Merge pull request #8 from brandonstevens/cloudtrail-example

Add Example for AWS CloudTrail Source

.gitignore

@@ -15,6 +15,8 @@
 
 # Examples
 **/.terraform/*
+*.plan
+terraform.tfstate*
 
 # Binaries
 pkg/*

examples/README.md

@@ -6,4 +6,7 @@ To run the examples, you will need a Sumo Logic account. All the examples can be
 
 You will also need to generate a set of access keys and Base64 encode them. It's recommended that you create a new user with only Manage Collectors privileges. For more information, see [API Authentication](https://help.sumologic.com/APIs/General-API-Information/API-Authentication)
 
-Additionally, you will need to know your API endpoint URL. Sumo Logic has several deployments that are assigned depending on the geographic location and the date an account is created. For more information, see [Sumo Logic Endpoints and Firewall Security](https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security)
+Additionally, you will need to know your API endpoint URL. Sumo Logic has several deployments that are assigned depending on the geographic location and the date an account is created. For more information, see [Sumo Logic Endpoints and Firewall Security](https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security)
+
+* [Creating an AWS CloudTrail Source in Sumo Logic](aws-cloudtrail-source/README.md)
+* [Creating a Hosted Collector in Sumo Logic](hosted-collector/README.md)

examples/aws-cloudtrail-source/README.md

@@ -0,0 +1,17 @@
+## Creating an AWS CloudTrail Source in Sumo Logic
+
+This example provides sample configuration for creating an AWS CloudTrail source.
+
+To run this example, in addition to a Sumo Logic account, you'll also need an AWS Account and credentials. The example does not specify AWS credential configuration and will either use the default profile or environment variables.
+
+Initialize by running `terraform init`.
+
+Once ready run `terraform plan -out example.plan` to review.
+
+You will be prompted to provide input for the following variables:
+
+* auth_token: Base64 encoding of `<accessId>:<accessKey>`. For more information, see [API Authentication](https://help.sumologic.com/APIs/General-API-Information/API-Authentication)
+* endpoint_url: Sumo Logic has several deployments that are assigned depending on the geographic location and the date an account is created. For more information, see [Sumo Logic Endpoints and Firewall Security](https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security)
+* sumologic_aws_external_id: The External ID is unique to your Sumo account and needs to be in the specified format. For more information, see [Grant Access to an AWS Product](https://help.sumologic.com/Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services/Grant_Access_to_an_AWS_Product)
+
+Once satisfied with plan, run `terraform apply example.plan`  

examples/aws-cloudtrail-source/aws_cloudtrail.tf

@@ -0,0 +1,75 @@
+resource "aws_s3_bucket" "security_logs" {
+  bucket = "terraform-provider-sumologic-cloudtrail-${random_pet.name.id}"
+
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "aws:kms"
+      }
+    }
+  }
+}
+
+data "aws_iam_policy_document" "security_logs" {
+  statement {
+    sid = "AclCheck"
+
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = [
+      "s3:GetBucketAcl",
+    ]
+
+    resources = [
+      "${aws_s3_bucket.security_logs.arn}",
+    ]
+  }
+
+  statement {
+    sid = "Write"
+
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = [
+      "s3:PutObject",
+    ]
+
+    resources = [
+      "${aws_s3_bucket.security_logs.arn}/AWSLogs/*",
+    ]
+
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+
+      values = [
+        "bucket-owner-full-control",
+      ]
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "security_logs" {
+  bucket = "${aws_s3_bucket.security_logs.id}"
+  policy = "${data.aws_iam_policy_document.security_logs.json}"
+}
+
+resource "aws_cloudtrail" "sumologic" {
+  # AWS will error if the S3 bucket policy won't allow CloudTrail
+  depends_on = ["aws_s3_bucket_policy.security_logs"]
+
+  name                       = "sumologic"
+  s3_bucket_name             = "${aws_s3_bucket.security_logs.id}"
+  is_multi_region_trail      = true
+  enable_log_file_validation = true
+}

