signalfx logo
SignalFx v5.10.0, May 13 23

signalfx.aws.ExternalIntegration

Explore with Pulumi AI

SignalFx AWS CloudWatch integrations using Role ARNs. For help with this integration see Connect to AWS CloudWatch.

NOTE When managing integrations use a session token for an administrator to authenticate the SignalFx provider. See Operations that require a session token for an administrator.

WARNING This resource implements a part of a workflow. You must use it with signalfx.aws.Integration. Check with SignalFx support for your realm’s AWS account id.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using SignalFx = Pulumi.SignalFx;

return await Deployment.RunAsync(() => 
{
    var awsMyteamExtern = new SignalFx.Aws.ExternalIntegration("awsMyteamExtern");

    var signalfxAssumePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "AWS",
                        Identifiers = new[]
                        {
                            awsMyteamExtern.SignalfxAwsAccount,
                        },
                    },
                },
                Conditions = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
                    {
                        Test = "StringEquals",
                        Variable = "sts:ExternalId",
                        Values = new[]
                        {
                            awsMyteamExtern.ExternalId,
                        },
                    },
                },
            },
        },
    });

    var awsSplunkRole = new Aws.Iam.Role("awsSplunkRole", new()
    {
        Description = "signalfx integration to read out data and send it to signalfxs aws account",
        AssumeRolePolicy = signalfxAssumePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var awsSplunkPolicy = new Aws.Iam.Policy("awsSplunkPolicy", new()
    {
        Description = "AWS permissions required by the Splunk Observability Cloud",
        PolicyDocument = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Effect"": ""Allow"",
      ""Action"": [
        ""apigateway:GET"",
        ""autoscaling:DescribeAutoScalingGroups"",
        ""cloudfront:GetDistributionConfig"",
        ""cloudfront:ListDistributions"",
        ""cloudfront:ListTagsForResource"",
        ""cloudwatch:DescribeAlarms"",
        ""cloudwatch:GetMetricData"",
        ""cloudwatch:GetMetricStatistics"",
        ""cloudwatch:ListMetrics"",
        ""directconnect:DescribeConnections"",
        ""dynamodb:DescribeTable"",
        ""dynamodb:ListTables"",
        ""dynamodb:ListTagsOfResource"",
        ""ec2:DescribeInstances"",
        ""ec2:DescribeInstanceStatus"",
        ""ec2:DescribeRegions"",
        ""ec2:DescribeReservedInstances"",
        ""ec2:DescribeReservedInstancesModifications"",
        ""ec2:DescribeTags"",
        ""ec2:DescribeVolumes"",
        ""ecs:DescribeClusters"",
        ""ecs:DescribeServices"",
        ""ecs:DescribeTasks"",
        ""ecs:ListClusters"",
        ""ecs:ListServices"",
        ""ecs:ListTagsForResource"",
        ""ecs:ListTaskDefinitions"",
        ""ecs:ListTasks"",
        ""elasticache:DescribeCacheClusters"",
        ""elasticloadbalancing:DescribeLoadBalancerAttributes"",
        ""elasticloadbalancing:DescribeLoadBalancers"",
        ""elasticloadbalancing:DescribeTags"",
        ""elasticloadbalancing:DescribeTargetGroups"",
        ""elasticmapreduce:DescribeCluster"",
        ""elasticmapreduce:ListClusters"",
        ""es:DescribeElasticsearchDomain"",
        ""es:ListDomainNames"",
        ""kinesis:DescribeStream"",
        ""kinesis:ListShards"",
        ""kinesis:ListStreams"",
        ""kinesis:ListTagsForStream"",
        ""lambda:GetAlias"",
        ""lambda:ListFunctions"",
        ""lambda:ListTags"",
        ""logs:DeleteSubscriptionFilter"",
        ""logs:DescribeLogGroups"",
        ""logs:DescribeSubscriptionFilters"",
        ""logs:PutSubscriptionFilter"",
        ""organizations:DescribeOrganization"",
        ""rds:DescribeDBClusters"",
        ""rds:DescribeDBInstances"",
        ""rds:ListTagsForResource"",
        ""redshift:DescribeClusters"",
        ""redshift:DescribeLoggingStatus"",
        ""s3:GetBucketLocation"",
        ""s3:GetBucketLogging"",
        ""s3:GetBucketNotification"",
        ""s3:GetBucketTagging"",
        ""s3:ListAllMyBuckets"",
        ""s3:ListBucket"",
        ""s3:PutBucketNotification"",
        ""sqs:GetQueueAttributes"",
        ""sqs:ListQueues"",
        ""sqs:ListQueueTags"",
        ""states:ListStateMachines"",
        ""tag:GetResources"",
        ""workspaces:DescribeWorkspaces""
      ],
      ""Resource"": ""*""
    }
  ]
}
",
    });

