From 981f3602acfd31dbc1ce2a662b6562b61d3890a8 Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tom@serverlessops.io>
Date: Sat, 17 Aug 2024 14:33:14 -0400
Subject: [PATCH] Get rid of Oam sink

doesn't give us what we really want. While logs appear in the Monitoring CloudWatch account they are not handled by the account's CW logs global subscription filter
---
 stacksets/cloudwatch-oam-link/stackset.yaml | 43 ---------------------
 stacksets/cloudwatch-oam-link/template.yaml | 32 ---------------
 stacksets/cloudwatch-oam-sink/stackset.yaml | 42 --------------------
 stacksets/cloudwatch-oam-sink/template.yaml | 31 ---------------
 template.yaml                               | 37 ++----------------
 5 files changed, 4 insertions(+), 181 deletions(-)
 delete mode 100644 stacksets/cloudwatch-oam-link/stackset.yaml
 delete mode 100644 stacksets/cloudwatch-oam-link/template.yaml
 delete mode 100644 stacksets/cloudwatch-oam-sink/stackset.yaml
 delete mode 100644 stacksets/cloudwatch-oam-sink/template.yaml

diff --git a/stacksets/cloudwatch-oam-link/stackset.yaml b/stacksets/cloudwatch-oam-link/stackset.yaml
deleted file mode 100644
index b6a2115..0000000
--- a/stacksets/cloudwatch-oam-link/stackset.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-Metadata:
-  OamSink:
-    localTemplateFile: &template_body ./template.yaml
-
-AWSTemplateFormatVersion: '2010-09-09'
-Transform: AWS::Serverless-2016-10-31
-Description: AWS account infrastructure stackset (CW OAM Link)
-
-Parameters:
-  AwsOrgRootId:
-    Type: CommaDelimitedList
-    Description: Root ID of the AWS Organization
-  TargetRegions:
-    Type: CommaDelimitedList
-    Description: Regions to deploy to
-  AwsOamSinkArn:
-    Type: String
-    Description: ARN of CW OAM Sink
-
-Resources:
-  CloudWatchOamLinkStackSet:
-    Type: AWS::CloudFormation::StackSet
-    Properties:
-      StackSetName: CloudWatchOamLink
-      Description: CloudWatch OAM Link
-      Parameters:
-        - ParameterKey: AwsOamSinkArn
-          ParameterValue: !Ref AwsOamSinkArn
-      StackInstancesGroup:
-        - DeploymentTargets:
-            OrganizationalUnitIds: !Ref AwsOrgRootId
-          Regions: !Ref TargetRegions
-      AutoDeployment:
-        Enabled: true
-        RetainStacksOnAccountRemoval: false
-      ManagedExecution:
-        Active: true
-      OperationPreferences:
-        RegionConcurrencyType: PARALLEL
-        FailureToleranceCount: 1
-        MaxConcurrentCount: 5
-      PermissionModel: SERVICE_MANAGED
-      TemplateBody: *template_body
diff --git a/stacksets/cloudwatch-oam-link/template.yaml b/stacksets/cloudwatch-oam-link/template.yaml
deleted file mode 100644
index 2f49e67..0000000
--- a/stacksets/cloudwatch-oam-link/template.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Description: AWS CloudWatch OAM Sink
-
-Parameters:
-  AwsOamSinkArn:
-    Type: String
-    Description: ARN of CW OAM Sink
-
-Conditions:
-  SkipSinkAccount: !Not [
-    !Equals [
-      !Ref AWS::AccountId, !Select [
-        "4", !Split [
-          ":", !Ref AwsOamSinkArn]
-        ]
-      ]
-    ]
-
-
-Resources:
-  OamLink:
-    Type: AWS::Oam::Link
-    Condition: SkipSinkAccount
-    Properties:
-      LabelTemplate: "$AccountName"
-      ResourceTypes:
-        - AWS::CloudWatch::Metric
-        - AWS::Logs::LogGroup
-        - AWS::XRay::Trace
-        - AWS::ApplicationInsights::Application
-        - AWS::InternetMonitor::Monitor
-      SinkIdentifier: !Ref AwsOamSinkArn
diff --git a/stacksets/cloudwatch-oam-sink/stackset.yaml b/stacksets/cloudwatch-oam-sink/stackset.yaml
deleted file mode 100644
index 3a712b5..0000000
--- a/stacksets/cloudwatch-oam-sink/stackset.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-Metadata:
-  OamSink:
-    localTemplateFile: &oam_sink_template_body ./template.yaml
-
-AWSTemplateFormatVersion: '2010-09-09'
-Transform: AWS::Serverless-2016-10-31
-Description: AWS account infrastructure stackset (CW oam sink)
-
-Parameters:
-  ObservabilityOu:
-    Type: CommaDelimitedList
-    Description: List of OUs
-  TargetRegions:
-    Type: CommaDelimitedList
-    Description: Regions to deploy to
-  AwsOrgId:
-    Type: String
-
-Resources:
-  CloudWatchOamSinkStacxkSet:
-    Type: AWS::CloudFormation::StackSet
-    Properties:
-      StackSetName: CloudWatchOamSink
-      Description: CloudWatch OAM Sink
-      Parameters:
-        - ParameterKey: AwsOrgId
-          ParameterValue: !Ref AwsOrgId
-      StackInstancesGroup:
-        - DeploymentTargets:
-            OrganizationalUnitIds: !Ref ObservabilityOu
-          Regions: !Ref TargetRegions
-      AutoDeployment:
-        Enabled: true
-        RetainStacksOnAccountRemoval: false
-      ManagedExecution:
-        Active: true
-      OperationPreferences:
-        RegionConcurrencyType: PARALLEL
-        FailureToleranceCount: 1
-        MaxConcurrentCount: 5
-      PermissionModel: SERVICE_MANAGED
-      TemplateBody: *oam_sink_template_body
diff --git a/stacksets/cloudwatch-oam-sink/template.yaml b/stacksets/cloudwatch-oam-sink/template.yaml
deleted file mode 100644
index 9540cc2..0000000
--- a/stacksets/cloudwatch-oam-sink/template.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Description: AWS CloudWatch OAM Sink
-
-Parameters:
-  AwsOrgId:
-    Type: String
-
-Resources:
-  OamSink:
-    Type: AWS::Oam::Sink
-    Properties:
-      Name: OrganizationSink
-      Policy:
-        Version: '2012-10-17'
-        Statement:
-          - Effect: Allow
-            Principal: "*"
-            Resource: "*"
-            Action:
-              - "oam:CreateLink"
-              - "oam:UpdateLink"
-            Condition:
-              StringEquals:
-                aws:PrincipalOrgID: !Ref AwsOrgId
-              ForAllValues:StringEquals:
-                oam:ResourceTypes:
-                  - AWS::CloudWatch::Metric
-                  - AWS::Logs::LogGroup
-                  - AWS::XRay::Trace
-                  - AWS::ApplicationInsights::Application
-                  - AWS::InternetMonitor::Monitor
\ No newline at end of file
diff --git a/template.yaml b/template.yaml
index bb57eae..3445816 100644
--- a/template.yaml
+++ b/template.yaml
@@ -3,11 +3,13 @@ Transform: AWS::Serverless-2016-10-31
 Description: AWS account observability stack
 