examples/aws-cloudtrail-source/aws_iam.tf

@@ -0,0 +1,57 @@
+data "aws_iam_policy_document" "sumologic_assume_role_policy" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["926226587429"]
+    }
+
+    condition {
+      test     = "StringEquals"
+      variable = "sts:ExternalId"
+
+      values = [
+        "${var.sumologic_aws_external_id}",
+      ]
+    }
+  }
+}
+
+resource "aws_iam_role" "sumologic" {
+  name = "SumoLogicLogAccess2"
+
+  assume_role_policy = "${data.aws_iam_policy_document.sumologic_assume_role_policy.json}"
+}
+
+data "aws_iam_policy_document" "sumologic" {
+  statement {
+    actions = [
+      "s3:ListBucketVersions",
+      "s3:ListBucket",
+    ]
+
+    resources = ["${aws_s3_bucket.security_logs.arn}"]
+  }
+
+  statement {
+    actions = [
+      "s3:GetObject",
+      "s3:GetObjectVersion",
+    ]
+
+    resources = ["${aws_s3_bucket.security_logs.arn}/*"]
+  }
+}
+
+resource "aws_iam_policy" "sumologic" {
+  name        = "SumoLogicLogAccess"
+  path        = "/"
+  description = "Policy for SumoLogic accessing logs in S3"
+  policy      = "${data.aws_iam_policy_document.sumologic.json}"
+}
+
+resource "aws_iam_role_policy_attachment" "sumologic" {
+  role       = "${aws_iam_role.sumologic.name}"
+  policy_arn = "${aws_iam_policy.sumologic.arn}"
+}

examples/aws-cloudtrail-source/main.tf

@@ -0,0 +1,14 @@
+variable "auth_token" {}
+variable "endpoint_url" {}
+variable "sumologic_aws_external_id" {}
+
+provider "sumologic" {
+    auth_token = "${var.auth_token}"
+    endpoint_url = "${var.endpoint_url}"
+}
+
+provider "aws" {
+  region = "us-west-2"
+}
+
+resource "random_pet" "name" {}

examples/aws-cloudtrail-source/sumologic.tf

@@ -0,0 +1,30 @@
+resource "sumologic_hosted_collector" "example" {
+    name = "example-${random_pet.name.id}"
+}
+
+resource "sumologic_aws_cloudtrail_source" "example" {
+  name                 = "CloudTrail"
+  collector_id         = "${sumologic_hosted_collector.example.id}"
+  category             = "cloudtrail/example"
+  source_type          = "Polling"
+  scan_interval        = 60000
+  content_type         = "AwsCloudTrailBucket"
+  cutoff_relative_time = "-0h"
+
+  third_party_ref {
+    resources {
+      service_type = "AwsCloudTrailBucket"
+
+      path {
+        type            = "S3BucketPathExpression"
+        bucket_name     = "${aws_s3_bucket.security_logs.id}"
+        path_expression = "AWSLogs/*/CloudTrail/*"
+      }
+
+      authentication {
+        type     = "AWSRoleBasedAuthentication"
+        role_arn = "${aws_iam_role.sumologic.arn}"
+      }
+    }
+  }
+}

examples/hosted-collector/README.md

@@ -2,12 +2,13 @@
 
 This example provides sample configuration for creating a hosted collector.
 
-Once ready run `terraform plan -out example.plan` to review.
+Initialize by running `terraform init`.
+
+Once ready, run `terraform plan -out example.plan` to review.
 
 You will be prompted to provide input for the following variables:
 
 * auth_token: Base64 encoding of `<accessId>:<accessKey>`. For more information, see [API Authentication](https://help.sumologic.com/APIs/General-API-Information/API-Authentication)
 * endpoint_url: Sumo Logic has several deployments that are assigned depending on the geographic location and the date an account is created. For more information, see [Sumo Logic Endpoints and Firewall Security](https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security)
-* collector_name: Provide a name for the collector. Must be unique.
 
-Once satisfied with plan, run `terraform apply example.plan`  
+Once satisfied with plan, run `terraform apply example.plan`  

examples/hosted-collector/main.tf

@@ -1,12 +1,13 @@
 variable "auth_token" {}
 variable "endpoint_url" {}
-variable "collector_name" {}
 
 provider "sumologic" {
     auth_token = "${var.auth_token}"
     endpoint_url = "${var.endpoint_url}"
 }
 
+resource "random_pet" "name" {}
+
 resource "sumologic_hosted_collector" "example" {
-    name = "${var.collector_name}"
-}
+    name = "example-${random_pet.name.id}"
+}

sumologic/provider.go

@@ -16,10 +16,11 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("SUMOLOGIC_AUTH_TOKEN", nil),
 			},
 			"endpoint_url": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				Description: "Sumo Logic API Endpoint URL.",
-				DefaultFunc: schema.EnvDefaultFunc("SUMOLOGIC_ENDPOINT_URL", "https://api.sumologic.com/api/v1/"),
+				Type:         schema.TypeString,
+				Required:     true,
+				Description:  "Sumo Logic API Endpoint URL.",
+				DefaultFunc:  schema.EnvDefaultFunc("SUMOLOGIC_ENDPOINT_URL", nil),
+				InputDefault: "https://api.sumologic.com/api/v1/",
 			},
 		},
 		ResourcesMap: map[string]*schema.Resource{