examples of configuration

fivexl · Aug 14, 2023 · b43e684 · b43e684
1 parent 08ee9f4
commit b43e684
Show file tree

Hide file tree

Showing 8 changed files with 255 additions and 20 deletions.
diff --git a/examples/complete_exapmle/README.MD b/examples/complete_exapmle/README.MD
@@ -0,0 +1 @@
+# Complete example of a terraform-aws-slack-alerts configuration
diff --git a/example.tf → examples/complete_exapmle/main.tf b/example.tf → examples/complete_exapmle/main.tf
@@ -1,18 +1,15 @@
-# In almost all modules only treshold/limit amount and subscriber_sns_topic_arns or 
-# subscriber_email_addresses are required, other parameters are optional.
-
 locals {
   slack = {
-    workspace_id = "xxxxxxxxx"
+    workspace_id = "ASDFGHJKL"
     channel = {
-      "dev-alerts"  = "xxxxxxxxxxx"
-      "prod-alerts" = "xxxxxxxxxxx"
+      "prod-alerts" = "PPOIUYTREWQ"
     }
   }
+  # Both SNS topic ARN and email addresses can be used as subscribers, but at least one of them is required
   budget_subscriber_email_addresses = [
-    "mail@gmail.com",
+    "prod_alerts@gmail.com",
   ]
-  prod_sns_topic_arn = [aws_sns_topic.chatbot.arn]
+  prod_sns_topic_arn = [aws_sns_topic.prod_chatbot.arn]
 }
 
 # Optional Automatic creation Chatbot IAM role
@@ -26,13 +23,14 @@ module "chatbot_slack_workspace" {
   source = "./modules/slack_workspace"
 
   workspace_id = local.slack.workspace_id
-  # Here can be placed default_iam_role_arn for Chatbot instead automatic creation
+
+  # Here can be placed default_iam_role_arn for Chatbot instead of automatic creation
   default_iam_role_arn = module.chatbot_role.iam_role_arn
 
   # Mapping of topics to channels
   channels_config = {
-    test = {
-      slack_channel_id = local.slack.channel["dev-alerts"]
+    prod = {
+      slack_channel_id = local.slack.channel["prod-alerts"]
       sns_topic_arns   = local.prod_sns_topic_arn
     }
   }
@@ -56,7 +54,7 @@ module "savings_plans_alerts" {
   subscriber_sns_topic_arns = local.prod_sns_topic_arn
 }
 
-# Budget alert. Required to specify only limit amount and one of subscriber_sns_topic_arns or subscriber_email_addresses
+
 # It will automatically create budget, with notifications for 100%, 150% and 200% of limit amount for forecasted and actual costs
 module "budget_alerts" {
   source = "./modules/budget_alerts"
@@ -97,12 +95,13 @@ module "cost_anomaly_detection" {
 }
 
 # SNS topic for Chatbot
-resource "aws_sns_topic" "chatbot" {
+resource "aws_sns_topic" "prod_chatbot" {
   name = "test_chatbot_topic"
 }
+
 # SNS topic policy for Chatbot
-resource "aws_sns_topic_policy" "chatbot_topic" {
-  arn = aws_sns_topic.chatbot.arn
+resource "aws_sns_topic_policy" "prod_chatbot" {
+  arn = aws_sns_topic.prod_chatbot.arn
   policy = jsonencode({
     Version = "2012-10-17"
     Id      = "chatbot_topic_policy"
@@ -112,14 +111,14 @@ resource "aws_sns_topic_policy" "chatbot_topic" {
         Effect    = "Allow"
         Principal = "*"
         Action    = "sns:Publish"
-        Resource  = aws_sns_topic.chatbot.arn
+        Resource  = aws_sns_topic.prod_chatbot.arn
       },
       {
         Sid       = "AllowSNSSubscriptions"
         Effect    = "Allow"
         Principal = "*"
         Action    = "sns:Subscribe"
-        Resource  = aws_sns_topic.chatbot.arn
+        Resource  = aws_sns_topic.prod_chatbot.arn
       },
       {
         Sid    = "AllowChatbotSubscriptions"
@@ -128,7 +127,7 @@ resource "aws_sns_topic_policy" "chatbot_topic" {
           "Service" : "chatbot.amazonaws.com"
         },
         Action   = "sns:Subscribe"
-        Resource = aws_sns_topic.chatbot.arn
+        Resource = aws_sns_topic.prod_chatbot.arn
       },
       {
         Sid    = "AllowBudgetsPublish",
@@ -137,7 +136,7 @@ resource "aws_sns_topic_policy" "chatbot_topic" {
           Service = "budgets.amazonaws.com"
         },
         Action   = "SNS:Publish",
-        Resource = aws_sns_topic.chatbot.arn
+        Resource = aws_sns_topic.prod_chatbot.arn
       },
       {
         Sid    = "AllowEventsPublish",
@@ -146,7 +145,7 @@ resource "aws_sns_topic_policy" "chatbot_topic" {
           Service = "events.amazonaws.com"
         },
         Action   = "SNS:Publish",
-        Resource = aws_sns_topic.chatbot.arn
+        Resource = aws_sns_topic.prod_chatbot.arn
       }
     ]
   })

