs ? aws_sqs_queue.cloudtrail[0].id : null
   }
 }
 
-resource "random_uuid" "splunk_cloudtrail" {
-  keepers = {
-    queue_url = var.enable_sqs ? aws_sqs_queue.cloudtrail[0].id : null
-  }
-}
+# resource "random_uuid" "splunk_cloudtrail" {
+#   keepers = {
+#     queue_url = var.enable_sqs ? aws_sqs_queue.cloudtrail[0].id : null
+#   }
+# }
 
 resource "null_resource" "splunk_cloudtrail" {
-  count = var.enable_sqs ? 1 : 0
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
+  triggers = {
+    filename  = format("inputs.%v.%v-%v.%v.conf", local.splunk_name, local.account_id, local.account_alias, local.region)
+    directory = format("%v/setup", path.root)
   }
+  count = var.enable_sqs ? 1 : 0
+
   provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk_cloudtrail.rendered}' > inputs.${local.splunk_name}.${local.account_id}.${local.region}.conf"
+    command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
   }
+
+  #  provisioner "local-exec" {
+  #    working_dir = "setup"
+  #    command     = "echo '${data.template_file.splunk_cloudtrail.rendered}' > inputs.${local.splunk_name}.${local.account_id}.${local.region}.conf"
+  #  }
+}
+
+resource "local_file" "splunk_cloudtrail" {
+  count = var.enable_sqs ? 1 : 0
+
+  content         = data.template_file.splunk_cloudtrail.rendered
+  file_permission = "0644"
+  filename        = format("%v/%v", null_resource.splunk_cloudtrail.triggers.directory, null_resource.splunk_cloudtrail.triggers.filename)
 }

cloudtrail/templates/inputs.cloudtrail.conf.tpl

@@ -1,5 +1,5 @@
-[aws_sqs_based_s3://${account_alias}-${cloudtrail_name}-${region}]
-account = ${account_alias}
+[aws_sqs_based_s3://${account_id}-${account_alias}-${cloudtrail_name}-${region}]
+account = ${account_id}-${account_alias}
 index = aws
 polling_interval = 300
 s3_file_decoder = CloudTrail

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.15.5"
+  _module_version = "1.16.0"
 }

config/README.md

@@ -33,8 +33,8 @@ No requirements.
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
 | <a name="provider_null"></a> [null](#provider\_null) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_template"></a> [template](#provider\_template) | n/a |
 
 ## Modules
@@ -66,10 +66,10 @@ No modules.
 | [aws_sqs_queue.config_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
 | [aws_sqs_queue_policy.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
 | [aws_sqs_queue_policy.config_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
+| [local_file.splunk_config](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.splunk_configrules](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [null_resource.splunk_config](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.splunk_configrules](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_uuid.splunk_config](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
-| [random_uuid.splunk_configrules](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy.aws_config_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |

config/generate_splunk.config.tf

@@ -6,24 +6,41 @@ data "template_file" "splunk_config" {
   vars = {
     account_id    = local.account_id
     account_alias = local.account_alias
-    entry_uuid    = random_uuid.splunk_config.result
-    region        = local.config_region
-    queue_url     = aws_sqs_queue.config.id
-  }
-}
-
-resource "random_uuid" "splunk_config" {
-  keepers = {
+    #    entry_uuid    = random_uuid.splunk_config.result
+    region    = local.config_region
     queue_url = aws_sqs_queue.config.id
   }
 }
 
+# resource "random_uuid" "splunk_config" {
+#   keepers = {
+#     queue_url = aws_sqs_queue.config.id
+#   }
+# }
+# 
+# resource "null_resource" "splunk_config" {
+#   provisioner "local-exec" {
+#     command = "test -d setup || mkdir setup"
+#   }
+#   provisioner "local-exec" {
+#     working_dir = "setup"
+#     command     = "echo '${data.template_file.splunk_config.rendered}' > inputs.config.${local.account_id}.${local.config_region}.conf"
+#   }
+# }
+
 resource "null_resource" "splunk_config" {
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
+  triggers = {
+    filename  = format("inputs.config.%v-%v.%v.conf", local.account_id, local.account_alias, local.region)
+    directory = format("%v/setup", path.root)
   }
+
   provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk_config.rendered}' > inputs.config.${local.account_id}.${local.config_region}.conf"
+    command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
   }
 }
+
+resource "local_file" "splunk_config" {
+  content         = data.template_file.splunk_config.rendered
+  file_permission = "0644"
+  filename        = format("%v/%v", null_resource.splunk_config.triggers.directory, null_resource.splunk_config.triggers.filename)
+}

config/generate_splunk.config_rules.tf

@@ -6,23 +6,40 @@ data "template_file" "splunk_configrules" {
   vars = {
     account_id    = local.account_id
     account_alias = local.account_alias
-    entry_uuid    = random_uuid.splunk_configrules.result
-    region        = local.config_region
+    #    entry_uuid    = random_uuid.splunk_configrules.result
+    region = local.config_region
   }
 }
 
