diff --git a/examples/complete_exapmle/README.MD b/examples/complete_exapmle/README.MD new file mode 100644 index 0000000..31fba86 --- /dev/null +++ b/examples/complete_exapmle/README.MD @@ -0,0 +1 @@ +# Complete example of a terraform-aws-slack-alerts configuration \ No newline at end of file diff --git a/example.tf b/examples/complete_exapmle/main.tf similarity index 79% rename from example.tf rename to examples/complete_exapmle/main.tf index 1328bdc..33da1f5 100644 --- a/example.tf +++ b/examples/complete_exapmle/main.tf @@ -1,18 +1,15 @@ -# In almost all modules only treshold/limit amount and subscriber_sns_topic_arns or -# subscriber_email_addresses are required, other parameters are optional. - locals { slack = { - workspace_id = "xxxxxxxxx" + workspace_id = "ASDFGHJKL" channel = { - "dev-alerts" = "xxxxxxxxxxx" - "prod-alerts" = "xxxxxxxxxxx" + "prod-alerts" = "PPOIUYTREWQ" } } + # Both SNS topic ARN and email addresses can be used as subscribers, but at least one of them is required budget_subscriber_email_addresses = [ - "mail@gmail.com", + "prod_alerts@gmail.com", ] - prod_sns_topic_arn = [aws_sns_topic.chatbot.arn] + prod_sns_topic_arn = [aws_sns_topic.prod_chatbot.arn] } # Optional Automatic creation Chatbot IAM role @@ -26,13 +23,14 @@ module "chatbot_slack_workspace" { source = "./modules/slack_workspace" workspace_id = local.slack.workspace_id - # Here can be placed default_iam_role_arn for Chatbot instead automatic creation + + # Here can be placed default_iam_role_arn for Chatbot instead of automatic creation default_iam_role_arn = module.chatbot_role.iam_role_arn # Mapping of topics to channels channels_config = { - test = { - slack_channel_id = local.slack.channel["dev-alerts"] + prod = { + slack_channel_id = local.slack.channel["prod-alerts"] sns_topic_arns = local.prod_sns_topic_arn } } @@ -56,7 +54,7 @@ module "savings_plans_alerts" { subscriber_sns_topic_arns = local.prod_sns_topic_arn } -# Budget alert. Required to specify only limit amount and one of subscriber_sns_topic_arns or subscriber_email_addresses + # It will automatically create budget, with notifications for 100%, 150% and 200% of limit amount for forecasted and actual costs module "budget_alerts" { source = "./modules/budget_alerts" @@ -97,12 +95,13 @@ module "cost_anomaly_detection" { } # SNS topic for Chatbot -resource "aws_sns_topic" "chatbot" { +resource "aws_sns_topic" "prod_chatbot" { name = "test_chatbot_topic" } + # SNS topic policy for Chatbot -resource "aws_sns_topic_policy" "chatbot_topic" { - arn = aws_sns_topic.chatbot.arn +resource "aws_sns_topic_policy" "prod_chatbot" { + arn = aws_sns_topic.prod_chatbot.arn policy = jsonencode({ Version = "2012-10-17" Id = "chatbot_topic_policy" @@ -112,14 +111,14 @@ resource "aws_sns_topic_policy" "chatbot_topic" { Effect = "Allow" Principal = "*" Action = "sns:Publish" - Resource = aws_sns_topic.chatbot.arn + Resource = aws_sns_topic.prod_chatbot.arn }, { Sid = "AllowSNSSubscriptions" Effect = "Allow" Principal = "*" Action = "sns:Subscribe" - Resource = aws_sns_topic.chatbot.arn + Resource = aws_sns_topic.prod_chatbot.arn }, { Sid = "AllowChatbotSubscriptions" @@ -128,7 +127,7 @@ resource "aws_sns_topic_policy" "chatbot_topic" { "Service" : "chatbot.amazonaws.com" }, Action = "sns:Subscribe" - Resource = aws_sns_topic.chatbot.arn + Resource = aws_sns_topic.prod_chatbot.arn }, { Sid = "AllowBudgetsPublish", @@ -137,7 +136,7 @@ resource "aws_sns_topic_policy" "chatbot_topic" { Service = "budgets.amazonaws.com" }, Action = "SNS:Publish", - Resource = aws_sns_topic.chatbot.arn + Resource = aws_sns_topic.prod_chatbot.arn }, { Sid = "AllowEventsPublish", @@ -146,7 +145,7 @@ resource "aws_sns_topic_policy" "chatbot_topic" { Service = "events.amazonaws.com" }, Action = "SNS:Publish", - Resource = aws_sns_topic.chatbot.arn + Resource = aws_sns_topic.prod_chatbot.arn } ] }) diff --git a/examples/complete_exapmle/variables.tf b/examples/complete_exapmle/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/complete_exapmle/versions.tf b/examples/complete_exapmle/versions.tf new file mode 100644 index 0000000..0e2d714 --- /dev/null +++ b/examples/complete_exapmle/versions.tf @@ -0,0 +1,13 @@ +terraform { + required_version = "~> 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.64" + } + awscc = { + source = "hashicorp/awscc" + version = "0.58.0" + } + } +} diff --git a/examples/two_workspaces_example/README.MD b/examples/two_workspaces_example/README.MD new file mode 100644 index 0000000..4ef71ad --- /dev/null +++ b/examples/two_workspaces_example/README.MD @@ -0,0 +1 @@ +# Complete example of two workspace configurations \ No newline at end of file diff --git a/examples/two_workspaces_example/main.tf b/examples/two_workspaces_example/main.tf new file mode 100644 index 0000000..1d1fbcf --- /dev/null +++ b/examples/two_workspaces_example/main.tf @@ -0,0 +1,208 @@ +locals { + budget = { + workspace_id = "ASDFGHJKL" + channel = { + "budget-alerts" = "QWERTYUIOPP" + } + } + security = { + workspace_id = "LKJHGFDSA" + channel = { + "security-alerts" = "PPOIUYTREWQ" + } + } + + # Both SNS topic ARN and email addresses can be used as subscribers, but at least one of them is required + budget_subscriber_email_addresses = [ + "prod_alerts@gmail.com", + ] + budget_sns_topic_arn = [aws_sns_topic.budget_chatbot.arn] + + security_sns_topic_arn = [aws_sns_topic.security_chatbot.arn] + +} + +# Optional Automatic creation Chatbot IAM role +module "chatbot_role" { + source = "./modules/iam" +} + + +# Configuration of Slack workspace and topics to channels mapping +module "chatbot_budget_slack_workspace" { + source = "./modules/slack_workspace" + + workspace_id = local.budget.workspace_id + + # Here can be placed default_iam_role_arn for Chatbot instead of automatic creation + default_iam_role_arn = module.chatbot_role.iam_role_arn + + # Mapping of topics to channels + channels_config = { + test = { + slack_channel_id = local.budget.channel["budget-alerts"] + sns_topic_arns = local.budget_sns_topic_arn + } + } +} + +module "chatbot_prod_slack_workspace" { + source = "./modules/slack_workspace" + + workspace_id = local.security.workspace_id + + # Here can be placed default_iam_role_arn for Chatbot instead of automatic creation + default_iam_role_arn = module.chatbot_role.iam_role_arn + + # Mapping of topics to channels + channels_config = { + test = { + slack_channel_id = local.security.channel["security-alerts"] + sns_topic_arns = local.security_sns_topic_arn + } + } +} + +# It will automatically create budget, with notifications for 100%, 150% and 200% of limit amount for forecasted and actual costs +module "budget_alerts" { + source = "./modules/budget_alerts" + + limit_amount = "10000" + + subscriber_sns_topic_arns = local.budget_sns_topic_arn + subscriber_email_addresses = local.budget_subscriber_email_addresses +} + +module "cost_anomaly_detection" { + source = "./modules/cost_anomaly_detection" + + # https://docs.aws.amazon.com/cost-management/latest/userguide/cad-alert-chime.html + + anomaly_monitor_name = "monitor" + anomaly_subscription_name = "xxxxxx" + frequency = "DAILY" + threshold = "100.0" + + # TODO: % change, specific amount change + + subscriber_sns_topic_arns = local.budget_sns_topic_arn + subscriber_email_addresses = local.budget_subscriber_email_addresses +} + +module "eventbridge_alerts" { + source = "./modules/eventbridge" + + # create_guardduty_findings_rule will create eventbridge rule and send all GuardDuty findings to Slack + create_guardduty_findings_rule = true + + # create_aws_health_rule will create eventbridge rule and send all AWS Health events to Slack + create_aws_health_rule = true + + sns_topic_arn = local.security_sns_topic_arn[0] +} + + +# SNS topic for Chatbot +resource "aws_sns_topic" "budget_chatbot" { + name = "test_chatbot_topic" +} +# SNS topic policy for Chatbot +resource "aws_sns_topic_policy" "budget_chatbot" { + arn = aws_sns_topic.budget_chatbot.arn + policy = jsonencode({ + Version = "2012-10-17" + Id = "chatbot_topic_policy" + Statement = [ + { + Sid = "AllowSNSPublish" + Effect = "Allow" + Principal = "*" + Action = "sns:Publish" + Resource = aws_sns_topic.budget_chatbot.arn + }, + { + Sid = "AllowSNSSubscriptions" + Effect = "Allow" + Principal = "*" + Action = "sns:Subscribe" + Resource = aws_sns_topic.budget_chatbot.arn + }, + { + Sid = "AllowChatbotSubscriptions" + Effect = "Allow" + Principal = { + "Service" : "chatbot.amazonaws.com" + }, + Action = "sns:Subscribe" + Resource = aws_sns_topic.budget_chatbot.arn + }, + { + Sid = "AllowBudgetsPublish", + Effect = "Allow", + Principal = { + Service = "budgets.amazonaws.com" + }, + Action = "SNS:Publish", + Resource = aws_sns_topic.budget_chatbot.arn + }, + { + Sid = "AllowEventsPublish", + Effect = "Allow", + Principal = { + Service = "events.amazonaws.com" + }, + Action = "SNS:Publish", + Resource = aws_sns_topic.budget_chatbot.arn + } + ] + }) +} + +# Security topic +resource "aws_sns_topic" "security_chatbot" { + name = "security" +} + +resource "aws_sns_topic_policy" "security_chatbot" { + arn = aws_sns_topic.security_chatbot.arn + policy = jsonencode({ + Version = "2012-10-17" + Id = "chatbot_topic_policy" + Statement = [ + { + Sid = "AllowSNSPublish" + Effect = "Allow" + Principal = "*" + Action = "sns:Publish" + Resource = aws_sns_topic.security_chatbot.arn + }, + { + Sid = "AllowSNSSubscriptions" + Effect = "Allow" + Principal = "*" + Action = "sns:Subscribe" + Resource = aws_sns_topic.security_chatbot.arn + }, + { + Sid = "AllowChatbotSubscriptions" + Effect = "Allow" + Principal = { + "Service" : "chatbot.amazonaws.com" + }, + Action = "sns:Subscribe" + Resource = aws_sns_topic.security_chatbot.arn + }, + { + Sid = "AllowEventsPublish", + Effect = "Allow", + Principal = { + Service = "events.amazonaws.com" + }, + Action = "SNS:Publish", + Resource = aws_sns_topic.security_chatbot.arn + } + ] + }) +} + + diff --git a/examples/two_workspaces_example/variables.tf b/examples/two_workspaces_example/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/two_workspaces_example/versions.tf b/examples/two_workspaces_example/versions.tf new file mode 100644 index 0000000..0e2d714 --- /dev/null +++ b/examples/two_workspaces_example/versions.tf @@ -0,0 +1,13 @@ +terraform { + required_version = "~> 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.64" + } + awscc = { + source = "hashicorp/awscc" + version = "0.58.0" + } + } +}