 Parameters:
+  AwsOrgId:
+    Type: String
+  AwsOrgRootId:
+    Type: String
   TargetRegions:
     Type: String
     Description: List of OUs
-  AwsOrgId:
-    Type: String
   ObservabilityOu:
     Type: String
     Description: OU of observability accounts
@@ -16,10 +18,6 @@ Parameters:
   DatadogApiKey:
     Type: String
     NoEcho: 'true'
-  AwsOamSinkArn:
-    Type: String
-  AwsOrgRootId:
-    Type: String
 
 Resources:
 
@@ -32,30 +30,3 @@ Resources:
         TargetRegions: !Ref TargetRegions
         DatadogHttpEndpointUrl: !Ref DatadogHttpEndpointUrl
         DatadogApiKey: !Ref DatadogApiKey
-
-  OamSinkStackSet:
-    Type: AWS::Serverless::Application
-    Properties:
-      Location: "./stacksets/cloudwatch-oam-sink/stackset.yaml"
-      Parameters:
-        ObservabilityOu: !Ref ObservabilityOu
-        TargetRegions: !Ref TargetRegions
-        AwsOrgId: !Ref AwsOrgId
-
-  OamLinkStackSet:
-    Type: AWS::Serverless::Application
-    DependsOn: OamSinkStackSet
-    Properties:
-      Location: "./stacksets/cloudwatch-oam-link/stackset.yaml"
-      Parameters:
-        AwsOrgRootId: !Ref AwsOrgRootId
-        TargetRegions: !Ref TargetRegions
-        AwsOamSinkArn: !Ref AwsOamSinkArn
-
-  OamLinkManagementStack:
-    Type: AWS::Serverless::Application
-    DependsOn: OamSinkStackSet
-    Properties:
-      Location: "./stacksets/cloudwatch-oam-link/template.yaml"
-      Parameters:
-        AwsOamSinkArn: !Ref AwsOamSinkArn