    var splunkRolePolicyAttach = new Aws.Iam.RolePolicyAttachment("splunkRolePolicyAttach", new()
    {
        Role = awsSplunkRole.Name,
        PolicyArn = awsSplunkPolicy.Arn,
    });

    var awsMyteam = new SignalFx.Aws.Integration("awsMyteam", new()
    {
        Enabled = true,
        IntegrationId = awsMyteamExtern.Id,
        ExternalId = awsMyteamExtern.ExternalId,
        RoleArn = awsSplunkRole.Arn,
        Regions = new[]
        {
            "us-east-1",
        },
        PollRate = 300,
        ImportCloudWatch = true,
        EnableAwsUsage = true,
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
	"github.com/pulumi/pulumi-signalfx/sdk/v5/go/signalfx/aws"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		awsMyteamExtern, err := aws.NewExternalIntegration(ctx, "awsMyteamExtern", nil)
		if err != nil {
			return err
		}
		signalfxAssumePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
			Statements: iam.GetPolicyDocumentStatementArray{
				&iam.GetPolicyDocumentStatementArgs{
					Actions: pulumi.StringArray{
						pulumi.String("sts:AssumeRole"),
					},
					Principals: iam.GetPolicyDocumentStatementPrincipalArray{
						&iam.GetPolicyDocumentStatementPrincipalArgs{
							Type: pulumi.String("AWS"),
							Identifiers: pulumi.StringArray{
								awsMyteamExtern.SignalfxAwsAccount,
							},
						},
					},
					Conditions: iam.GetPolicyDocumentStatementConditionArray{
						&iam.GetPolicyDocumentStatementConditionArgs{
							Test:     pulumi.String("StringEquals"),
							Variable: pulumi.String("sts:ExternalId"),
							Values: pulumi.StringArray{
								awsMyteamExtern.ExternalId,
							},
						},
					},
				},
			},
		}, nil)
		awsSplunkRole, err := iam.NewRole(ctx, "awsSplunkRole", &iam.RoleArgs{
			Description: pulumi.String("signalfx integration to read out data and send it to signalfxs aws account"),
			AssumeRolePolicy: signalfxAssumePolicy.ApplyT(func(signalfxAssumePolicy iam.GetPolicyDocumentResult) (*string, error) {
				return &signalfxAssumePolicy.Json, nil
			}).(pulumi.StringPtrOutput),
		})
		if err != nil {
			return err
		}
		awsSplunkPolicy, err := iam.NewPolicy(ctx, "awsSplunkPolicy", &iam.PolicyArgs{
			Description: pulumi.String("AWS permissions required by the Splunk Observability Cloud"),
			Policy:      pulumi.Any("{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"apigateway:GET\",\n        \"autoscaling:DescribeAutoScalingGroups\",\n        \"cloudfront:GetDistributionConfig\",\n        \"cloudfront:ListDistributions\",\n        \"cloudfront:ListTagsForResource\",\n        \"cloudwatch:DescribeAlarms\",\n        \"cloudwatch:GetMetricData\",\n        \"cloudwatch:GetMetricStatistics\",\n        \"cloudwatch:ListMetrics\",\n        \"directconnect:DescribeConnections\",\n        \"dynamodb:DescribeTable\",\n        \"dynamodb:ListTables\",\n        \"dynamodb:ListTagsOfResource\",\n        \"ec2:DescribeInstances\",\n        \"ec2:DescribeInstanceStatus\",\n        \"ec2:DescribeRegions\",\n        \"ec2:DescribeReservedInstances\",\n        \"ec2:DescribeReservedInstancesModifications\",\n        \"ec2:DescribeTags\",\n        \"ec2:DescribeVolumes\",\n        \"ecs:DescribeClusters\",\n        \"ecs:DescribeServices\",\n        \"ecs:DescribeTasks\",\n        \"ecs:ListClusters\",\n        \"ecs:ListServices\",\n        \"ecs:ListTagsForResource\",\n        \"ecs:ListTaskDefinitions\",\n        \"ecs:ListTasks\",\n        \"elasticache:DescribeCacheClusters\",\n        \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n        \"elasticloadbalancing:DescribeLoadBalancers\",\n        \"elasticloadbalancing:DescribeTags\",\n        \"elasticloadbalancing:DescribeTargetGroups\",\n        \"elasticmapreduce:DescribeCluster\",\n        \"elasticmapreduce:ListClusters\",\n        \"es:DescribeElasticsearchDomain\",\n        \"es:ListDomainNames\",\n        \"kinesis:DescribeStream\",\n        \"kinesis:ListShards\",\n        \"kinesis:ListStreams\",\n        \"kinesis:ListTagsForStream\",\n        \"lambda:GetAlias\",\n        \"lambda:ListFunctions\",\n        \"lambda:ListTags\",\n        \"logs:DeleteSubscriptionFilter\",\n        \"logs:DescribeLogGroups\",\n        \"logs:DescribeSubscriptionFilters\",\n        \"logs:PutSubscriptionFilter\",\n        \"organizations:DescribeOrganization\",\n        \"rds:DescribeDBClusters\",\n        \"rds:DescribeDBInstances\",\n        \"rds:ListTagsForResource\",\n        \"redshift:DescribeClusters\",\n        \"redshift:DescribeLoggingStatus\",\n        \"s3:GetBucketLocation\",\n        \"s3:GetBucketLogging\",\n        \"s3:GetBucketNotification\",\n        \"s3:GetBucketTagging\",\n        \"s3:ListAllMyBuckets\",\n        \"s3:ListBucket\",\n        \"s3:PutBucketNotification\",\n        \"sqs:GetQueueAttributes\",\n        \"sqs:ListQueues\",\n        \"sqs:ListQueueTags\",\n        \"states:ListStateMachines\",\n        \"tag:GetResources\",\n        \"workspaces:DescribeWorkspaces\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}\n"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicyAttachment(ctx, "splunkRolePolicyAttach", &iam.RolePolicyAttachmentArgs{
			Role:      awsSplunkRole.Name,
			PolicyArn: awsSplunkPolicy.Arn,
		})
		if err != nil {
			return err
		}
		_, err = aws.NewIntegration(ctx, "awsMyteam", &aws.IntegrationArgs{
			Enabled:       pulumi.Bool(true),
			IntegrationId: awsMyteamExtern.ID(),
			ExternalId:    awsMyteamExtern.ExternalId,
			RoleArn:       awsSplunkRole.Arn,
			Regions: pulumi.StringArray{
				pulumi.String("us-east-1"),
			},
			PollRate:         pulumi.Int(300),
			ImportCloudWatch: pulumi.Bool(true),
			EnableAwsUsage:   pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.signalfx.aws.ExternalIntegration;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.signalfx.aws.Integration;
import com.pulumi.signalfx.aws.IntegrationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var awsMyteamExtern = new ExternalIntegration("awsMyteamExtern");

