aws-unified-lambda/logging-lambda-firehose-template.yaml at main · voorepreethi/aws-unified-lambda · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: New Relic Template to forward logs using firehose/S3 bucket

Metadata:
  AWS::ServerlessRepo::Application:
    Name: NewRelic-Log-Forwarder-Lambda-Firehose
    Description: Send log data from AWS to New Relic.
    Author: New Relic
    SpdxLicenseId: Apache-2.0
    LicenseUrl: LICENSE.txt
    ReadmeUrl: README.md
    HomePageUrl: https://github.com/newrelic/aws-unified-logging
    SemanticVersion: 1.1.1
    SourceCodeUrl: https://github.com/newrelic/aws-unified-logging

  AWS::CloudFormation::Interface:
    ParameterLabels:
      NewRelicAccountId:
        default: 'NewRelic account ID'
      LicenseKey:
        default: 'New Relic Ingest License Key'
      NewRelicRegion:
        default: 'New Relic Datacenter Region'
      LogGroupConfig:
        default: 'Log Groups name & filter (if applicable)'
      S3BucketNames:
        default: 'S3 bucket Names & Prefix (if applicable)'
      CommonAttributes:
        default: 'Common Attributes to be added to the log events'
      LoggingFirehoseStreamName:
        default: 'Name of Logging Firehose Delivery Stream'
      LoggingS3BackupBucketName:
        default: 'S3 Bucket Destination for failed Logging events'
      EnableCloudWatchLoggingForFirehose:
        default: 'Enables CloudWatch logging for Logging Firehose stream'
      StoreNRLicenseKeyInSecretManager:
        default: 'Store New Relic License Key in AWS Secrets Manager'

Parameters:
  LicenseKey:
    Type: String
    Description: New relic license key, create or get and existing key in https://one.newrelic.com/launcher/api-keys-ui.api-keys-launcher
    NoEcho: true
    MaxLength: 40
    AllowedPattern: "^[^\\s]+$"
    ConstraintDescription: "The parameter value cannot be empty, contain spaces, and must be alphanumeric and can contain symbols."
  NewRelicRegion:
    Type: String
    Description: Your New Relic region, this decides what endpoint to send logs to.
    Default: "US"
    AllowedValues:
      - "US"
      - "EU"
  NewRelicAccountId:
    Type: String
    Description: Id of the account in New relic
    AllowedPattern: "[0-9]+"
    ConstraintDescription: must only contain numbers
  S3BucketNames:
    Type: String
    Description: "JSON array of objects representing your S3Bucketname and prefixes (if applicable) For example: [{\"bucket\":\"bucket1\",\"prefix\":\"prefix/\"}]"
    Default: ""
  LogGroupConfig:
    Description: "JSON array of objects representing your LogGroup and Filters (if applicable). For example: [{\"LogGroupName\":\"logGroup1\",\"FilterPattern\":\"filter1\"}]"
    Type: String
  CommonAttributes:
    Type: String
    Description: "JSON array of objects representing your custom attributes. For example: [{\"AttributeName\":\"key1\",\"AttributeValue\":\"value1\"}]"
    Default: ""
  LoggingFirehoseStreamName:
    Type: String
    Description: Name of new Data Firehose Delivery Stream (must be unique per AWS account in the same AWS Region)
    Default: NewRelic-Logging-Delivery-Stream
    MaxLength: 64
    AllowedPattern: "[a-zA-Z0-9_.-]+"
    ConstraintDescription: must only contain letters (uppercase and lowercase), numbers, and characters '.', '_', and '-' with max length of 64 total characters
  LoggingS3BackupBucketName:
    Type: String
    Description: S3 Bucket Destination for failed events (must be globally unique across all AWS accounts in all AWS Regions within a partition)
    Default: firehose-logging-backup
    MinLength: 3
    MaxLength: 63
    AllowedPattern: (?!(^xn--|-s3alias$))^[a-z0-9.][a-z0-9-.]{1,61}[a-z0-9.]$
    ConstraintDescription: must adhere to the S3 bucket naming rules - https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
  EnableCloudWatchLoggingForFirehose:
    Type: String
    Description: Enables CloudWatch logging for the Firehose stream.
    Default: "false"
    AllowedValues:
      - "true"
      - "false"
  StoreNRLicenseKeyInSecretManager:
    Type: String
    Description: Should we store the New Relic license key in AWS Secrets Manager. Defaults to true.
    Default: "true"
    AllowedValues:
      - "true"
      - "false"

Resources:

  NewRelicLogsLoggingLambda:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: lambda-template.yaml
      Parameters:
        LicenseKey: !Ref LicenseKey
        NewRelicRegion: !Ref NewRelicRegion
        NewRelicAccountId: !Ref NewRelicAccountId
        S3BucketNames: !Ref S3BucketNames
        LogGroupConfig: ""
        CommonAttributes: !Ref CommonAttributes
        StoreNRLicenseKeyInSecretManager: !Ref StoreNRLicenseKeyInSecretManager

  NewRelicLogsFirehose:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: https://s3.us-east-2.amazonaws.com/unified-lambda-serverless/firehose-template.yaml #TODO when S3 publising via github is enabled
      Parameters:
        LicenseKey: !Ref LicenseKey
        NewRelicRegion: !Ref NewRelicRegion
        NewRelicAccountId: !Ref NewRelicAccountId
        LogGroupConfig: !Ref LogGroupConfig
        LoggingFirehoseStreamName: !Ref LoggingFirehoseStreamName
        LoggingS3BackupBucketName: !Ref LoggingS3BackupBucketName
        EnableCloudWatchLoggingForFirehose: !Ref EnableCloudWatchLoggingForFirehose
        CommonAttributes: !Ref CommonAttributes
        StoreNRLicenseKeyInSecretManager: !Ref StoreNRLicenseKeyInSecretManager