Tke a swing at creating an OAM sunk

ServerlessOpsIO · Aug 17, 2024 · 51f85e8 · 51f85e8
1 parent c165b54
commit 51f85e8
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 2 deletions.
diff --git a/cfn-parameters.json b/cfn-parameters.json
@@ -1,4 +1,5 @@
 {
+    "AwsOrgId": $secrets.AWS_ORG_ID,
     "ObservabilityOu": "ou-c834-7gp1wa8v",
     "TargetRegions": "us-east-1",
     "DatadogHttpEndpointUrl": "https://aws-kinesis-http-intake.logs.us5.datadoghq.com/api/v2/logs?dd-protocol=aws-kinesis-firehose",

diff --git a/stacksets/datadog-shipping/oam-sink-template.yaml b/stacksets/datadog-shipping/oam-sink-template.yaml
@@ -0,0 +1,28 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: AWS CloudWatch OAM Sink
+
+Parameters:
+  AwsOrgId:
+    Type: String
+
+Resources:
+  OamSink:
+    Type: AWS::OAM::Sink
+    Properties:
+      Name: OrganizationSink
+      Policy:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal: "*"
+            Resource: "*"
+            Action:
+              - "oam:CreateLink"
+              - "oam:UpdateLink"
+            Condition:
+              StringEquals:
+                aws:PrincipalOrgID: !Ref AwsOrgId
+              ForAllValues:StringEquals:
+                oam:ResourceTypes:
+                  - "AWS::CloudWatch::Metric"
+                  - "AWS::Logs::LogGroup"
diff --git a/stacksets/datadog-shipping/stackset.yaml b/stacksets/datadog-shipping/stackset.yaml
@@ -1,5 +1,8 @@
 Metadata:
-  localTemplateFile: &template_body ./logs-template.yaml
+  DatadogLogShipping:
+    localTemplateFile: &dd_logs_template_body ./logs-template.yaml
+  OamSink:
+    localTemplateFile: &oam_sink_template_body ./oam-sink-template.yaml
 
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: AWS::Serverless-2016-10-31
@@ -12,6 +15,8 @@ Parameters:
   TargetRegions:
     Type: CommaDelimitedList
     Description: Regions to deploy to
+  AwsOrgId:
+    Type: String
   DatadogHttpEndpointUrl:
     Type: String
   DatadogApiKey:
@@ -45,4 +50,28 @@ Resources:
         FailureToleranceCount: 1
         MaxConcurrentCount: 5
       PermissionModel: SERVICE_MANAGED
-      TemplateBody: *template_body
+      TemplateBody: *dd_logs_template_body
+
+  CloudWatchOamSinkStacxkSet:
+    Type: AWS::CloudFormation::StackSet
+    Properties:
+      StackSetName: CloudWatchOamSink
+      Description: CloudWatch OAM Sink
+      Parameters:
+        - ParameterKey: AwsOrgId
+          ParameterValue: !Ref AwsOrgId
+      StackInstancesGroup:
+        - DeploymentTargets:
+            OrganizationalUnitIds: !Ref ObservabilityOu
+          Regions: !Ref TargetRegions
+      AutoDeployment:
+        Enabled: true
+        RetainStacksOnAccountRemoval: false
+      ManagedExecution:
+        Active: true
+      OperationPreferences:
+        RegionConcurrencyType: PARALLEL
+        FailureToleranceCount: 1
+        MaxConcurrentCount: 5
+      PermissionModel: SERVICE_MANAGED
+      TemplateBody: *oam_sink_template_body
diff --git a/template.yaml b/template.yaml
@@ -6,6 +6,8 @@ Parameters:
   TargetRegions:
     Type: String
     Description: List of OUs
+  AwsOrgId:
+    Type: String
   ObservabilityOu:
     Type: String
     Description: OU of observability accounts
@@ -26,3 +28,4 @@ Resources:
         TargetRegions: !Ref TargetRegions
         DatadogHttpEndpointUrl: !Ref DatadogHttpEndpointUrl
         DatadogApiKey: !Ref DatadogApiKey
+        AwsOrgId: !Ref AwsOrgId