Skip to content

Commit

Permalink
Merge pull request #8007 from ministryofjustice/feature/7607-network-…
Browse files Browse the repository at this point in the history 
…vpc-logs-to-s3

Send `live_data` flow logs go s3
  • Loading branch information
@dms1981
dms1981 authored Sep 23, 2024
2 parents 235e4a1 + f9e5865 commit adc2e12
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 12 deletions.
6 changes: 3 additions & 3 deletions terraform/environments/core-network-services/locals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ locals {
is-production = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-production"

# This local allows us to references the key / value pairs held in xsiam_secrets.
xsiam = jsondecode(data.aws_secretsmanager_secret_version.xsiam_secret_arn_version.secret_string)
cloudwatch_log_buckets = jsondecode(data.aws_secretsmanager_secret_version.core_logging_bucket_arns.secret_string)
cloudwatch_generic_log_groups = concat([module.firewall_logging.cloudwatch_log_group_name], [for key, value in module.vpc_inspection : value.fw_cloudwatch_name])
xsiam = jsondecode(data.aws_secretsmanager_secret_version.xsiam_secret_arn_version.secret_string)
cloudwatch_log_buckets = nonsensitive(jsondecode(data.aws_secretsmanager_secret_version.core_logging_bucket_arns.secret_string))
cloudwatch_generic_log_groups = concat([module.firewall_logging.cloudwatch_log_group_name], [for key, value in module.vpc_inspection : value.fw_cloudwatch_name])

tags = {
business-unit = "Platforms"
Expand Down
19 changes: 10 additions & 9 deletions terraform/environments/core-network-services/vpc.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,16 @@ locals {
module "vpc_inspection" {
for_each = local.networking

source = "../../modules/vpc-inspection"
application_name = local.application_name
fw_allowed_domains = local.fqdn_firewall_rules.fw_allowed_domains
fw_home_net_ips = local.fqdn_firewall_rules.fw_home_net_ips
fw_kms_arn = data.aws_kms_key.general_shared.arn
fw_rules = local.inline_firewall_rules
vpc_cidr = each.value
vpc_flow_log_iam_role = aws_iam_role.vpc_flow_log.arn
transit_gateway_id = aws_ec2_transit_gateway.transit-gateway.id
source = "../../modules/vpc-inspection"
application_name = local.application_name
flow_log_s3_destination_arn = each.key == "live_data" ? local.cloudwatch_log_buckets["vpc-flow-logs"] : ""
fw_allowed_domains = local.fqdn_firewall_rules.fw_allowed_domains
fw_home_net_ips = local.fqdn_firewall_rules.fw_home_net_ips
fw_kms_arn = data.aws_kms_key.general_shared.arn
fw_rules = local.inline_firewall_rules
vpc_cidr = each.value
vpc_flow_log_iam_role = aws_iam_role.vpc_flow_log.arn
transit_gateway_id = aws_ec2_transit_gateway.transit-gateway.id

# Tags
tags_common = merge(
Expand Down

0 comments on commit adc2e12

Please sign in to comment.