-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlog-ingester.tf
40 lines (38 loc) · 1.91 KB
/
log-ingester.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
resource "aws_lambda_function" "humio_cloudwatch_log_ingester" {
count = local.create_log_ingester ? 1 : 0
depends_on = [aws_iam_role.humio_cloudwatch_role, data.aws_s3_bucket_object.cloudwatch2humio_source_code_object]
description = "CloudWatch Logs to Humio ingester"
function_name = "${var.app_name}-log-ingester" // lambda names have a max length of 140 characters
s3_bucket = data.aws_s3_bucket_object.cloudwatch2humio_source_code_object.bucket
s3_key = data.aws_s3_bucket_object.cloudwatch2humio_source_code_object.key
source_code_hash = filebase64sha256(local.archive_path)
environment {
variables = {
HUMIO_PROTOCOL = var.humio_protocol
HUMIO_HOST = var.humio_host
HUMIO_INGEST_TOKEN = var.humio_ingest_token
LOG_LEVEL = var.log_level
NODE_ENV = "production"
}
}
vpc_config {
security_group_ids = local.enable_vpc_for_ingester_lambdas ? length(var.security_group_ids) > 0 ? var.security_group_ids : [aws_security_group.humio-logger-vpc-sg[0].id] : []
subnet_ids = local.enable_vpc_for_ingester_lambdas ? var.subnet_ids : []
}
handler = "lib/log_ingester.handler"
memory_size = 128
role = aws_iam_role.humio_cloudwatch_role.arn
runtime = "nodejs16.x"
timeout = 300
}
resource "aws_lambda_permission" "humio_cloudwatch_logs_ingester_permission" {
count = local.create_log_ingester ? 1 : 0
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.humio_cloudwatch_log_ingester[0].function_name
principal = "logs.amazonaws.com"
}
resource "aws_cloudwatch_log_group" "humio_cloudwatch_logs_ingester_log_group" {
count = local.create_log_ingester ? 1 : 0
name = "/aws/lambda/${aws_lambda_function.humio_cloudwatch_log_ingester[0].function_name}"
retention_in_days = var.humio_lambda_log_retention
}