        final var signalfxAssumePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers(awsMyteamExtern.signalfxAwsAccount())
                    .build())
                .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                    .test("StringEquals")
                    .variable("sts:ExternalId")
                    .values(awsMyteamExtern.externalId())
                    .build())
                .build())
            .build());

        var awsSplunkRole = new Role("awsSplunkRole", RoleArgs.builder()        
            .description("signalfx integration to read out data and send it to signalfxs aws account")
            .assumeRolePolicy(signalfxAssumePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(signalfxAssumePolicy -> signalfxAssumePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());

        var awsSplunkPolicy = new Policy("awsSplunkPolicy", PolicyArgs.builder()        
            .description("AWS permissions required by the Splunk Observability Cloud")
            .policy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:GET",
        "autoscaling:DescribeAutoScalingGroups",
        "cloudfront:GetDistributionConfig",
        "cloudfront:ListDistributions",
        "cloudfront:ListTagsForResource",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "directconnect:DescribeConnections",
        "dynamodb:DescribeTable",
        "dynamodb:ListTables",
        "dynamodb:ListTagsOfResource",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeRegions",
        "ec2:DescribeReservedInstances",
        "ec2:DescribeReservedInstancesModifications",
        "ec2:DescribeTags",
        "ec2:DescribeVolumes",
        "ecs:DescribeClusters",
        "ecs:DescribeServices",
        "ecs:DescribeTasks",
        "ecs:ListClusters",
        "ecs:ListServices",
        "ecs:ListTagsForResource",
        "ecs:ListTaskDefinitions",
        "ecs:ListTasks",
        "elasticache:DescribeCacheClusters",
        "elasticloadbalancing:DescribeLoadBalancerAttributes",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetGroups",
        "elasticmapreduce:DescribeCluster",
        "elasticmapreduce:ListClusters",
        "es:DescribeElasticsearchDomain",
        "es:ListDomainNames",
        "kinesis:DescribeStream",
        "kinesis:ListShards",
        "kinesis:ListStreams",
        "kinesis:ListTagsForStream",
        "lambda:GetAlias",
        "lambda:ListFunctions",
        "lambda:ListTags",
        "logs:DeleteSubscriptionFilter",
        "logs:DescribeLogGroups",
        "logs:DescribeSubscriptionFilters",
        "logs:PutSubscriptionFilter",
        "organizations:DescribeOrganization",
        "rds:DescribeDBClusters",
        "rds:DescribeDBInstances",
        "rds:ListTagsForResource",
        "redshift:DescribeClusters",
        "redshift:DescribeLoggingStatus",
        "s3:GetBucketLocation",
        "s3:GetBucketLogging",
        "s3:GetBucketNotification",
        "s3:GetBucketTagging",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:PutBucketNotification",
        "sqs:GetQueueAttributes",
        "sqs:ListQueues",
        "sqs:ListQueueTags",
        "states:ListStateMachines",
        "tag:GetResources",
        "workspaces:DescribeWorkspaces"
      ],
      "Resource": "*"
    }
  ]
}
            """)
            .build());

        var splunkRolePolicyAttach = new RolePolicyAttachment("splunkRolePolicyAttach", RolePolicyAttachmentArgs.builder()        
            .role(awsSplunkRole.name())
            .policyArn(awsSplunkPolicy.arn())
            .build());

        var awsMyteam = new Integration("awsMyteam", IntegrationArgs.builder()        
            .enabled(true)
            .integrationId(awsMyteamExtern.id())
            .externalId(awsMyteamExtern.externalId())
            .roleArn(awsSplunkRole.arn())
            .regions("us-east-1")
            .pollRate(300)
            .importCloudWatch(true)
            .enableAwsUsage(true)
            .build());