diff --git a/examples/complete_exapmle/variables.tf b/examples/complete_exapmle/variables.tf
diff --git a/examples/complete_exapmle/versions.tf b/examples/complete_exapmle/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_version = "~> 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.64"
+    }
+    awscc = {
+      source  = "hashicorp/awscc"
+      version = "0.58.0"
+    }
+  }
+}
diff --git a/examples/two_workspaces_example/README.MD b/examples/two_workspaces_example/README.MD
@@ -0,0 +1 @@
+# Complete example of two workspace configurations
diff --git a/examples/two_workspaces_example/main.tf b/examples/two_workspaces_example/main.tf
@@ -0,0 +1,208 @@
+locals {
+  budget = {
+    workspace_id = "ASDFGHJKL"
+    channel = {
+      "budget-alerts" = "QWERTYUIOPP"
+    }
+  }
+  security = {
+    workspace_id = "LKJHGFDSA"
+    channel = {
+      "security-alerts" = "PPOIUYTREWQ"
+    }
+  }
+
+  # Both SNS topic ARN and email addresses can be used as subscribers, but at least one of them is required
+  budget_subscriber_email_addresses = [
+    "[email protected]",
+  ]
+  budget_sns_topic_arn = [aws_sns_topic.budget_chatbot.arn]
+
+  security_sns_topic_arn = [aws_sns_topic.security_chatbot.arn]
+
+}
+
+# Optional Automatic creation Chatbot IAM role
+module "chatbot_role" {
+  source = "./modules/iam"
+}
+
+
+# Configuration of Slack workspace and topics to channels mapping
+module "chatbot_budget_slack_workspace" {
+  source = "./modules/slack_workspace"
+
+  workspace_id = local.budget.workspace_id
+
+  # Here can be placed default_iam_role_arn for Chatbot instead of automatic creation
+  default_iam_role_arn = module.chatbot_role.iam_role_arn
+
+  # Mapping of topics to channels
+  channels_config = {
+    test = {
+      slack_channel_id = local.budget.channel["budget-alerts"]
+      sns_topic_arns   = local.budget_sns_topic_arn
+    }
+  }
+}
+
+module "chatbot_prod_slack_workspace" {
+  source = "./modules/slack_workspace"
+
+  workspace_id = local.security.workspace_id
+
+  # Here can be placed default_iam_role_arn for Chatbot instead of automatic creation
+  default_iam_role_arn = module.chatbot_role.iam_role_arn
+
+  # Mapping of topics to channels
+  channels_config = {
+    test = {
+      slack_channel_id = local.security.channel["security-alerts"]
+      sns_topic_arns   = local.security_sns_topic_arn
+    }
+  }
+}
+
+# It will automatically create budget, with notifications for 100%, 150% and 200% of limit amount for forecasted and actual costs
+module "budget_alerts" {
+  source = "./modules/budget_alerts"
+
+  limit_amount = "10000"
+
+  subscriber_sns_topic_arns  = local.budget_sns_topic_arn
+  subscriber_email_addresses = local.budget_subscriber_email_addresses
+}
+
+module "cost_anomaly_detection" {
+  source = "./modules/cost_anomaly_detection"
+
+  # https://docs.aws.amazon.com/cost-management/latest/userguide/cad-alert-chime.html
+
+  anomaly_monitor_name      = "monitor"
+  anomaly_subscription_name = "xxxxxx"
+  frequency                 = "DAILY"
+  threshold                 = "100.0"
+
+  # TODO: % change, specific amount change
+
+  subscriber_sns_topic_arns  = local.budget_sns_topic_arn
+  subscriber_email_addresses = local.budget_subscriber_email_addresses
+}
+
+module "eventbridge_alerts" {
+  source = "./modules/eventbridge"
+
+  # create_guardduty_findings_rule will create eventbridge rule and send all GuardDuty findings to Slack
