Viewing docs for SignalFx v5.10.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Viewing docs for SignalFx v5.10.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
SignalFx AWS CloudWatch integrations using Role ARNs. For help with this integration see Connect to AWS CloudWatch.
NOTE When managing integrations use a session token for an administrator to authenticate the SignalFx provider. See Operations that require a session token for an administrator.
WARNING This resource implements a part of a workflow. You must use it with
signalfx.aws.Integration. Check with SignalFx support for your realm’s AWS account id.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using SignalFx = Pulumi.SignalFx;
return await Deployment.RunAsync(() =>
{
var awsMyteamExtern = new SignalFx.Aws.ExternalIntegration("awsMyteamExtern");
var signalfxAssumePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
awsMyteamExtern.SignalfxAwsAccount,
},
},
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "sts:ExternalId",
Values = new[]
{
awsMyteamExtern.ExternalId,
},
},
},
},
},
});
var awsSplunkRole = new Aws.Iam.Role("awsSplunkRole", new()
{
Description = "signalfx integration to read out data and send it to signalfxs aws account",
AssumeRolePolicy = signalfxAssumePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var awsSplunkPolicy = new Aws.Iam.Policy("awsSplunkPolicy", new()
{
Description = "AWS permissions required by the Splunk Observability Cloud",
PolicyDocument = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Action"": [
""apigateway:GET"",
""autoscaling:DescribeAutoScalingGroups"",
""cloudfront:GetDistributionConfig"",
""cloudfront:ListDistributions"",
""cloudfront:ListTagsForResource"",
""cloudwatch:DescribeAlarms"",
""cloudwatch:GetMetricData"",
""cloudwatch:GetMetricStatistics"",
""cloudwatch:ListMetrics"",
""directconnect:DescribeConnections"",
""dynamodb:DescribeTable"",
""dynamodb:ListTables"",
""dynamodb:ListTagsOfResource"",
""ec2:DescribeInstances"",
""ec2:DescribeInstanceStatus"",
""ec2:DescribeRegions"",
""ec2:DescribeReservedInstances"",
""ec2:DescribeReservedInstancesModifications"",
""ec2:DescribeTags"",
""ec2:DescribeVolumes"",
""ecs:DescribeClusters"",
""ecs:DescribeServices"",
""ecs:DescribeTasks"",
""ecs:ListClusters"",
""ecs:ListServices"",
""ecs:ListTagsForResource"",
""ecs:ListTaskDefinitions"",
""ecs:ListTasks"",
""elasticache:DescribeCacheClusters"",
""elasticloadbalancing:DescribeLoadBalancerAttributes"",
""elasticloadbalancing:DescribeLoadBalancers"",
""elasticloadbalancing:DescribeTags"",
""elasticloadbalancing:DescribeTargetGroups"",
""elasticmapreduce:DescribeCluster"",
""elasticmapreduce:ListClusters"",
""es:DescribeElasticsearchDomain"",
""es:ListDomainNames"",
""kinesis:DescribeStream"",
""kinesis:ListShards"",
""kinesis:ListStreams"",
""kinesis:ListTagsForStream"",
""lambda:GetAlias"",
""lambda:ListFunctions"",
""lambda:ListTags"",
""logs:DeleteSubscriptionFilter"",
""logs:DescribeLogGroups"",
""logs:DescribeSubscriptionFilters"",
""logs:PutSubscriptionFilter"",
""organizations:DescribeOrganization"",
""rds:DescribeDBClusters"",
""rds:DescribeDBInstances"",
""rds:ListTagsForResource"",
""redshift:DescribeClusters"",
""redshift:DescribeLoggingStatus"",
""s3:GetBucketLocation"",
""s3:GetBucketLogging"",
""s3:GetBucketNotification"",
""s3:GetBucketTagging"",
""s3:ListAllMyBuckets"",
""s3:ListBucket"",
""s3:PutBucketNotification"",
""sqs:GetQueueAttributes"",
""sqs:ListQueues"",
""sqs:ListQueueTags"",
""states:ListStateMachines"",
""tag:GetResources"",
""workspaces:DescribeWorkspaces""
],
""Resource"": ""*""
}
]
}
",
});
var splunkRolePolicyAttach = new Aws.Iam.RolePolicyAttachment("splunkRolePolicyAttach", new()
{
Role = awsSplunkRole.Name,
PolicyArn = awsSplunkPolicy.Arn,
});
var awsMyteam = new SignalFx.Aws.Integration("awsMyteam", new()
{
Enabled = true,
IntegrationId = awsMyteamExtern.Id,
ExternalId = awsMyteamExtern.ExternalId,
RoleArn = awsSplunkRole.Arn,
Regions = new[]
{
"us-east-1",
},
PollRate = 300,
ImportCloudWatch = true,
