update docs

flowlogs/README.md

@@ -1,7 +1,22 @@
 # About aws-vpc-setup :: flowlogs
 
 This submodule creates VPC flow logs.  It creates one for private and one for public subnets.  Run this once
-per VPC.  You will need to run the flow logs role once before (aws-vpc-setup/flowlogs-role)
+per VPC.  You will need to run the flow logs role once before (aws-vpc-setup/flowlogs-role).
+
+This also creates cloudwatch logs and cloudwatch streams (Kinesis), and drops a configuration file in `setup/`
+to be used in Splunk. Distribute this configuration to the splunk team for flowlog ingestion.
+
+```
+# setup/aws_kinesis_tasks.lgs-vpc2-dice-dev.conf
+[ma6-gov-flowlogs-us-gov-east-1_lg-vpc2-dice-dev]
+account = ma6-gov
+format = CloudWatchLogs
+index = aws_vpc_flow_logs
+region = us-gov-east-1
+sourcetype = aws:cloudwatchlogs:vpcflow
+init_stream_position = LATEST
+stream_names = lgs-vpc2-dice-dev
+```
 
 # Usage
 
@@ -13,14 +28,12 @@ module "flowlogs" {
   account_alias        = "ma6-gov"
   public_subnets_ids   = module.subnets.public_subnets_ids
   private_subnets_ids  = module.subnets.private_subnets_ids
-  flowlog_bucket_arn   = {flowlog-s3-bucket-arn}
-  flowlog_role_arn     = {flowlog-role-arn}
-
-  # optional
-  public_subnet_ids    = [ for s in module.subnets.public_subnets_ids : s.id ]
-  private_subnet_ids   = [ for s in module.subnets.private_subnets_ids : s.id ]
-  vpc_name             = var.vpc_name
-  vpc_short_name       = var.vpc_short_name
+  flowlog_bucket_arn   = data.terraform_remote_state.common.infrastructure_east.flowlogs_arn
+  flowlog_role_arn     = data.terraform_remote_state.common.outputs.role_flowlogs_arn
+
+  ## optional
+  # public_subnet_ids    = [ for s in module.subnets.public_subnets_ids : s.id ]
+  # private_subnet_ids   = [ for s in module.subnets.private_subnets_ids : s.id ]
 
   tags = {}
 }

flowlogs/main.tf

@@ -2,7 +2,22 @@
 * # About aws-vpc-setup :: flowlogs
 *
 * This submodule creates VPC flow logs.  It creates one for private and one for public subnets.  Run this once
-* per VPC.  You will need to run the flow logs role once before (aws-vpc-setup/flowlogs-role)
+* per VPC.  You will need to run the flow logs role once before (aws-vpc-setup/flowlogs-role).
+*
+* This also creates cloudwatch logs and cloudwatch streams (Kinesis), and drops a configuration file in `setup/`
+* to be used in Splunk. Distribute this configuration to the splunk team for flowlog ingestion.
+* 
+* ```
+* # setup/aws_kinesis_tasks.lgs-vpc2-dice-dev.conf
+* [ma6-gov-flowlogs-us-gov-east-1_lg-vpc2-dice-dev]
+* account = ma6-gov
+* format = CloudWatchLogs
+* index = aws_vpc_flow_logs
+* region = us-gov-east-1
+* sourcetype = aws:cloudwatchlogs:vpcflow
+* init_stream_position = LATEST
+* stream_names = lgs-vpc2-dice-dev
+* ```
 *
 * # Usage
 *
@@ -14,14 +29,12 @@
 *   account_alias        = "ma6-gov"
 *   public_subnets_ids   = module.subnets.public_subnets_ids
 *   private_subnets_ids  = module.subnets.private_subnets_ids
-*   flowlog_bucket_arn   = {flowlog-s3-bucket-arn}
-*   flowlog_role_arn     = {flowlog-role-arn}
+*   flowlog_bucket_arn   = data.terraform_remote_state.common.infrastructure_east.flowlogs_arn
+*   flowlog_role_arn     = data.terraform_remote_state.common.outputs.role_flowlogs_arn
 *
-*   # optional
-*   public_subnet_ids    = [ for s in module.subnets.public_subnets_ids : s.id ]
-*   private_subnet_ids   = [ for s in module.subnets.private_subnets_ids : s.id ]
-*   vpc_name             = var.vpc_name
-*   vpc_short_name       = var.vpc_short_name
+*   ## optional
+*   # public_subnet_ids    = [ for s in module.subnets.public_subnets_ids : s.id ]
+*   # private_subnet_ids   = [ for s in module.subnets.private_subnets_ids : s.id ]
 *
 *   tags = {}
 * }