forked from jcsobrino/aws-log-ingestion
-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
142 lines (137 loc) · 5.23 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Sends log data from CloudWatch Logs to New Relic Infrastructure (Cloud integrations) and New Relic Logging
Parameters:
NRLicenseKey:
Type: String
Description: Your NewRelic license key.
NoEcho: true
NRLoggingEnabled:
Type: String
Description: Determines if logs are forwarded to New Relic Logging
Default: 'False'
AllowedValues:
- 'True'
- 'False'
NRInfraLogging:
Type: String
Description: Determines if logs are forwarded to New Relic Infrastructure
Default: 'True'
AllowedValues:
- 'True'
- 'False'
MemorySize:
Type: Number
Description: Memory size for the New Relic Log Ingestion Lambda function
Default: 128
Timeout:
Type: Number
Description: Timeout for the New Relic Log Ingestion Lambda function
Default: 30
FunctionRole:
Type: String
Description: |
IAM Role name that this function will assume. Should provide the AWSLambdaBasicExecutionRole policy. If not
specified, an appropriate Role will be created, which will require CAPABILITY_IAM to be acknowledged.
Default: ''
LogIngestionFunctionArnExportName:
Type: String
Description: |
The export name suffix for the function ARN
Default: LogIngestionFunctionArn
PermissionsBoundary:
Type: String
Description: IAM Role PermissionsBoundary (optional)
Default: ''
DebugLoggingEnabled:
Type: String
Description: A boolean to determine if you want to output debug messages in the CloudWatch console
Default: "false"
Conditions:
NoRole: !Equals ['', !Ref FunctionRole]
NoCap: !Not [ !Equals ['', !Ref FunctionRole] ]
HasPermissionBoundary: !Not [ !Equals ['', !Ref PermissionsBoundary] ]
Metadata:
AWS::ServerlessRepo::Application:
Name: NewRelic-log-ingestion
Description: Send log data from CloudWatch Logs to New Relic Infrastructure (Cloud Integrations) and New Relic Logging.
Author: New Relic
SpdxLicenseId: Apache-2.0
LicenseUrl: LICENSE
ReadmeUrl: README.md
HomePageUrl: https://github.com/newrelic/aws-log-ingestion
SemanticVersion: 2.8.0
SourceCodeUrl: https://github.com/newrelic/aws-log-ingestion
Resources:
NewRelicLogIngestionFunctionNoCap:
Type: AWS::Serverless::Function
Condition: NoCap
DeletionPolicy: Delete
Properties:
CodeUri: src/
Description: Sends log data from CloudWatch Logs to New Relic Infrastructure (Cloud integrations) and New Relic Logging
Handler: function.lambda_handler
FunctionName: !Join ['-', ['newrelic-log-ingestion', !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]]]
MemorySize:
Ref: MemorySize
Runtime: python3.9
PermissionsBoundary: !If [ HasPermissionBoundary, !Ref PermissionsBoundary, !Ref AWS::NoValue ]
Role: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${FunctionRole}
Timeout:
Ref: Timeout
Environment:
Variables:
LICENSE_KEY: !Ref NRLicenseKey
LOGGING_ENABLED: !Ref NRLoggingEnabled
INFRA_ENABLED: !Ref NRInfraLogging
DEBUG_LOGGING_ENABLED: !Ref DebugLoggingEnabled
NewRelicLogIngestionFunction:
Type: AWS::Serverless::Function
Condition: NoRole
DeletionPolicy: Delete
Properties:
CodeUri: src/
Description: Sends log data from CloudWatch Logs to New Relic Infrastructure (Cloud integrations) and New Relic Logging
Handler: function.lambda_handler
FunctionName: !Join ['-', ['newrelic-log-ingestion', !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]]]
MemorySize:
Ref: MemorySize
Runtime: python3.9
PermissionsBoundary: !If [ HasPermissionBoundary, !Ref PermissionsBoundary, !Ref AWS::NoValue ]
Timeout:
Ref: Timeout
Environment:
Variables:
LICENSE_KEY: !Ref NRLicenseKey
LOGGING_ENABLED: !Ref NRLoggingEnabled
INFRA_ENABLED: !Ref NRInfraLogging
DEBUG_LOGGING_ENABLED: !Ref DebugLoggingEnabled
LambdaInvokePermissionNoCap:
Type: AWS::Lambda::Permission
Condition: NoCap
Properties:
FunctionName: !GetAtt NewRelicLogIngestionFunctionNoCap.Arn
Action: lambda:InvokeFunction
Principal: !Sub logs.${AWS::Region}.amazonaws.com
SourceArn: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*
LambdaInvokePermission:
Type: AWS::Lambda::Permission
Condition: NoRole
Properties:
FunctionName: !GetAtt NewRelicLogIngestionFunction.Arn
Action: lambda:InvokeFunction
Principal: !Sub logs.${AWS::Region}.amazonaws.com
SourceArn: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*
Outputs:
LogIngestionFunctionArn:
Condition: NoRole
Description: Log ingestion lambda function ARN
Value: !GetAtt NewRelicLogIngestionFunction.Arn
Export:
Name: !Sub "${AWS::StackName}-${LogIngestionFunctionArnExportName}"
LogIngestionFunctionNoCapArn:
Condition: NoCap
Description: Log ingestion lambda function ARN (custom role)
Value: !GetAtt NewRelicLogIngestionFunctionNoCap.Arn
Export:
Name: !Sub "${AWS::StackName}-${LogIngestionFunctionArnExportName}"