EnableAwsUsage = true,
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
"github.com/pulumi/pulumi-signalfx/sdk/v5/go/signalfx/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
awsMyteamExtern, err := aws.NewExternalIntegration(ctx, "awsMyteamExtern", nil)
if err != nil {
return err
}
signalfxAssumePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Actions: pulumi.StringArray{
pulumi.String("sts:AssumeRole"),
},
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("AWS"),
Identifiers: pulumi.StringArray{
awsMyteamExtern.SignalfxAwsAccount,
},
},
},
Conditions: iam.GetPolicyDocumentStatementConditionArray{
&iam.GetPolicyDocumentStatementConditionArgs{
Test: pulumi.String("StringEquals"),
Variable: pulumi.String("sts:ExternalId"),
Values: pulumi.StringArray{
awsMyteamExtern.ExternalId,
},
},
},
},
},
}, nil)
awsSplunkRole, err := iam.NewRole(ctx, "awsSplunkRole", &iam.RoleArgs{
Description: pulumi.String("signalfx integration to read out data and send it to signalfxs aws account"),
AssumeRolePolicy: signalfxAssumePolicy.ApplyT(func(signalfxAssumePolicy iam.GetPolicyDocumentResult) (*string, error) {
return &signalfxAssumePolicy.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
awsSplunkPolicy, err := iam.NewPolicy(ctx, "awsSplunkPolicy", &iam.PolicyArgs{
Description: pulumi.String("AWS permissions required by the Splunk Observability Cloud"),
Policy: pulumi.Any("{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"apigateway:GET\",\n \"autoscaling:DescribeAutoScalingGroups\",\n \"cloudfront:GetDistributionConfig\",\n \"cloudfront:ListDistributions\",\n \"cloudfront:ListTagsForResource\",\n \"cloudwatch:DescribeAlarms\",\n \"cloudwatch:GetMetricData\",\n \"cloudwatch:GetMetricStatistics\",\n \"cloudwatch:ListMetrics\",\n \"directconnect:DescribeConnections\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeInstanceStatus\",\n \"ec2:DescribeRegions\",\n \"ec2:DescribeReservedInstances\",\n \"ec2:DescribeReservedInstancesModifications\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeVolumes\",\n \"ecs:DescribeClusters\",\n \"ecs:DescribeServices\",\n \"ecs:DescribeTasks\",\n \"ecs:ListClusters\",\n \"ecs:ListServices\",\n \"ecs:ListTagsForResource\",\n \"ecs:ListTaskDefinitions\",\n \"ecs:ListTasks\",\n \"elasticache:DescribeCacheClusters\",\n \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n \"elasticloadbalancing:DescribeLoadBalancers\",\n \"elasticloadbalancing:DescribeTags\",\n \"elasticloadbalancing:DescribeTargetGroups\",\n \"elasticmapreduce:DescribeCluster\",\n \"elasticmapreduce:ListClusters\",\n \"es:DescribeElasticsearchDomain\",\n \"es:ListDomainNames\",\n \"kinesis:DescribeStream\",\n \"kinesis:ListShards\",\n \"kinesis:ListStreams\",\n \"kinesis:ListTagsForStream\",\n \"lambda:GetAlias\",\n \"lambda:ListFunctions\",\n \"lambda:ListTags\",\n \"logs:DeleteSubscriptionFilter\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeSubscriptionFilters\",\n \"logs:PutSubscriptionFilter\",\n \"organizations:DescribeOrganization\",\n \"rds:DescribeDBClusters\",\n \"rds:DescribeDBInstances\",\n \"rds:ListTagsForResource\",\n \"redshift:DescribeClusters\",\n \"redshift:DescribeLoggingStatus\",\n \"s3:GetBucketLocation\",\n \"s3:GetBucketLogging\",\n \"s3:GetBucketNotification\",\n \"s3:GetBucketTagging\",\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:PutBucketNotification\",\n \"sqs:GetQueueAttributes\",\n \"sqs:ListQueues\",\n \"sqs:ListQueueTags\",\n \"states:ListStateMachines\",\n \"tag:GetResources\",\n \"workspaces:DescribeWorkspaces\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "splunkRolePolicyAttach", &iam.RolePolicyAttachmentArgs{
Role: awsSplunkRole.Name,
PolicyArn: awsSplunkPolicy.Arn,
})
if err != nil {
return err
}
_, err = aws.NewIntegration(ctx, "awsMyteam", &aws.IntegrationArgs{
Enabled: pulumi.Bool(true),
IntegrationId: awsMyteamExtern.ID(),
ExternalId: awsMyteamExtern.ExternalId,
RoleArn: awsSplunkRole.Arn,
Regions: pulumi.StringArray{
pulumi.String("us-east-1"),
},
PollRate: pulumi.Int(300),
ImportCloudWatch: pulumi.Bool(true),
