empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
07689baa39
fleet/tools/loadtesting/terraform/firehose.tf
Zachary Winnerman 69c0434e88
Add terraform for the loadtesting environment (#4172) 
* Add terraform for the loadtesting environment

* Add some checkov stuff and minor updates

* Remove defunct commented stuff

* Add separate cloudwatch namespace for migrations

* Remove defunct code

* checkin
2022-02-15 13:00:24 -05:00

133 lines
3.2 KiB
HCL
Raw Blame History

resource "aws_s3_bucket" "osquery-results" {
bucket = "fleet-loadtest-osquery-logs-archive"
acl = "private"
lifecycle_rule {
enabled = true
expiration {
days = 1
}
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "aws:kms"
}
}
}
#checkov:skip=CKV_AWS_18:dev env
#checkov:skip=CKV_AWS_144:dev env
#checkov:skip=CKV_AWS_21:dev env
}
resource "aws_s3_bucket" "osquery-status" {
bucket = "fleet-loadtest-osquery-status-archive"
acl = "private"
lifecycle_rule {
enabled = true
expiration {
days = 1
}
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "aws:kms"
}
}
}
#checkov:skip=CKV_AWS_18:dev env
#checkov:skip=CKV_AWS_144:dev env
#checkov:skip=CKV_AWS_21:dev env
}
data "aws_iam_policy_document" "osquery_results_policy_doc" {
statement {
effect = "Allow"
actions = [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject"
]
resources = [aws_s3_bucket.osquery-results.arn, "${aws_s3_bucket.osquery-results.arn}/*"]
}
}
data "aws_iam_policy_document" "osquery_status_policy_doc" {
statement {
effect = "Allow"
actions = [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject"
]
resources = [aws_s3_bucket.osquery-status.arn, "${aws_s3_bucket.osquery-status.arn}/*"]
}
}
resource "aws_iam_policy" "firehose-results" {
name = "osquery_results_firehose_policy"
policy = data.aws_iam_policy_document.osquery_results_policy_doc.json
}
resource "aws_iam_policy" "firehose-status" {
name = "osquery_status_firehose_policy"
policy = data.aws_iam_policy_document.osquery_status_policy_doc.json
}
resource "aws_iam_role" "firehose-results" {
assume_role_policy = data.aws_iam_policy_document.osquery_firehose_assume_role.json
}
resource "aws_iam_role" "firehose-status" {
assume_role_policy = data.aws_iam_policy_document.osquery_firehose_assume_role.json
}
resource "aws_iam_role_policy_attachment" "firehose-results" {
policy_arn = aws_iam_policy.firehose-results.arn
role = aws_iam_role.firehose-results.name
}
resource "aws_iam_role_policy_attachment" "firehose-status" {
policy_arn = aws_iam_policy.firehose-status.arn
role = aws_iam_role.firehose-status.name
}
data "aws_iam_policy_document" "osquery_firehose_assume_role" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
identifiers = ["firehose.amazonaws.com"]
type = "Service"
}
}
}
resource "aws_kinesis_firehose_delivery_stream" "osquery_results" {
name = "osquery_results"
destination = "s3"
s3_configuration {
role_arn = aws_iam_role.firehose-results.arn
bucket_arn = aws_s3_bucket.osquery-results.arn
}
}
resource "aws_kinesis_firehose_delivery_stream" "osquery_status" {
name = "osquery_status"
destination = "s3"
s3_configuration {
role_arn = aws_iam_role.firehose-status.arn
bucket_arn = aws_s3_bucket.osquery-status.arn
}
}
Reference in New Issue View Git Blame Copy Permalink