signalfx.aws.ExternalIntegration
Explore with Pulumi AI
Splunk Observability AWS CloudWatch integrations using Role ARNs. For help with this integration see Connect to AWS CloudWatch.
NOTE When managing integrations, use a session token of an administrator to authenticate the Splunk Observability provider. See Operations that require a session token for an administrator.
WARNING This resource implements a part of a workflow. You must use it with
signalfx.aws.Integration
. Check with Splunk Observability support for your realm’s AWS account id.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using SignalFx = Pulumi.SignalFx;
return await Deployment.RunAsync(() =>
{
var awsMyteamExtern = new SignalFx.Aws.ExternalIntegration("awsMyteamExtern");
var signalfxAssumePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
awsMyteamExtern.SignalfxAwsAccount,
},
},
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "sts:ExternalId",
Values = new[]
{
awsMyteamExtern.ExternalId,
},
},
},
},
},
});
var awsSplunkRole = new Aws.Iam.Role("awsSplunkRole", new()
{
Description = "signalfx integration to read out data and send it to signalfxs aws account",
AssumeRolePolicy = signalfxAssumePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var awsSplunkPolicy = new Aws.Iam.Policy("awsSplunkPolicy", new()
{
Description = "AWS permissions required by the Splunk Observability Cloud",
PolicyDocument = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Action"": [
""apigateway:GET"",
""autoscaling:DescribeAutoScalingGroups"",
""cloudfront:GetDistributionConfig"",
""cloudfront:ListDistributions"",
""cloudfront:ListTagsForResource"",
""cloudwatch:DescribeAlarms"",
""cloudwatch:GetMetricData"",
""cloudwatch:GetMetricStatistics"",
""cloudwatch:ListMetrics"",
""directconnect:DescribeConnections"",
""dynamodb:DescribeTable"",
""dynamodb:ListTables"",
""dynamodb:ListTagsOfResource"",
""ec2:DescribeInstances"",
""ec2:DescribeInstanceStatus"",
""ec2:DescribeRegions"",
""ec2:DescribeReservedInstances"",
""ec2:DescribeReservedInstancesModifications"",
""ec2:DescribeTags"",
""ec2:DescribeVolumes"",
""ecs:DescribeClusters"",
""ecs:DescribeServices"",
""ecs:DescribeTasks"",
""ecs:ListClusters"",
""ecs:ListServices"",
""ecs:ListTagsForResource"",
""ecs:ListTaskDefinitions"",
""ecs:ListTasks"",
""elasticache:DescribeCacheClusters"",
""elasticloadbalancing:DescribeLoadBalancerAttributes"",
""elasticloadbalancing:DescribeLoadBalancers"",
""elasticloadbalancing:DescribeTags"",
""elasticloadbalancing:DescribeTargetGroups"",
""elasticmapreduce:DescribeCluster"",
""elasticmapreduce:ListClusters"",
""es:DescribeElasticsearchDomain"",
""es:ListDomainNames"",
""kinesis:DescribeStream"",
""kinesis:ListShards"",
""kinesis:ListStreams"",
""kinesis:ListTagsForStream"",
""lambda:GetAlias"",
""lambda:ListFunctions"",
""lambda:ListTags"",
""logs:DeleteSubscriptionFilter"",
""logs:DescribeLogGroups"",
""logs:DescribeSubscriptionFilters"",
""logs:PutSubscriptionFilter"",
""organizations:DescribeOrganization"",
""rds:DescribeDBClusters"",
""rds:DescribeDBInstances"",
""rds:ListTagsForResource"",
""redshift:DescribeClusters"",
""redshift:DescribeLoggingStatus"",
""s3:GetBucketLocation"",
""s3:GetBucketLogging"",
""s3:GetBucketNotification"",
""s3:GetBucketTagging"",
""s3:ListAllMyBuckets"",
""s3:ListBucket"",
""s3:PutBucketNotification"",
""sqs:GetQueueAttributes"",
""sqs:ListQueues"",
""sqs:ListQueueTags"",
""states:ListStateMachines"",
""tag:GetResources"",
""workspaces:DescribeWorkspaces""
],
""Resource"": ""*""
}
]
}
",
});
var splunkRolePolicyAttach = new Aws.Iam.RolePolicyAttachment("splunkRolePolicyAttach", new()
{
Role = awsSplunkRole.Name,
PolicyArn = awsSplunkPolicy.Arn,
});
var awsMyteam = new SignalFx.Aws.Integration("awsMyteam", new()
{
Enabled = true,
IntegrationId = awsMyteamExtern.Id,
ExternalId = awsMyteamExtern.ExternalId,
RoleArn = awsSplunkRole.Arn,
Regions = new[]
{
"us-east-1",
},
PollRate = 300,
ImportCloudWatch = true,
EnableAwsUsage = true,
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
"github.com/pulumi/pulumi-signalfx/sdk/v7/go/signalfx/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