    }
}
import pulumi
import pulumi_aws as aws
import pulumi_signalfx as signalfx

aws_myteam_extern = signalfx.aws.ExternalIntegration("awsMyteamExtern")
signalfx_assume_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    actions=["sts:AssumeRole"],
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        type="AWS",
        identifiers=[aws_myteam_extern.signalfx_aws_account],
    )],
    conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
        test="StringEquals",
        variable="sts:ExternalId",
        values=[aws_myteam_extern.external_id],
    )],
)])
aws_splunk_role = aws.iam.Role("awsSplunkRole",
    description="signalfx integration to read out data and send it to signalfxs aws account",
    assume_role_policy=signalfx_assume_policy.json)
aws_splunk_policy = aws.iam.Policy("awsSplunkPolicy",
    description="AWS permissions required by the Splunk Observability Cloud",
    policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:GET",
        "autoscaling:DescribeAutoScalingGroups",
        "cloudfront:GetDistributionConfig",
        "cloudfront:ListDistributions",
        "cloudfront:ListTagsForResource",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "directconnect:DescribeConnections",
        "dynamodb:DescribeTable",
        "dynamodb:ListTables",
        "dynamodb:ListTagsOfResource",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeRegions",
        "ec2:DescribeReservedInstances",
        "ec2:DescribeReservedInstancesModifications",
        "ec2:DescribeTags",
        "ec2:DescribeVolumes",
        "ecs:DescribeClusters",
        "ecs:DescribeServices",
        "ecs:DescribeTasks",
        "ecs:ListClusters",
        "ecs:ListServices",
        "ecs:ListTagsForResource",
        "ecs:ListTaskDefinitions",
        "ecs:ListTasks",
        "elasticache:DescribeCacheClusters",
        "elasticloadbalancing:DescribeLoadBalancerAttributes",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetGroups",
        "elasticmapreduce:DescribeCluster",
        "elasticmapreduce:ListClusters",
        "es:DescribeElasticsearchDomain",
        "es:ListDomainNames",
        "kinesis:DescribeStream",
        "kinesis:ListShards",
        "kinesis:ListStreams",
        "kinesis:ListTagsForStream",
        "lambda:GetAlias",
        "lambda:ListFunctions",
        "lambda:ListTags",
        "logs:DeleteSubscriptionFilter",
        "logs:DescribeLogGroups",
        "logs:DescribeSubscriptionFilters",
        "logs:PutSubscriptionFilter",
        "organizations:DescribeOrganization",
        "rds:DescribeDBClusters",
        "rds:DescribeDBInstances",
        "rds:ListTagsForResource",
        "redshift:DescribeClusters",
        "redshift:DescribeLoggingStatus",
        "s3:GetBucketLocation",
        "s3:GetBucketLogging",
        "s3:GetBucketNotification",
        "s3:GetBucketTagging",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:PutBucketNotification",
        "sqs:GetQueueAttributes",
        "sqs:ListQueues",
        "sqs:ListQueueTags",
        "states:ListStateMachines",
        "tag:GetResources",
        "workspaces:DescribeWorkspaces"
      ],
      "Resource": "*"
    }
  ]
}
""")
splunk_role_policy_attach = aws.iam.RolePolicyAttachment("splunkRolePolicyAttach",
    role=aws_splunk_role.name,
    policy_arn=aws_splunk_policy.arn)
aws_myteam = signalfx.aws.Integration("awsMyteam",
    enabled=True,
    integration_id=aws_myteam_extern.id,
    external_id=aws_myteam_extern.external_id,
    role_arn=aws_splunk_role.arn,
    regions=["us-east-1"],
    poll_rate=300,
    import_cloud_watch=True,
    enable_aws_usage=True)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as signalfx from "@pulumi/signalfx";

