From 567a8133d28046c79e62beb09395d5bb8697cde0 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 14 May 2021 14:07:36 -0400 Subject: [PATCH] update docs --- flowlogs/README.md | 31 ++++++++++++++++++++++--------- flowlogs/main.tf | 29 +++++++++++++++++++++-------- 2 files changed, 43 insertions(+), 17 deletions(-) diff --git a/flowlogs/README.md b/flowlogs/README.md index d2686e9..80062d8 100644 --- a/flowlogs/README.md +++ b/flowlogs/README.md @@ -1,7 +1,22 @@ # About aws-vpc-setup :: flowlogs This submodule creates VPC flow logs. It creates one for private and one for public subnets. Run this once -per VPC. You will need to run the flow logs role once before (aws-vpc-setup/flowlogs-role) +per VPC. You will need to run the flow logs role once before (aws-vpc-setup/flowlogs-role). + +This also creates cloudwatch logs and cloudwatch streams (Kinesis), and drops a configuration file in `setup/` +to be used in Splunk. Distribute this configuration to the splunk team for flowlog ingestion. + +``` +# setup/aws_kinesis_tasks.lgs-vpc2-dice-dev.conf +[ma6-gov-flowlogs-us-gov-east-1_lg-vpc2-dice-dev] +account = ma6-gov +format = CloudWatchLogs +index = aws_vpc_flow_logs +region = us-gov-east-1 +sourcetype = aws:cloudwatchlogs:vpcflow +init_stream_position = LATEST +stream_names = lgs-vpc2-dice-dev +``` # Usage @@ -13,14 +28,12 @@ module "flowlogs" { account_alias = "ma6-gov" public_subnets_ids = module.subnets.public_subnets_ids private_subnets_ids = module.subnets.private_subnets_ids - flowlog_bucket_arn = {flowlog-s3-bucket-arn} - flowlog_role_arn = {flowlog-role-arn} - - # optional - public_subnet_ids = [ for s in module.subnets.public_subnets_ids : s.id ] - private_subnet_ids = [ for s in module.subnets.private_subnets_ids : s.id ] - vpc_name = var.vpc_name - vpc_short_name = var.vpc_short_name + flowlog_bucket_arn = data.terraform_remote_state.common.infrastructure_east.flowlogs_arn + flowlog_role_arn = data.terraform_remote_state.common.outputs.role_flowlogs_arn + + ## optional + # public_subnet_ids = [ for s in module.subnets.public_subnets_ids : s.id ] + # private_subnet_ids = [ for s in module.subnets.private_subnets_ids : s.id ] tags = {} } diff --git a/flowlogs/main.tf b/flowlogs/main.tf index d23015e..b64bfb3 100644 --- a/flowlogs/main.tf +++ b/flowlogs/main.tf @@ -2,7 +2,22 @@ * # About aws-vpc-setup :: flowlogs * * This submodule creates VPC flow logs. It creates one for private and one for public subnets. Run this once -* per VPC. You will need to run the flow logs role once before (aws-vpc-setup/flowlogs-role) +* per VPC. You will need to run the flow logs role once before (aws-vpc-setup/flowlogs-role). +* +* This also creates cloudwatch logs and cloudwatch streams (Kinesis), and drops a configuration file in `setup/` +* to be used in Splunk. Distribute this configuration to the splunk team for flowlog ingestion. +* +* ``` +* # setup/aws_kinesis_tasks.lgs-vpc2-dice-dev.conf +* [ma6-gov-flowlogs-us-gov-east-1_lg-vpc2-dice-dev] +* account = ma6-gov +* format = CloudWatchLogs +* index = aws_vpc_flow_logs +* region = us-gov-east-1 +* sourcetype = aws:cloudwatchlogs:vpcflow +* init_stream_position = LATEST +* stream_names = lgs-vpc2-dice-dev +* ``` * * # Usage * @@ -14,14 +29,12 @@ * account_alias = "ma6-gov" * public_subnets_ids = module.subnets.public_subnets_ids * private_subnets_ids = module.subnets.private_subnets_ids -* flowlog_bucket_arn = {flowlog-s3-bucket-arn} -* flowlog_role_arn = {flowlog-role-arn} +* flowlog_bucket_arn = data.terraform_remote_state.common.infrastructure_east.flowlogs_arn +* flowlog_role_arn = data.terraform_remote_state.common.outputs.role_flowlogs_arn * -* # optional -* public_subnet_ids = [ for s in module.subnets.public_subnets_ids : s.id ] -* private_subnet_ids = [ for s in module.subnets.private_subnets_ids : s.id ] -* vpc_name = var.vpc_name -* vpc_short_name = var.vpc_short_name +* ## optional +* # public_subnet_ids = [ for s in module.subnets.public_subnets_ids : s.id ] +* # private_subnet_ids = [ for s in module.subnets.private_subnets_ids : s.id ] * * tags = {} * }