awsMyteamExtern, err := aws.NewExternalIntegration(ctx, "awsMyteamExtern", nil)
if err != nil {
return err
}
signalfxAssumePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Actions: pulumi.StringArray{
pulumi.String("sts:AssumeRole"),
},
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("AWS"),
Identifiers: pulumi.StringArray{
awsMyteamExtern.SignalfxAwsAccount,
},
},
},
Conditions: iam.GetPolicyDocumentStatementConditionArray{
&iam.GetPolicyDocumentStatementConditionArgs{
Test: pulumi.String("StringEquals"),
Variable: pulumi.String("sts:ExternalId"),
Values: pulumi.StringArray{
awsMyteamExtern.ExternalId,
},
},
},
},
},
}, nil)
awsSplunkRole, err := iam.NewRole(ctx, "awsSplunkRole", &iam.RoleArgs{
Description: pulumi.String("signalfx integration to read out data and send it to signalfxs aws account"),
AssumeRolePolicy: signalfxAssumePolicy.ApplyT(func(signalfxAssumePolicy iam.GetPolicyDocumentResult) (*string, error) {
return &signalfxAssumePolicy.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
awsSplunkPolicy, err := iam.NewPolicy(ctx, "awsSplunkPolicy", &iam.PolicyArgs{
Description: pulumi.String("AWS permissions required by the Splunk Observability Cloud"),
Policy: pulumi.Any(`{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
`),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "splunkRolePolicyAttach", &iam.RolePolicyAttachmentArgs{
Role: awsSplunkRole.Name,
PolicyArn: awsSplunkPolicy.Arn,
})
if err != nil {
return err
}
_, err = aws.NewIntegration(ctx, "awsMyteam", &aws.IntegrationArgs{
Enabled: pulumi.Bool(true),
IntegrationId: awsMyteamExtern.ID(),
ExternalId: awsMyteamExtern.ExternalId,
RoleArn: awsSplunkRole.Arn,
Regions: pulumi.StringArray{
pulumi.String("us-east-1"),
},
PollRate: pulumi.Int(300),
ImportCloudWatch: pulumi.Bool(true),
EnableAwsUsage: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.signalfx.aws.ExternalIntegration;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.signalfx.aws.Integration;
import com.pulumi.signalfx.aws.IntegrationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var awsMyteamExtern = new ExternalIntegration("awsMyteamExtern");
final var signalfxAssumePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(awsMyteamExtern.signalfxAwsAccount())
.build())
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("sts:ExternalId")
.values(awsMyteamExtern.externalId())
.build())
.build())
.build());
var awsSplunkRole = new Role("awsSplunkRole", RoleArgs.builder()
.description("signalfx integration to read out data and send it to signalfxs aws account")
.assumeRolePolicy(signalfxAssumePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(signalfxAssumePolicy -> signalfxAssumePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
var awsSplunkPolicy = new Policy("awsSplunkPolicy", PolicyArgs.builder()
.description("AWS permissions required by the Splunk Observability Cloud")
.policy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
""")
.build());
var splunkRolePolicyAttach = new RolePolicyAttachment("splunkRolePolicyAttach", RolePolicyAttachmentArgs.builder()
.role(awsSplunkRole.name())
.policyArn(awsSplunkPolicy.arn())
.build());
var awsMyteam = new Integration("awsMyteam", IntegrationArgs.builder()
.enabled(true)
.integrationId(awsMyteamExtern.id())
.externalId(awsMyteamExtern.externalId())
.roleArn(awsSplunkRole.arn())
.regions("us-east-1")
.pollRate(300)
.importCloudWatch(true)
.enableAwsUsage(true)
.build());
}
}
import pulumi
import pulumi_aws as aws
import pulumi_signalfx as signalfx
aws_myteam_extern = signalfx.aws.ExternalIntegration("awsMyteamExtern")
signalfx_assume_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
actions=["sts:AssumeRole"],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=[aws_myteam_extern.signalfx_aws_account],
)],
conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
variable="sts:ExternalId",
values=[aws_myteam_extern.external_id],
)],
)])
aws_splunk_role = aws.iam.Role("awsSplunkRole",
description="signalfx integration to read out data and send it to signalfxs aws account",
assume_role_policy=signalfx_assume_policy.json)