const awsMyteamExtern = new signalfx.aws.ExternalIntegration("awsMyteamExtern", {});
const signalfxAssumePolicy = aws.iam.getPolicyDocumentOutput({
    statements: [{
        actions: ["sts:AssumeRole"],
        principals: [{
            type: "AWS",
            identifiers: [awsMyteamExtern.signalfxAwsAccount],
        }],
        conditions: [{
            test: "StringEquals",
            variable: "sts:ExternalId",
            values: [awsMyteamExtern.externalId],
        }],
    }],
});
const awsSplunkRole = new aws.iam.Role("awsSplunkRole", {
    description: "signalfx integration to read out data and send it to signalfxs aws account",
    assumeRolePolicy: signalfxAssumePolicy.apply(signalfxAssumePolicy => signalfxAssumePolicy.json),
});
const awsSplunkPolicy = new aws.iam.Policy("awsSplunkPolicy", {
    description: "AWS permissions required by the Splunk Observability Cloud",
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:GET",
        "autoscaling:DescribeAutoScalingGroups",
        "cloudfront:GetDistributionConfig",
        "cloudfront:ListDistributions",
        "cloudfront:ListTagsForResource",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "directconnect:DescribeConnections",
        "dynamodb:DescribeTable",
        "dynamodb:ListTables",
        "dynamodb:ListTagsOfResource",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeRegions",
        "ec2:DescribeReservedInstances",
        "ec2:DescribeReservedInstancesModifications",
        "ec2:DescribeTags",
        "ec2:DescribeVolumes",
        "ecs:DescribeClusters",
        "ecs:DescribeServices",
        "ecs:DescribeTasks",
        "ecs:ListClusters",
        "ecs:ListServices",
        "ecs:ListTagsForResource",
        "ecs:ListTaskDefinitions",
        "ecs:ListTasks",
        "elasticache:DescribeCacheClusters",
        "elasticloadbalancing:DescribeLoadBalancerAttributes",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetGroups",
        "elasticmapreduce:DescribeCluster",
        "elasticmapreduce:ListClusters",
        "es:DescribeElasticsearchDomain",
        "es:ListDomainNames",
        "kinesis:DescribeStream",
        "kinesis:ListShards",
        "kinesis:ListStreams",
        "kinesis:ListTagsForStream",
        "lambda:GetAlias",
        "lambda:ListFunctions",
        "lambda:ListTags",
        "logs:DeleteSubscriptionFilter",
        "logs:DescribeLogGroups",
        "logs:DescribeSubscriptionFilters",
        "logs:PutSubscriptionFilter",
        "organizations:DescribeOrganization",
        "rds:DescribeDBClusters",
        "rds:DescribeDBInstances",
        "rds:ListTagsForResource",
        "redshift:DescribeClusters",
        "redshift:DescribeLoggingStatus",
        "s3:GetBucketLocation",
        "s3:GetBucketLogging",
        "s3:GetBucketNotification",
        "s3:GetBucketTagging",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:PutBucketNotification",
        "sqs:GetQueueAttributes",
        "sqs:ListQueues",
        "sqs:ListQueueTags",
        "states:ListStateMachines",
        "tag:GetResources",
        "workspaces:DescribeWorkspaces"
      ],
      "Resource": "*"
    }
  ]
}
`,
});
const splunkRolePolicyAttach = new aws.iam.RolePolicyAttachment("splunkRolePolicyAttach", {
    role: awsSplunkRole.name,
    policyArn: awsSplunkPolicy.arn,
});
const awsMyteam = new signalfx.aws.Integration("awsMyteam", {
    enabled: true,
    integrationId: awsMyteamExtern.id,
    externalId: awsMyteamExtern.externalId,
    roleArn: awsSplunkRole.arn,
    regions: ["us-east-1"],
    pollRate: 300,
    importCloudWatch: true,
    enableAwsUsage: true,
});
resources:
  awsMyteamExtern:
    type: signalfx:aws:ExternalIntegration
  awsSplunkRole:
    type: aws:iam:Role
    properties:
      description: signalfx integration to read out data and send it to signalfxs aws account
      assumeRolePolicy: ${signalfxAssumePolicy.json}
  awsSplunkPolicy:
    type: aws:iam:Policy
    properties:
      description: AWS permissions required by the Splunk Observability Cloud
      policy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "apigateway:GET",
                "autoscaling:DescribeAutoScalingGroups",
                "cloudfront:GetDistributionConfig",
                "cloudfront:ListDistributions",
                "cloudfront:ListTagsForResource",
                "cloudwatch:DescribeAlarms",
                "cloudwatch:GetMetricData",
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:ListMetrics",
                "directconnect:DescribeConnections",
                "dynamodb:DescribeTable",
                "dynamodb:ListTables",
                "dynamodb:ListTagsOfResource",
                "ec2:DescribeInstances",
                "ec2:DescribeInstanceStatus",
                "ec2:DescribeRegions",
                "ec2:DescribeReservedInstances",
                "ec2:DescribeReservedInstancesModifications",
                "ec2:DescribeTags",
                "ec2:DescribeVolumes",
                "ecs:DescribeClusters",
                "ecs:DescribeServices",
                "ecs:DescribeTasks",
                "ecs:ListClusters",
                "ecs:ListServices",
                "ecs:ListTagsForResource",
                "ecs:ListTaskDefinitions",
                "ecs:ListTasks",
                "elasticache:DescribeCacheClusters",
                "elasticloadbalancing:DescribeLoadBalancerAttributes",
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeTags",
                "elasticloadbalancing:DescribeTargetGroups",
                "elasticmapreduce:DescribeCluster",
                "elasticmapreduce:ListClusters",
                "es:DescribeElasticsearchDomain",
                "es:ListDomainNames",
                "kinesis:DescribeStream",
                "kinesis:ListShards",
                "kinesis:ListStreams",
                "kinesis:ListTagsForStream",
                "lambda:GetAlias",
                "lambda:ListFunctions",
                "lambda:ListTags",
                "logs:DeleteSubscriptionFilter",
                "logs:DescribeLogGroups",
                "logs:DescribeSubscriptionFilters",
                "logs:PutSubscriptionFilter",
                "organizations:DescribeOrganization",
                "rds:DescribeDBClusters",
                "rds:DescribeDBInstances",
                "rds:ListTagsForResource",
                "redshift:DescribeClusters",
                "redshift:DescribeLoggingStatus",
                "s3:GetBucketLocation",
                "s3:GetBucketLogging",
                "s3:GetBucketNotification",
                "s3:GetBucketTagging",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:PutBucketNotification",
                "sqs:GetQueueAttributes",
                "sqs:ListQueues",
                "sqs:ListQueueTags",
                "states:ListStateMachines",
                "tag:GetResources",
                "workspaces:DescribeWorkspaces"
              ],
              "Resource": "*"
            }
          ]
        }        
  splunkRolePolicyAttach:
    type: aws:iam:RolePolicyAttachment
    properties:
      role: ${awsSplunkRole.name}
      policyArn: ${awsSplunkPolicy.arn}
  awsMyteam:
    type: signalfx:aws:Integration
    properties:
      enabled: true
      integrationId: ${awsMyteamExtern.id}
      externalId: ${awsMyteamExtern.externalId}
      roleArn: ${awsSplunkRole.arn}
      # token = "abc123"
      #   # key = "abc123"
      regions:
        - us-east-1
      pollRate: 300
      importCloudWatch: true
      enableAwsUsage: true
variables:
  signalfxAssumePolicy:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - actions:
              - sts:AssumeRole
            principals:
              - type: AWS
                identifiers:
                  - ${awsMyteamExtern.signalfxAwsAccount}
            conditions:
              - test: StringEquals
                variable: sts:ExternalId
                values:
                  - ${awsMyteamExtern.externalId}