+  create_guardduty_findings_rule = true
+
+  # create_aws_health_rule will create eventbridge rule and send all AWS Health events to Slack
+  create_aws_health_rule = true
+
+  sns_topic_arn = local.security_sns_topic_arn[0]
+}
+
+
+# SNS topic for Chatbot
+resource "aws_sns_topic" "budget_chatbot" {
+  name = "test_chatbot_topic"
+}
+# SNS topic policy for Chatbot
+resource "aws_sns_topic_policy" "budget_chatbot" {
+  arn = aws_sns_topic.budget_chatbot.arn
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Id      = "chatbot_topic_policy"
+    Statement = [
+      {
+        Sid       = "AllowSNSPublish"
+        Effect    = "Allow"
+        Principal = "*"
+        Action    = "sns:Publish"
+        Resource  = aws_sns_topic.budget_chatbot.arn
+      },
+      {
+        Sid       = "AllowSNSSubscriptions"
+        Effect    = "Allow"
+        Principal = "*"
+        Action    = "sns:Subscribe"
+        Resource  = aws_sns_topic.budget_chatbot.arn
+      },
+      {
+        Sid    = "AllowChatbotSubscriptions"
+        Effect = "Allow"
+        Principal = {
+          "Service" : "chatbot.amazonaws.com"
+        },
+        Action   = "sns:Subscribe"
+        Resource = aws_sns_topic.budget_chatbot.arn
+      },
+      {
+        Sid    = "AllowBudgetsPublish",
+        Effect = "Allow",
+        Principal = {
+          Service = "budgets.amazonaws.com"
+        },
+        Action   = "SNS:Publish",
+        Resource = aws_sns_topic.budget_chatbot.arn
+      },
+      {
+        Sid    = "AllowEventsPublish",
+        Effect = "Allow",
+        Principal = {
+          Service = "events.amazonaws.com"
+        },
+        Action   = "SNS:Publish",
+        Resource = aws_sns_topic.budget_chatbot.arn
+      }
+    ]
+  })
+}
+
+# Security topic
+resource "aws_sns_topic" "security_chatbot" {
+  name = "security"
+}
+
+resource "aws_sns_topic_policy" "security_chatbot" {
+  arn = aws_sns_topic.security_chatbot.arn
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Id      = "chatbot_topic_policy"
+    Statement = [
+      {
+        Sid       = "AllowSNSPublish"
+        Effect    = "Allow"
+        Principal = "*"
+        Action    = "sns:Publish"
+        Resource  = aws_sns_topic.security_chatbot.arn
+      },
+      {
+        Sid       = "AllowSNSSubscriptions"
+        Effect    = "Allow"
+        Principal = "*"
+        Action    = "sns:Subscribe"
+        Resource  = aws_sns_topic.security_chatbot.arn
+      },
+      {
+        Sid    = "AllowChatbotSubscriptions"
+        Effect = "Allow"
+        Principal = {
+          "Service" : "chatbot.amazonaws.com"
+        },
+        Action   = "sns:Subscribe"
+        Resource = aws_sns_topic.security_chatbot.arn
+      },
+      {
+        Sid    = "AllowEventsPublish",
+        Effect = "Allow",
+        Principal = {
+          Service = "events.amazonaws.com"
+        },
+        Action   = "SNS:Publish",
+        Resource = aws_sns_topic.security_chatbot.arn
+      }
+    ]
+  })
+}
+
+
diff --git a/examples/two_workspaces_example/variables.tf b/examples/two_workspaces_example/variables.tf
diff --git a/examples/two_workspaces_example/versions.tf b/examples/two_workspaces_example/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_version = "~> 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.64"
+    }
+    awscc = {
+      source  = "hashicorp/awscc"
+      version = "0.58.0"
+    }
+  }
+}