aws_splunk_policy = aws.iam.Policy("awsSplunkPolicy",
description="AWS permissions required by the Splunk Observability Cloud",
policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
""")
splunk_role_policy_attach = aws.iam.RolePolicyAttachment("splunkRolePolicyAttach",
role=aws_splunk_role.name,
policy_arn=aws_splunk_policy.arn)
aws_myteam = signalfx.aws.Integration("awsMyteam",
enabled=True,
integration_id=aws_myteam_extern.id,
external_id=aws_myteam_extern.external_id,
role_arn=aws_splunk_role.arn,
regions=["us-east-1"],
poll_rate=300,
import_cloud_watch=True,
enable_aws_usage=True)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as signalfx from "@pulumi/signalfx";
const awsMyteamExtern = new signalfx.aws.ExternalIntegration("awsMyteamExtern", {});
const signalfxAssumePolicy = aws.iam.getPolicyDocumentOutput({
statements: [{
actions: ["sts:AssumeRole"],
principals: [{
type: "AWS",
identifiers: [awsMyteamExtern.signalfxAwsAccount],
}],
conditions: [{
test: "StringEquals",
variable: "sts:ExternalId",
values: [awsMyteamExtern.externalId],
}],
}],
});
const awsSplunkRole = new aws.iam.Role("awsSplunkRole", {
description: "signalfx integration to read out data and send it to signalfxs aws account",
assumeRolePolicy: signalfxAssumePolicy.apply(signalfxAssumePolicy => signalfxAssumePolicy.json),
});
const awsSplunkPolicy = new aws.iam.Policy("awsSplunkPolicy", {
description: "AWS permissions required by the Splunk Observability Cloud",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
`,
});
const splunkRolePolicyAttach = new aws.iam.RolePolicyAttachment("splunkRolePolicyAttach", {
role: awsSplunkRole.name,
policyArn: awsSplunkPolicy.arn,
});
const awsMyteam = new signalfx.aws.Integration("awsMyteam", {
enabled: true,
integrationId: awsMyteamExtern.id,
externalId: awsMyteamExtern.externalId,
roleArn: awsSplunkRole.arn,
regions: ["us-east-1"],
pollRate: 300,
importCloudWatch: true,
enableAwsUsage: true,
});
resources:
awsMyteamExtern:
type: signalfx:aws:ExternalIntegration
awsSplunkRole:
type: aws:iam:Role
properties:
description: signalfx integration to read out data and send it to signalfxs aws account
assumeRolePolicy: ${signalfxAssumePolicy.json}
awsSplunkPolicy:
type: aws:iam:Policy
properties:
description: AWS permissions required by the Splunk Observability Cloud
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
splunkRolePolicyAttach:
type: aws:iam:RolePolicyAttachment
properties:
role: ${awsSplunkRole.name}
policyArn: ${awsSplunkPolicy.arn}
awsMyteam:
type: signalfx:aws:Integration
properties:
enabled: true
integrationId: ${awsMyteamExtern.id}
externalId: ${awsMyteamExtern.externalId}
roleArn: ${awsSplunkRole.arn}
# token = "abc123"
# # key = "abc123"
regions:
- us-east-1
pollRate: 300
importCloudWatch: true
enableAwsUsage: true
variables:
signalfxAssumePolicy:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRole
principals:
- type: AWS
identifiers:
- ${awsMyteamExtern.signalfxAwsAccount}
conditions:
- test: StringEquals
variable: sts:ExternalId
values:
- ${awsMyteamExtern.externalId}
Create ExternalIntegration Resource
new ExternalIntegration(name: string, args?: ExternalIntegrationArgs, opts?: CustomResourceOptions);
@overload
def ExternalIntegration(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None)
@overload
def ExternalIntegration(resource_name: str,
args: Optional[ExternalIntegrationArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewExternalIntegration(ctx *Context, name string, args *ExternalIntegrationArgs, opts ...ResourceOption) (*ExternalIntegration, error)
public ExternalIntegration(string name, ExternalIntegrationArgs? args = null, CustomResourceOptions? opts = null)
public ExternalIntegration(String name, ExternalIntegrationArgs args)
public ExternalIntegration(String name, ExternalIntegrationArgs args, CustomResourceOptions options)
type: signalfx:aws:ExternalIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ExternalIntegration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ExternalIntegration resource accepts the following input properties:
- Name string
The name of this integration
