Skip to content

Commit

Permalink
support more regions
Browse files Browse the repository at this point in the history
  • Loading branch information
@kichik
kichik committed Apr 28, 2020
1 parent 48b89d8 commit 162460c
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 32 deletions.
9 changes: 5 additions & 4 deletions CloudWatch2S3-additional-account.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ Metadata:
SpdxLicenseId: MIT
Parameters:
LogDestination:
AllowedPattern: arn:aws:logs:[a-z1-9\-]+:[0-9]+:destination:.*
AllowedPattern: arn:[a-z\-]+:logs:[a-z1-9\-]+:[0-9]+:destination:.*
Description: hello
Type: String
LogGroupNamePrefix:
Expand Down Expand Up @@ -176,7 +176,8 @@ Resources:
Fn::GetAtt:
- LogSubscriberFunction
- Arn
Principal: events.amazonaws.com
Principal:
Fn::Sub: events.${AWS::URLSuffix}
SourceArn:
Fn::GetAtt:
- LogSubscriberRule
Expand All @@ -191,7 +192,7 @@ Resources:
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
- Fn::Sub: lambda.${AWS::URLSuffix}
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Expand All @@ -215,7 +216,7 @@ Resources:
eventName:
- CreateLogGroup
eventSource:
- logs.amazonaws.com
- Fn::Sub: logs.${AWS::URLSuffix}
detail-type:
- AWS API Call via CloudTrail
source:
Expand Down
79 changes: 51 additions & 28 deletions CloudWatch2S3.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,42 @@ Conditions:
- CloudWatch JSON (GZIP)
Description: Continuously dump all matching CloudWatch Log groups to a bucket for
long-term storage (by CloudSnorkel)
Mappings:
Partitions:
aws:
LogEndpoints:
- logs.ap-east-1.amazonaws.com
- logs.ap-northeast-1.amazonaws.com
- logs.ap-northeast-2.amazonaws.com
- logs.ap-south-1.amazonaws.com
- logs.ap-southeast-1.amazonaws.com
- logs.ap-southeast-2.amazonaws.com
- logs.ca-central-1.amazonaws.com
- logs.eu-central-1.amazonaws.com
- logs.eu-north-1.amazonaws.com
- logs.eu-west-1.amazonaws.com
- logs.eu-west-2.amazonaws.com
- logs.eu-west-3.amazonaws.com
- logs.me-south-1.amazonaws.com
- logs.sa-east-1.amazonaws.com
- logs.us-east-1.amazonaws.com
- logs.us-east-2.amazonaws.com
- logs.us-west-1.amazonaws.com
- logs.us-west-2.amazonaws.com
aws-cn:
LogEndpoints:
- logs.cn-north-1.amazonaws.com.cn
- logs.cn-northwest-1.amazonaws.com.cn
aws-iso:
LogEndpoints:
- logs.us-iso-east-1.c2s.ic.gov
aws-iso-b:
LogEndpoints:
- logs.us-isob-east-1.sc2s.sgov.gov
aws-us-gov:
LogEndpoints:
- logs.us-gov-east-1.amazonaws.com
- logs.us-gov-west-1.amazonaws.com
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
Expand Down Expand Up @@ -202,7 +238,7 @@ Resources:
Effect: Allow
Principal:
Service:
- firehose.amazonaws.com
- Fn::Sub: firehose.${AWS::URLSuffix}
Version: '2012-10-17'
Policies:
- PolicyDocument:
Expand Down Expand Up @@ -244,15 +280,15 @@ Resources:
- logs:PutLogEvents
Effect: Allow
Resource:
- Fn::Sub: arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/kinesisfirehose/${AWS::StackName}-DeliveryStream*:log-stream:*
- Fn::Sub: arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/kinesisfirehose/${AWS::StackName}-DeliveryStream*:log-stream:*
- Fn::If:
- Encrypt
- Action:
- kms:Decrypt
Condition:
StringEquals:
kms:ViaService:
Fn::Sub: kinesis.${AWS::Region}.amazonaws.com
Fn::Sub: kinesis.${AWS::Region}.${AWS::URLSuffix}
Effect: Allow
Resource:
- Ref: KeyArn
Expand All @@ -265,7 +301,7 @@ Resources:
Condition:
StringEquals:
kms:ViaService:
Fn::Sub: s3.${AWS::Region}.amazonaws.com
Fn::Sub: s3.${AWS::Region}.${AWS::URLSuffix}
Effect: Allow
Resource:
- Ref: KeyArn
Expand Down Expand Up @@ -360,24 +396,10 @@ Resources:
Effect: Allow
Principal:
Service:
- logs.ap-east-1.amazonaws.com
- logs.ap-northeast-1.amazonaws.com
- logs.ap-northeast-2.amazonaws.com
- logs.ap-south-1.amazonaws.com
- logs.ap-southeast-1.amazonaws.com
- logs.ap-southeast-2.amazonaws.com
- logs.ca-central-1.amazonaws.com
- logs.eu-central-1.amazonaws.com
- logs.eu-north-1.amazonaws.com
- logs.eu-west-1.amazonaws.com
- logs.eu-west-2.amazonaws.com
- logs.eu-west-3.amazonaws.com
- logs.me-south-1.amazonaws.com
- logs.sa-east-1.amazonaws.com
- logs.us-east-1.amazonaws.com
- logs.us-east-2.amazonaws.com
- logs.us-west-1.amazonaws.com
- logs.us-west-2.amazonaws.com
Fn::FindInMap:
- Partitions
- Ref: AWS::Partition
- LogEndpoints
Version: '2012-10-17'
Type: AWS::IAM::Role
KinesisRoleLambdaPolicy:
Expand Down Expand Up @@ -453,7 +475,7 @@ Resources:
"AWS": ["${AWS::AccountId}"]
},
"Action": "logs:PutSubscriptionFilter",
"Resource": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:destination:${DestinationName}"
"Resource": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:destination:${DestinationName}"
}
${Extra}
]
Expand All @@ -476,7 +498,7 @@ Resources:
Fn::Sub: |-
"]},
"Action": "logs:PutSubscriptionFilter",
"Resource": "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:destination:${DestinationName}"
"Resource": "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:destination:${DestinationName}"
}
- ''
RoleArn:
Expand Down Expand Up @@ -569,7 +591,7 @@ Resources:
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
- Fn::Sub: lambda.${AWS::URLSuffix}
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Expand Down Expand Up @@ -715,7 +737,8 @@ Resources:
Fn::GetAtt:
- LogSubscriberFunction
- Arn
Principal: events.amazonaws.com
Principal:
Fn::Sub: events.${AWS::URLSuffix}
SourceArn:
Fn::GetAtt:
- LogSubscriberRule
Expand All @@ -730,7 +753,7 @@ Resources:
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
- Fn::Sub: lambda.${AWS::URLSuffix}
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Expand All @@ -754,7 +777,7 @@ Resources:
eventName:
- CreateLogGroup
eventSource:
- logs.amazonaws.com
- Fn::Sub: logs.${AWS::URLSuffix}
detail-type:
- AWS API Call via CloudTrail
source:
Expand Down

0 comments on commit 162460c

Please sign in to comment.