From 51f85e81306b0e1c2bd98042bc4bd135404b55c6 Mon Sep 17 00:00:00 2001 From: Tom McLaughlin Date: Sat, 17 Aug 2024 01:33:41 -0400 Subject: [PATCH] Tke a swing at creating an OAM sunk --- cfn-parameters.json | 1 + .../datadog-shipping/oam-sink-template.yaml | 28 ++++++++++++++++ stacksets/datadog-shipping/stackset.yaml | 33 +++++++++++++++++-- template.yaml | 3 ++ 4 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 stacksets/datadog-shipping/oam-sink-template.yaml diff --git a/cfn-parameters.json b/cfn-parameters.json index cdec8c1..4179f2e 100644 --- a/cfn-parameters.json +++ b/cfn-parameters.json @@ -1,4 +1,5 @@ { + "AwsOrgId": $secrets.AWS_ORG_ID, "ObservabilityOu": "ou-c834-7gp1wa8v", "TargetRegions": "us-east-1", "DatadogHttpEndpointUrl": "https://aws-kinesis-http-intake.logs.us5.datadoghq.com/api/v2/logs?dd-protocol=aws-kinesis-firehose", diff --git a/stacksets/datadog-shipping/oam-sink-template.yaml b/stacksets/datadog-shipping/oam-sink-template.yaml new file mode 100644 index 0000000..0f951af --- /dev/null +++ b/stacksets/datadog-shipping/oam-sink-template.yaml @@ -0,0 +1,28 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: AWS CloudWatch OAM Sink + +Parameters: + AwsOrgId: + Type: String + +Resources: + OamSink: + Type: AWS::OAM::Sink + Properties: + Name: OrganizationSink + Policy: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: "*" + Resource: "*" + Action: + - "oam:CreateLink" + - "oam:UpdateLink" + Condition: + StringEquals: + aws:PrincipalOrgID: !Ref AwsOrgId + ForAllValues:StringEquals: + oam:ResourceTypes: + - "AWS::CloudWatch::Metric" + - "AWS::Logs::LogGroup" \ No newline at end of file diff --git a/stacksets/datadog-shipping/stackset.yaml b/stacksets/datadog-shipping/stackset.yaml index 4fc1c5e..8a947dd 100644 --- a/stacksets/datadog-shipping/stackset.yaml +++ b/stacksets/datadog-shipping/stackset.yaml @@ -1,5 +1,8 @@ Metadata: - localTemplateFile: &template_body ./logs-template.yaml + DatadogLogShipping: + localTemplateFile: &dd_logs_template_body ./logs-template.yaml + OamSink: + localTemplateFile: &oam_sink_template_body ./oam-sink-template.yaml AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 @@ -12,6 +15,8 @@ Parameters: TargetRegions: Type: CommaDelimitedList Description: Regions to deploy to + AwsOrgId: + Type: String DatadogHttpEndpointUrl: Type: String DatadogApiKey: @@ -45,4 +50,28 @@ Resources: FailureToleranceCount: 1 MaxConcurrentCount: 5 PermissionModel: SERVICE_MANAGED - TemplateBody: *template_body + TemplateBody: *dd_logs_template_body + + CloudWatchOamSinkStacxkSet: + Type: AWS::CloudFormation::StackSet + Properties: + StackSetName: CloudWatchOamSink + Description: CloudWatch OAM Sink + Parameters: + - ParameterKey: AwsOrgId + ParameterValue: !Ref AwsOrgId + StackInstancesGroup: + - DeploymentTargets: + OrganizationalUnitIds: !Ref ObservabilityOu + Regions: !Ref TargetRegions + AutoDeployment: + Enabled: true + RetainStacksOnAccountRemoval: false + ManagedExecution: + Active: true + OperationPreferences: + RegionConcurrencyType: PARALLEL + FailureToleranceCount: 1 + MaxConcurrentCount: 5 + PermissionModel: SERVICE_MANAGED + TemplateBody: *oam_sink_template_body diff --git a/template.yaml b/template.yaml index 97442ee..ee61a29 100644 --- a/template.yaml +++ b/template.yaml @@ -6,6 +6,8 @@ Parameters: TargetRegions: Type: String Description: List of OUs + AwsOrgId: + Type: String ObservabilityOu: Type: String Description: OU of observability accounts @@ -26,3 +28,4 @@ Resources: TargetRegions: !Ref TargetRegions DatadogHttpEndpointUrl: !Ref DatadogHttpEndpointUrl DatadogApiKey: !Ref DatadogApiKey + AwsOrgId: !Ref AwsOrgId