- Name string
The name of this integration
- name String
The name of this integration
- name string
The name of this integration
- name str
The name of this integration
- name String
The name of this integration
Outputs
All input properties are implicitly available as output properties. Additionally, the ExternalIntegration resource produces the following output properties:
- External
Id string The external ID to use with your IAM role and with
signalfx.aws.Integration
.- Id string
The provider-assigned unique ID for this managed resource.
- Signalfx
Aws stringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- External
Id string The external ID to use with your IAM role and with
signalfx.aws.Integration
.- Id string
The provider-assigned unique ID for this managed resource.
- Signalfx
Aws stringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- external
Id String The external ID to use with your IAM role and with
signalfx.aws.Integration
.- id String
The provider-assigned unique ID for this managed resource.
- signalfx
Aws StringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- external
Id string The external ID to use with your IAM role and with
signalfx.aws.Integration
.- id string
The provider-assigned unique ID for this managed resource.
- signalfx
Aws stringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- external_
id str The external ID to use with your IAM role and with
signalfx.aws.Integration
.- id str
The provider-assigned unique ID for this managed resource.
- signalfx_
aws_ straccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- external
Id String The external ID to use with your IAM role and with
signalfx.aws.Integration
.- id String
The provider-assigned unique ID for this managed resource.
- signalfx
Aws StringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
Look up Existing ExternalIntegration Resource
Get an existing ExternalIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ExternalIntegrationState, opts?: CustomResourceOptions): ExternalIntegration
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
external_id: Optional[str] = None,
name: Optional[str] = None,
signalfx_aws_account: Optional[str] = None) -> ExternalIntegration
func GetExternalIntegration(ctx *Context, name string, id IDInput, state *ExternalIntegrationState, opts ...ResourceOption) (*ExternalIntegration, error)
public static ExternalIntegration Get(string name, Input<string> id, ExternalIntegrationState? state, CustomResourceOptions? opts = null)
public static ExternalIntegration get(String name, Output<String> id, ExternalIntegrationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- External
Id string The external ID to use with your IAM role and with
signalfx.aws.Integration
.- Name string
The name of this integration
- Signalfx
Aws stringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- External
Id string The external ID to use with your IAM role and with
signalfx.aws.Integration
.- Name string
The name of this integration
- Signalfx
Aws stringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- external
Id String The external ID to use with your IAM role and with
signalfx.aws.Integration
.- name String
The name of this integration
- signalfx
Aws StringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- external
Id string The external ID to use with your IAM role and with
signalfx.aws.Integration
.- name string
The name of this integration
- signalfx
Aws stringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- external_
id str The external ID to use with your IAM role and with
signalfx.aws.Integration
.- name str
The name of this integration
- signalfx_
aws_ straccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
- external
Id String The external ID to use with your IAM role and with
signalfx.aws.Integration
.- name String
The name of this integration
- signalfx
Aws StringAccount The AWS Account ARN to use with your policies/roles, provided by Splunk Observability.
Package Details
- Repository
- SignalFx pulumi/pulumi-signalfx
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
signalfx
Terraform Provider.