feat: merge poller and push stacks together to simplify cf stack depl…

…oy (#342)
observeinc · Dec 20, 2024 · 1080b71 · 1080b71
1 parent 7f070bd
commit 1080b71
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/apps/stack/template.yaml b/apps/stack/template.yaml
@@ -42,6 +42,12 @@ Metadata:
           - DatasourceID
           - GQLToken
           - UpdateTimestamp
+      - Label:
+          default: Enable Observe Metrics Poller
+        Parameters:
+          - MetricsPollerAllowedActions
+          - ObserveAwsAccountId
+          - DatastreamIds
       - Label:
           default: Forwarder Options
         Parameters:
@@ -158,6 +164,24 @@ Parameters:
     Description: >-
       The token used to retrieve metric configuration.
     Default: ''
+  MetricsPollerAllowedActions:
+    Type: CommaDelimitedList
+    Description: >-
+      List of actions allowed for the metrics poller
+      role. Leave empty to use default actions.
+    Default: cloudwatch:GetMetricData,cloudwatch:ListMetrics,tag:GetResources
+  ObserveAwsAccountId:
+    Type: String
+    Description: Observe AWS Account ID which will be allowed to assume role.
+    AllowedPattern: '\d*'
+    Default: ''
+  DatastreamIds:
+    Type: CommaDelimitedList
+    Description: Datastream IDs where data will be ingested to.
+      This ensures Observe cannot assume this role outside
+      of this context.
+    AllowedPattern: \d*
+    Default: ''
   SourceBucketNames:
     Type: CommaDelimitedList
     Description: >-
@@ -237,6 +261,10 @@ Conditions:
   EnableSubscription: !Or
     - !Condition HasLogGroupNamePatterns
     - !Condition HasLogGroupNamePrefixes
+  EnableMetricsPollerRole: !Not
+    - !Equals
+      - !Ref ObserveAwsAccountId
+      - ""
 Resources:
   Topic:
     Type: "AWS::SNS::Topic"
@@ -400,6 +428,21 @@ Resources:
           - UseStackName
           - !Sub "${AWS::StackName}-MetricStream"
           - !Sub "${NameOverride}-MetricStream"
+  MetricsPollerRole:
+    Type: AWS::Serverless::Application
+    Condition: EnableMetricsPollerRole
+    Properties:
+      Location: ../externalrole/template.yaml
+      NotificationARNs:
+        - !Ref Topic
+      Parameters:
+        ObserveAwsAccountId: !Ref ObserveAwsAccountId
+        AllowedActions: !Join [",", !Ref MetricsPollerAllowedActions]
+        DatastreamIds: !Join [",", !Ref DatastreamIds]
+        NameOverride: !If
+          - UseStackName
+          - !Sub "${AWS::StackName}-metrics-poller"
+          - !Sub "${NameOverride}-metrics-poller"
 Outputs:
   BucketName:
     Description: >-
@@ -488,3 +531,12 @@ Outputs:
     Value: !GetAtt
       - LogWriter
       - Outputs.SubscriberLogGroupName
+  PollerRoleArn:
+    Description: >-
+      ARN for IAM Role to be assumed by CloudWatch for metric delivery. This
+      value is required when configuring a subscription towards the Firehose
+      Delivery Stream.
+    Condition: EnableMetricsPollerRole
+    Value: !GetAtt
+      - MetricsPollerRole
+      - Outputs.RoleArn