This repository was archived by the owner on Feb 17, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathmain.tf
57 lines (51 loc) · 1.69 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
resource aws_lambda_function cloudwatch_to_syslog_server {
filename = "${path.module}/lambda.zip"
function_name = "${var.name}"
role = "${aws_iam_role.cloudwatch_to_syslog_server.arn}"
handler = "index.handler"
source_code_hash = "${base64sha256(file("${path.module}/lambda.zip"))}"
runtime = "nodejs8.10"
environment {
variables = {
SYSLOG_SERVER_HOST = "${var.syslog_server_host}"
SYSLOG_SERVER_PORT = "${var.syslog_server_port}"
DISABLE_TLS = "${var.disable_tls}"
}
}
}
resource aws_iam_role cloudwatch_to_syslog_server {
name = "${var.name}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource aws_iam_role_policy_attachment lambda_basic_execution {
role = "${aws_iam_role.cloudwatch_to_syslog_server.name}"
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
resource aws_lambda_permission cloudwatch_logs {
statement_id = "${var.name}"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.cloudwatch_to_syslog_server.arn}"
principal = "logs.${var.region}.amazonaws.com"
source_arn = "arn:aws:logs:${var.region}:${var.account_id}:log-group:${var.log_group}:*"
source_account = "${var.account_id}"
}
resource aws_cloudwatch_log_subscription_filter papertrail {
name = "${var.name}"
log_group_name = "${var.log_group}"
filter_pattern = ""
destination_arn = "${aws_lambda_function.cloudwatch_to_syslog_server.arn}"
}