Create ExternalIntegration Resource

new ExternalIntegration(name: string, args?: ExternalIntegrationArgs, opts?: CustomResourceOptions);
@overload
def ExternalIntegration(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        name: Optional[str] = None)
@overload
def ExternalIntegration(resource_name: str,
                        args: Optional[ExternalIntegrationArgs] = None,
                        opts: Optional[ResourceOptions] = None)
func NewExternalIntegration(ctx *Context, name string, args *ExternalIntegrationArgs, opts ...ResourceOption) (*ExternalIntegration, error)
public ExternalIntegration(string name, ExternalIntegrationArgs? args = null, CustomResourceOptions? opts = null)
public ExternalIntegration(String name, ExternalIntegrationArgs args)
public ExternalIntegration(String name, ExternalIntegrationArgs args, CustomResourceOptions options)
type: signalfx:aws:ExternalIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ExternalIntegrationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ExternalIntegrationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ExternalIntegrationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ExternalIntegrationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ExternalIntegrationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

ExternalIntegration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ExternalIntegration resource accepts the following input properties:

Name string

The name of this integration

Name string

The name of this integration

name String

The name of this integration

name string

The name of this integration

name str

The name of this integration

name String

The name of this integration

Outputs

All input properties are implicitly available as output properties. Additionally, the ExternalIntegration resource produces the following output properties:

ExternalId string

The external ID to use with your IAM role and with signalfx.aws.Integration.

Id string

The provider-assigned unique ID for this managed resource.

SignalfxAwsAccount string

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

ExternalId string

The external ID to use with your IAM role and with signalfx.aws.Integration.

Id string

The provider-assigned unique ID for this managed resource.

SignalfxAwsAccount string

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

externalId String

The external ID to use with your IAM role and with signalfx.aws.Integration.

id String

The provider-assigned unique ID for this managed resource.

signalfxAwsAccount String

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

externalId string

The external ID to use with your IAM role and with signalfx.aws.Integration.

id string

The provider-assigned unique ID for this managed resource.

signalfxAwsAccount string

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

external_id str

The external ID to use with your IAM role and with signalfx.aws.Integration.

id str

The provider-assigned unique ID for this managed resource.

signalfx_aws_account str

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

externalId String

The external ID to use with your IAM role and with signalfx.aws.Integration.

id String

The provider-assigned unique ID for this managed resource.

signalfxAwsAccount String

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

Look up Existing ExternalIntegration Resource

Get an existing ExternalIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ExternalIntegrationState, opts?: CustomResourceOptions): ExternalIntegration
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        external_id: Optional[str] = None,
        name: Optional[str] = None,
        signalfx_aws_account: Optional[str] = None) -> ExternalIntegration
func GetExternalIntegration(ctx *Context, name string, id IDInput, state *ExternalIntegrationState, opts ...ResourceOption) (*ExternalIntegration, error)
public static ExternalIntegration Get(string name, Input<string> id, ExternalIntegrationState? state, CustomResourceOptions? opts = null)
public static ExternalIntegration get(String name, Output<String> id, ExternalIntegrationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ExternalId string

The external ID to use with your IAM role and with signalfx.aws.Integration.

Name string

The name of this integration

SignalfxAwsAccount string

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

ExternalId string

The external ID to use with your IAM role and with signalfx.aws.Integration.

Name string

The name of this integration

SignalfxAwsAccount string

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

externalId String

The external ID to use with your IAM role and with signalfx.aws.Integration.

name String

The name of this integration

signalfxAwsAccount String

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

externalId string

The external ID to use with your IAM role and with signalfx.aws.Integration.

name string

The name of this integration

signalfxAwsAccount string

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

external_id str

The external ID to use with your IAM role and with signalfx.aws.Integration.

name str

The name of this integration

signalfx_aws_account str

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

externalId String

The external ID to use with your IAM role and with signalfx.aws.Integration.

name String

The name of this integration

signalfxAwsAccount String

The AWS Account ARN to use with your policies/roles, provided by SignalFx.

Package Details

Repository
SignalFx pulumi/pulumi-signalfx
License
Apache-2.0
Notes

This Pulumi package is based on the signalfx Terraform Provider.