EnableAwsUsage: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.signalfx.aws.ExternalIntegration;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.signalfx.aws.Integration;
import com.pulumi.signalfx.aws.IntegrationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var awsMyteamExtern = new ExternalIntegration("awsMyteamExtern");
final var signalfxAssumePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(awsMyteamExtern.signalfxAwsAccount())
.build())
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("sts:ExternalId")
.values(awsMyteamExtern.externalId())
.build())
.build())
.build());
var awsSplunkRole = new Role("awsSplunkRole", RoleArgs.builder()
.description("signalfx integration to read out data and send it to signalfxs aws account")
.assumeRolePolicy(signalfxAssumePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(signalfxAssumePolicy -> signalfxAssumePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
var awsSplunkPolicy = new Policy("awsSplunkPolicy", PolicyArgs.builder()
.description("AWS permissions required by the Splunk Observability Cloud")
.policy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
""")
.build());
var splunkRolePolicyAttach = new RolePolicyAttachment("splunkRolePolicyAttach", RolePolicyAttachmentArgs.builder()
.role(awsSplunkRole.name())
.policyArn(awsSplunkPolicy.arn())
.build());
var awsMyteam = new Integration("awsMyteam", IntegrationArgs.builder()
.enabled(true)
.integrationId(awsMyteamExtern.id())
.externalId(awsMyteamExtern.externalId())
.roleArn(awsSplunkRole.arn())
.regions("us-east-1")
.pollRate(300)
.importCloudWatch(true)
.enableAwsUsage(true)
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as signalfx from "@pulumi/signalfx";
const awsMyteamExtern = new signalfx.aws.ExternalIntegration("awsMyteamExtern", {});
const signalfxAssumePolicy = aws.iam.getPolicyDocumentOutput({
statements: [{
actions: ["sts:AssumeRole"],
principals: [{
type: "AWS",
identifiers: [awsMyteamExtern.signalfxAwsAccount],
}],
conditions: [{
test: "StringEquals",
variable: "sts:ExternalId",
values: [awsMyteamExtern.externalId],
}],
}],
});
const awsSplunkRole = new aws.iam.Role("awsSplunkRole", {
description: "signalfx integration to read out data and send it to signalfxs aws account",
assumeRolePolicy: signalfxAssumePolicy.apply(signalfxAssumePolicy => signalfxAssumePolicy.json),
});
const awsSplunkPolicy = new aws.iam.Policy("awsSplunkPolicy", {
description: "AWS permissions required by the Splunk Observability Cloud",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
`,
});
const splunkRolePolicyAttach = new aws.iam.RolePolicyAttachment("splunkRolePolicyAttach", {
role: awsSplunkRole.name,
policyArn: awsSplunkPolicy.arn,
});
const awsMyteam = new signalfx.aws.Integration("awsMyteam", {
enabled: true,
integrationId: awsMyteamExtern.id,
externalId: awsMyteamExtern.externalId,
roleArn: awsSplunkRole.arn,
regions: ["us-east-1"],
pollRate: 300,
importCloudWatch: true,
enableAwsUsage: true,
});
import pulumi
import pulumi_aws as aws
import pulumi_signalfx as signalfx
aws_myteam_extern = signalfx.aws.ExternalIntegration("awsMyteamExtern")
signalfx_assume_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
actions=["sts:AssumeRole"],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=[aws_myteam_extern.signalfx_aws_account],
)],
conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
variable="sts:ExternalId",
values=[aws_myteam_extern.external_id],
)],
)])
aws_splunk_role = aws.iam.Role("awsSplunkRole",
description="signalfx integration to read out data and send it to signalfxs aws account",
assume_role_policy=signalfx_assume_policy.json)
aws_splunk_policy = aws.iam.Policy("awsSplunkPolicy",
description="AWS permissions required by the Splunk Observability Cloud",
policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
""")
splunk_role_policy_attach = aws.iam.RolePolicyAttachment("splunkRolePolicyAttach",
role=aws_splunk_role.name,
policy_arn=aws_splunk_policy.arn)
aws_myteam = signalfx.aws.Integration("awsMyteam",
