From ea06ca7b2c8021b62cc8aad1f57725ff9041e61c Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 24 May 2021 09:51:57 -0400
Subject: [PATCH] move splunk generation to its own files

---
 config/README.md                        |  9 +++++---
 config/config_rules.tf                  | 29 -------------------------
 config/generate_splunk.config.tf        | 29 +++++++++++++++++++++++++
 config/generate_splunk.config_rules.tf  | 28 ++++++++++++++++++++++++
 config/templates/inputs.config.conf.tpl |  9 ++++++++
 5 files changed, 72 insertions(+), 32 deletions(-)
 create mode 100644 config/generate_splunk.config.tf
 create mode 100644 config/generate_splunk.config_rules.tf
 create mode 100644 config/templates/inputs.config.conf.tpl

diff --git a/config/README.md b/config/README.md
index fd5022d..cec56d1 100644
--- a/config/README.md
+++ b/config/README.md
@@ -62,8 +62,10 @@ No modules.
 | [aws_sqs_queue.config_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
 | [aws_sqs_queue_policy.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
 | [aws_sqs_queue_policy.config_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
-| [null_resource.splunk](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_uuid.splunk](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
+| [null_resource.splunk_config](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.splunk_configrules](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [random_uuid.splunk_config](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
+| [random_uuid.splunk_configrules](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy.aws_config_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
@@ -73,7 +75,8 @@ No modules.
 | [aws_iam_policy_document.config_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.config_sqs_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-| [template_file.splunk](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
+| [template_file.splunk_config](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
+| [template_file.splunk_configrules](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 
 ## Inputs
 
diff --git a/config/config_rules.tf b/config/config_rules.tf
index 1608a2e..a1e8413 100644
--- a/config/config_rules.tf
+++ b/config/config_rules.tf
@@ -55,32 +55,3 @@ resource "aws_config_config_rule" "config_rules_stopped" {
   input_parameters            = each.value.parameter
   depends_on                  = [aws_config_configuration_recorder.config]
 }
-
-#---
-# generate splunk inputs file
-#---
-data "template_file" "splunk" {
-  template = file("${path.module}/templates/aws_config_rules_tasks.conf.tpl")
-  vars = {
-    account_id    = local.account_id
-    account_alias = local.account_alias
-    entry_uuid    = random_uuid.splunk.result
-    region        = local.config_region
-  }
-}
-
-resource "random_uuid" "splunk" {
-  keepers = {
-    config_rule = length(local.all_crules) > 0 ? 1 : 0
-  }
-}
-
-resource "null_resource" "splunk" {
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
-  }
-  provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk.rendered}' > aws_config_rules_tasks.${local.config_region}.conf"
-  }
-}
diff --git a/config/generate_splunk.config.tf b/config/generate_splunk.config.tf
new file mode 100644
index 0000000..25b9087
--- /dev/null
+++ b/config/generate_splunk.config.tf
@@ -0,0 +1,29 @@
+#---
+# generate splunk inputs file
+#---
+data "template_file" "splunk_config" {
+  template = file("${path.module}/templates/inputs.config.conf.tpl")
+  vars = {
+    account_id    = local.account_id
+    account_alias = local.account_alias
+    entry_uuid    = random_uuid.splunk.result
+    region        = local.config_region
+    queue_url     = aws_sqs_queue.config.id
+  }
+}
+
+resource "random_uuid" "splunk_config" {
+  keepers = {
+    queue_url = aws_sqs_queue.config.id
+  }
+}
+
+resource "null_resource" "splunk_config" {
+  provisioner "local-exec" {
+    command = "test -d setup || mkdir setup"
+  }
+  provisioner "local-exec" {
+    working_dir = "setup"
+    command     = "echo '${data.template_file.splunk_config.rendered}' > inputs.config.${local.account_id}.${local.config_region}.conf"
+  }
+}
diff --git a/config/generate_splunk.config_rules.tf b/config/generate_splunk.config_rules.tf
new file mode 100644
index 0000000..864da68
--- /dev/null
+++ b/config/generate_splunk.config_rules.tf
@@ -0,0 +1,28 @@
+#---
+# generate splunk inputs file
+#---
+data "template_file" "splunk_configrules" {
+  template = file("${path.module}/templates/aws_config_rules_tasks.conf.tpl")
+  vars = {
+    account_id    = local.account_id
+    account_alias = local.account_alias
+    entry_uuid    = random_uuid.splunk.result
+    region        = local.config_region
+  }
+}
+
+resource "random_uuid" "splunk_configrules" {
+  keepers = {
+    config_rule = length(local.all_crules) > 0 ? 1 : 0
+  }
+}
+
+resource "null_resource" "splunk_configrules" {
+  provisioner "local-exec" {
+    command = "test -d setup || mkdir setup"
+  }
+  provisioner "local-exec" {
+    working_dir = "setup"
+    command     = "echo '${data.template_file.splunk_configrules.rendered}' > aws_config_rules_tasks.${local.account_id}.${local.config_region}.conf"
+  }
+}
diff --git a/config/templates/inputs.config.conf.tpl b/config/templates/inputs.config.conf.tpl
new file mode 100644
index 0000000..cf0e4d1
--- /dev/null
+++ b/config/templates/inputs.config.conf.tpl
@@ -0,0 +1,9 @@
+[aws_sqs_based_s3://${account_alias}-config-${region}]
+account = ${account_alias}
+index = aws
+polling_interval = 300
+s3_file_decoder = Config
+sourcetype = aws:config
+sqs_batch_size = 10
+sqs_queue_region = ${region}
+sqs_queue_url = ${queue_url}