move splunk generation to its own files

config/README.md

@@ -62,8 +62,10 @@ No modules.
 | [aws_sqs_queue.config_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
 | [aws_sqs_queue_policy.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
 | [aws_sqs_queue_policy.config_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
-| [null_resource.splunk](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_uuid.splunk](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
+| [null_resource.splunk_config](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.splunk_configrules](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [random_uuid.splunk_config](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
+| [random_uuid.splunk_configrules](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy.aws_config_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
@@ -73,7 +75,8 @@ No modules.
 | [aws_iam_policy_document.config_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.config_sqs_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-| [template_file.splunk](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
+| [template_file.splunk_config](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
+| [template_file.splunk_configrules](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 
 ## Inputs
 

config/config_rules.tf

@@ -55,32 +55,3 @@ resource "aws_config_config_rule" "config_rules_stopped" {
   input_parameters            = each.value.parameter
   depends_on                  = [aws_config_configuration_recorder.config]
 }
-
-#---
-# generate splunk inputs file
-#---
-data "template_file" "splunk" {
-  template = file("${path.module}/templates/aws_config_rules_tasks.conf.tpl")
-  vars = {
-    account_id    = local.account_id
-    account_alias = local.account_alias
-    entry_uuid    = random_uuid.splunk.result
-    region        = local.config_region
-  }
-}
-
-resource "random_uuid" "splunk" {
-  keepers = {
-    config_rule = length(local.all_crules) > 0 ? 1 : 0
-  }
-}
-
-resource "null_resource" "splunk" {
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
-  }
-  provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk.rendered}' > aws_config_rules_tasks.${local.config_region}.conf"
-  }
-}

config/generate_splunk.config.tf

@@ -0,0 +1,29 @@
+#---
+# generate splunk inputs file
+#---
+data "template_file" "splunk_config" {
+  template = file("${path.module}/templates/inputs.config.conf.tpl")
+  vars = {
+    account_id    = local.account_id
+    account_alias = local.account_alias
+    entry_uuid    = random_uuid.splunk.result
+    region        = local.config_region
+    queue_url     = aws_sqs_queue.config.id
+  }
+}
+
+resource "random_uuid" "splunk_config" {
+  keepers = {
+    queue_url = aws_sqs_queue.config.id
+  }
+}
+
+resource "null_resource" "splunk_config" {
+  provisioner "local-exec" {
+    command = "test -d setup || mkdir setup"
+  }
+  provisioner "local-exec" {
+    working_dir = "setup"
+    command     = "echo '${data.template_file.splunk_config.rendered}' > inputs.config.${local.account_id}.${local.config_region}.conf"
+  }
+}

config/generate_splunk.config_rules.tf

@@ -0,0 +1,28 @@
+#---
+# generate splunk inputs file
+#---
+data "template_file" "splunk_configrules" {
+  template = file("${path.module}/templates/aws_config_rules_tasks.conf.tpl")
+  vars = {
+    account_id    = local.account_id
+    account_alias = local.account_alias
+    entry_uuid    = random_uuid.splunk.result
+    region        = local.config_region
+  }
+}
+
+resource "random_uuid" "splunk_configrules" {
+  keepers = {
+    config_rule = length(local.all_crules) > 0 ? 1 : 0
+  }
+}
+
+resource "null_resource" "splunk_configrules" {
+  provisioner "local-exec" {
+    command = "test -d setup || mkdir setup"
+  }
+  provisioner "local-exec" {
+    working_dir = "setup"
+    command     = "echo '${data.template_file.splunk_configrules.rendered}' > aws_config_rules_tasks.${local.account_id}.${local.config_region}.conf"
+  }
+}

config/templates/inputs.config.conf.tpl

@@ -0,0 +1,9 @@
+[aws_sqs_based_s3://${account_alias}-config-${region}]
+account = ${account_alias}
+index = aws
+polling_interval = 300
+s3_file_decoder = Config
+sourcetype = aws:config
+sqs_batch_size = 10
+sqs_queue_region = ${region}
+sqs_queue_url = ${queue_url}