enabled=True,
integration_id=aws_myteam_extern.id,
external_id=aws_myteam_extern.external_id,
role_arn=aws_splunk_role.arn,
regions=["us-east-1"],
poll_rate=300,
import_cloud_watch=True,
enable_aws_usage=True)
resources:
awsMyteamExtern:
type: signalfx:aws:ExternalIntegration
awsSplunkRole:
type: aws:iam:Role
properties:
description: signalfx integration to read out data and send it to signalfxs aws account
assumeRolePolicy: ${signalfxAssumePolicy.json}
awsSplunkPolicy:
type: aws:iam:Policy
properties:
description: AWS permissions required by the Splunk Observability Cloud
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"directconnect:DescribeConnections",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeRegions",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"es:DescribeElasticsearchDomain",
"es:ListDomainNames",
"kinesis:DescribeStream",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"lambda:GetAlias",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketNotification",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"states:ListStateMachines",
"tag:GetResources",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
splunkRolePolicyAttach:
type: aws:iam:RolePolicyAttachment
properties:
role: ${awsSplunkRole.name}
policyArn: ${awsSplunkPolicy.arn}
awsMyteam:
type: signalfx:aws:Integration
properties:
enabled: true
integrationId: ${awsMyteamExtern.id}
externalId: ${awsMyteamExtern.externalId}
roleArn: ${awsSplunkRole.arn}
# token = "abc123"
# # key = "abc123"
regions:
- us-east-1
pollRate: 300
importCloudWatch: true
enableAwsUsage: true
variables:
signalfxAssumePolicy:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRole
principals:
- type: AWS
identifiers:
- ${awsMyteamExtern.signalfxAwsAccount}
conditions:
- test: StringEquals
variable: sts:ExternalId
values:
- ${awsMyteamExtern.externalId}
Create ExternalIntegration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ExternalIntegration(name: string, args?: ExternalIntegrationArgs, opts?: CustomResourceOptions);@overload
def ExternalIntegration(resource_name: str,
args: Optional[ExternalIntegrationArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ExternalIntegration(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None)func NewExternalIntegration(ctx *Context, name string, args *ExternalIntegrationArgs, opts ...ResourceOption) (*ExternalIntegration, error)public ExternalIntegration(string name, ExternalIntegrationArgs? args = null, CustomResourceOptions? opts = null)
public ExternalIntegration(String name, ExternalIntegrationArgs args)
public ExternalIntegration(String name, ExternalIntegrationArgs args, CustomResourceOptions options)
type: signalfx:aws:ExternalIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ExternalIntegrationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var externalIntegrationResource = new SignalFx.Aws.ExternalIntegration("externalIntegrationResource", new()
{
Name = "string",
});
example, err := aws.NewExternalIntegration(ctx, "externalIntegrationResource", &aws.ExternalIntegrationArgs{
Name: pulumi.String("string"),
})
var externalIntegrationResource = new ExternalIntegration("externalIntegrationResource", ExternalIntegrationArgs.builder()
.name("string")
.build());
external_integration_resource = signalfx.aws.ExternalIntegration("externalIntegrationResource", name="string")
const externalIntegrationResource = new signalfx.aws.ExternalIntegration("externalIntegrationResource", {name: "string"});
type: signalfx:aws:ExternalIntegration
properties:
name: string
ExternalIntegration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ExternalIntegration resource accepts the following input properties:
- Name string
- The name of this integration
- Name string
- The name of this integration
- name String
- The name of this integration
- name string
- The name of this integration
- name str
- The name of this integration
- name String
- The name of this integration
Outputs
All input properties are implicitly available as output properties. Additionally, the ExternalIntegration resource produces the following output properties:
- External
Id string - The external ID to use with your IAM role and with
signalfx.aws.Integration. - Id string
- The provider-assigned unique ID for this managed resource.
- Signalfx
Aws stringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- External
Id string - The external ID to use with your IAM role and with
signalfx.aws.Integration. - Id string
- The provider-assigned unique ID for this managed resource.
- Signalfx
Aws stringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- external
Id String - The external ID to use with your IAM role and with
signalfx.aws.Integration. - id String
- The provider-assigned unique ID for this managed resource.
- signalfx
Aws StringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- external
Id string - The external ID to use with your IAM role and with
signalfx.aws.Integration. - id string
- The provider-assigned unique ID for this managed resource.
- signalfx
Aws stringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- external_
id str - The external ID to use with your IAM role and with
signalfx.aws.Integration. - id str
- The provider-assigned unique ID for this managed resource.
- signalfx_
aws_ straccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- external
Id String - The external ID to use with your IAM role and with
signalfx.aws.Integration. - id String
- The provider-assigned unique ID for this managed resource.
- signalfx
Aws StringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
Look up Existing ExternalIntegration Resource
Get an existing ExternalIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ExternalIntegrationState, opts?: CustomResourceOptions): ExternalIntegration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
external_id: Optional[str] = None,
name: Optional[str] = None,
signalfx_aws_account: Optional[str] = None) -> ExternalIntegrationfunc GetExternalIntegration(ctx *Context, name string, id IDInput, state *ExternalIntegrationState, opts ...ResourceOption) (*ExternalIntegration, error)public static ExternalIntegration Get(string name, Input<string> id, ExternalIntegrationState? state, CustomResourceOptions? opts = null)public static ExternalIntegration get(String name, Output<String> id, ExternalIntegrationState state, CustomResourceOptions options)resources: _: type: signalfx:aws:ExternalIntegration get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- External
Id string - The external ID to use with your IAM role and with
signalfx.aws.Integration. - Name string
- The name of this integration
- Signalfx
Aws stringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- External
Id string - The external ID to use with your IAM role and with
signalfx.aws.Integration. - Name string
- The name of this integration
- Signalfx
Aws stringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- external
Id String - The external ID to use with your IAM role and with
signalfx.aws.Integration. - name String
- The name of this integration
- signalfx
Aws StringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- external
Id string - The external ID to use with your IAM role and with
signalfx.aws.Integration. - name string
- The name of this integration
- signalfx
Aws stringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- external_
id str - The external ID to use with your IAM role and with
signalfx.aws.Integration. - name str
- The name of this integration
- signalfx_
aws_ straccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
- external
Id String - The external ID to use with your IAM role and with
signalfx.aws.Integration. - name String
- The name of this integration
- signalfx
Aws StringAccount - The AWS Account ARN to use with your policies/roles, provided by SignalFx.
Package Details
- Repository
- SignalFx pulumi/pulumi-signalfx
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
signalfxTerraform Provider.
Viewing docs for SignalFx v5.10.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