-resource "random_uuid" "splunk_configrules" {
-  keepers = {
-    config_rule = length(local.all_crules) > 0 ? 1 : 0
-  }
-}
+# resource "random_uuid" "splunk_configrules" {
+#   keepers = {
+#     config_rule = length(local.all_crules) > 0 ? 1 : 0
+#   }
+# }
+
+# resource "null_resource" "splunk_configrules" {
+#   provisioner "local-exec" {
+#     command = "test -d setup || mkdir setup"
+#   }
+#   provisioner "local-exec" {
+#     working_dir = "setup"
+#     command     = "echo '${data.template_file.splunk_configrules.rendered}' > aws_config_rules_tasks.${local.account_id}.${local.config_region}.conf"
+#   }
+# }
 
 resource "null_resource" "splunk_configrules" {
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
+  triggers = {
+    filename  = format("aws_config_rules_tasks.%v-%v.%v.conf", local.account_id, local.account_alias, local.region)
+    directory = format("%v/setup", path.root)
   }
+
   provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk_configrules.rendered}' > aws_config_rules_tasks.${local.account_id}.${local.config_region}.conf"
+    command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
   }
 }
+
+resource "local_file" "splunk_configrules" {
+  content         = data.template_file.splunk_configrules.rendered
+  file_permission = "0644"
+  filename        = format("%v/%v", null_resource.splunk_configrules.triggers.directory, null_resource.splunk_configrules.triggers.filename)
+}

config/templates/aws_config_rules_tasks.conf.tpl

@@ -1,6 +1,5 @@
-##[${account_alias}-configrules-${region}_${entry_uuid}]
-[${account_alias}-configrules-${region}]
-account = ${account_alias}
+[${account_id}-${account_alias}-configrules-${region}]
+account = ${account_id}-${account_alias}
 index = aws
 polling_interval = 3600
 region = ${region}

config/templates/inputs.config.conf.tpl

@@ -1,9 +1,10 @@
-[aws_sqs_based_s3://${account_alias}-config-${region}]
-account = ${account_alias}
+[aws_sqs_based_s3://${account_id}-${account_alias}-config-${region}]
+account = ${account_id}-${account_alias}
 index = aws
 polling_interval = 300
 s3_file_decoder = Config
 sourcetype = aws:config
 sqs_batch_size = 10
 sqs_queue_region = ${region}
 sqs_queue_url = ${queue_url}
+

splunk-description/README.md

@@ -26,8 +26,8 @@ No requirements.
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
 | <a name="provider_null"></a> [null](#provider\_null) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_template"></a> [template](#provider\_template) | n/a |
 
 ## Modules
@@ -38,8 +38,8 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [local_file.splunk_description](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [null_resource.splunk_description](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_uuid.splunk_description](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

splunk-description/generate_splunk.description.tf

@@ -10,25 +10,43 @@ data "template_file" "splunk_description" {
   vars = {
     account_id    = local.account_id
     account_alias = local.account_alias
-    entry_uuid    = random_uuid.splunk_description.result
-    region        = local.region
-    api_list      = join(",", local.api_values)
+    #    entry_uuid    = random_uuid.splunk_description.result
+    region   = local.region
+    api_list = join(",", local.api_values)
   }
 }
 
-resource "random_uuid" "splunk_description" {
-  keepers = {
-    description = length(local.api_list) > 0 ? 1 : 0
-  }
-}
+# resource "random_uuid" "splunk_description" {
+#   keepers = {
+#     description = length(local.api_list) > 0 ? 1 : 0
+#   }
+# }
+# 
+# resource "null_resource" "splunk_description" {
+#   count = length(local.api_list) > 0 ? 1 : 0
+#   provisioner "local-exec" {
+#     command = "test -d setup || mkdir setup"
+#   }
+#   provisioner "local-exec" {
+#     working_dir = "setup"
+#     command     = "echo '${data.template_file.splunk_description.rendered}' > ${local.template_prefix}.${local.account_id}.${local.region}.conf"
+#   }
+# }
+
 
 resource "null_resource" "splunk_description" {
-  count = length(local.api_list) > 0 ? 1 : 0
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
+  triggers = {
+    filename  = format("%v.%v-%v.%v.conf", local.template_prefix, local.account_id, local.account_alias, local.region)
+    directory = format("%v/setup", path.root)
   }
+
   provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk_description.rendered}' > ${local.template_prefix}.${local.account_id}.${local.region}.conf"
+    command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
   }
 }
+
+resource "local_file" "splunk_description" {
+  content         = data.template_file.splunk_description.rendered
+  file_permission = "0644"
+  filename        = format("%v/%v", null_resource.splunk_description.triggers.directory, null_resource.splunk_description.triggers.filename)
+}

splunk-description/templates/aws_description_tasks.conf.tpl

@@ -1,6 +1,7 @@
-[${account_alias}-description-${region}]
-account = ${account_alias}
+[${account_id}-${account_alias}-description-${region}]
+account = ${account_id}-${account_alias}
 apis = ${api_list}
 index = aws
 regions = ${region}
 sourcetype = aws:description
+