Merge pull request #38 from SumoLogic/SUMO-254952

Sumo 254952: Sumo tf provider v3 updated | Mum deployment removed

Author: akhil-sumologic

README.md

@@ -30,7 +30,7 @@ The modules configure/create the following resources:
         }
         sumologic = {
           source  = "sumologic/sumologic"
-          version = ">= 2.31.3, < 3.0.0"
+          version = ">= 2.31.3, < 4.0.0"
         }
         jira = {
           source  = "fourplusone/jira"

aws/cloudtrail/README.md

@@ -15,7 +15,7 @@ This module is used to create AWS and Sumo Logic resource to collect CloudTrail
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.16.2, < 6.0.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >=3.1.0 |
-| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.31.3, < 3.0.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.31.3, < 4.0.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >=0.7.1 |
 
 ## Providers
@@ -24,7 +24,7 @@ This module is used to create AWS and Sumo Logic resource to collect CloudTrail
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.16.2, < 6.0.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >=3.1.0 |
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.31.3, < 3.0.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.31.3, < 4.0.0 |
 | <a name="provider_time"></a> [time](#provider\_time) | >=0.7.1 |
 
 ## Modules
@@ -38,6 +38,7 @@ No modules.
 | [aws_cloudtrail.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource |
 | [aws_iam_policy.iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.source_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.source-role-policy-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_s3_bucket.s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_notification.bucket_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) | resource |
 | [aws_s3_bucket_policy.s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
@@ -55,13 +56,13 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cloudtrail_details"></a> [cloudtrail\_details](#input\_cloudtrail\_details) | Provide details for the AWS CloudTrail. If not provided, then defaults will be used. | <pre>object({<br>    name                          = string<br>    is_multi_region_trail         = bool<br>    is_organization_trail         = bool<br>    include_global_service_events = bool<br>  })</pre> | <pre>{<br>  "include_global_service_events": false,<br>  "is_multi_region_trail": false,<br>  "is_organization_trail": false,<br>  "name": "SumoLogic-Terraform-CloudTrail-random-id"<br>}</pre> | no |
-| <a name="input_collector_details"></a> [collector\_details](#input\_collector\_details) | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic CloudTrail Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS cloudtrail module to collect AWS cloudtrail logs.",<br>  "fields": {}<br>}</pre> | no |
+| <a name="input_cloudtrail_details"></a> [cloudtrail\_details](#input\_cloudtrail\_details) | Provide details for the AWS CloudTrail. If not provided, then defaults will be used. | <pre>object({<br/>    name                          = string<br/>    is_multi_region_trail         = bool<br/>    is_organization_trail         = bool<br/>    include_global_service_events = bool<br/>  })</pre> | <pre>{<br/>  "include_global_service_events": false,<br/>  "is_multi_region_trail": false,<br/>  "is_organization_trail": false,<br/>  "name": "SumoLogic-Terraform-CloudTrail-random-id"<br/>}</pre> | no |
+| <a name="input_collector_details"></a> [collector\_details](#input\_collector\_details) | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br/>    collector_name = string<br/>    description    = string<br/>    fields         = map(string)<br/>  })</pre> | <pre>{<br/>  "collector_name": "SumoLogic CloudTrail Collector <Random ID>",<br/>  "description": "This collector is created using Sumo Logic terraform AWS cloudtrail module to collect AWS cloudtrail logs.",<br/>  "fields": {}<br/>}</pre> | no |
 | <a name="input_create_collector"></a> [create\_collector](#input\_create\_collector) | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
 | <a name="input_create_trail"></a> [create\_trail](#input\_create\_trail) | Provide "true" if you would like to create the AWS CloudTrail. If the bucket is created by the module, module by default creates the AWS cloudtrail. | `bool` | n/a | yes |
-| <a name="input_source_details"></a> [source\_details](#input\_source\_details) | Provide details for the Sumo Logic CloudTrail source. If not provided, then defaults will be used. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    collector_id    = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    paused               = bool<br>    scan_interval        = string<br>    sumo_account_id      = number<br>    cutoff_relative_time = string<br>    fields               = map(string)<br>    iam_details = object({<br>      create_iam_role = bool<br>      iam_role_arn    = string<br>    })<br>    sns_topic_details = object({<br>      create_sns_topic = bool<br>      sns_topic_arn    = string<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "cloudtrail-logs-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "AWSLogs/<ACCOUNT-ID>/CloudTrail/<REGION-NAME>/*"<br>  },<br>  "collector_id": "",<br>  "cutoff_relative_time": "-1d",<br>  "description": "This source is created using Sumo Logic terraform AWS cloudtrail module to collect AWS cloudtrail logs.",<br>  "fields": {},<br>  "iam_details": {<br>    "create_iam_role": true,<br>    "iam_role_arn": null<br>  },<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "sns_topic_details": {<br>    "create_sns_topic": true,<br>    "sns_topic_arn": null<br>  },<br>  "source_category": "Labs/aws/cloudtrail",<br>  "source_name": "CloudTrail Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
+| <a name="input_source_details"></a> [source\_details](#input\_source\_details) | Provide details for the Sumo Logic CloudTrail source. If not provided, then defaults will be used. | <pre>object({<br/>    source_name     = string<br/>    source_category = string<br/>    collector_id    = string<br/>    description     = string<br/>    bucket_details = object({<br/>      create_bucket        = bool<br/>      bucket_name          = string<br/>      path_expression      = string<br/>      force_destroy_bucket = bool<br/>    })<br/>    paused               = bool<br/>    scan_interval        = string<br/>    sumo_account_id      = number<br/>    cutoff_relative_time = string<br/>    fields               = map(string)<br/>    iam_details = object({<br/>      create_iam_role = bool<br/>      iam_role_arn    = string<br/>    })<br/>    sns_topic_details = object({<br/>      create_sns_topic = bool<br/>      sns_topic_arn    = string<br/>    })<br/>  })</pre> | <pre>{<br/>  "bucket_details": {<br/>    "bucket_name": "cloudtrail-logs-random-id",<br/>    "create_bucket": true,<br/>    "force_destroy_bucket": true,<br/>    "path_expression": "AWSLogs/<ACCOUNT-ID>/CloudTrail/<REGION-NAME>/*"<br/>  },<br/>  "collector_id": "",<br/>  "cutoff_relative_time": "-1d",<br/>  "description": "This source is created using Sumo Logic terraform AWS cloudtrail module to collect AWS cloudtrail logs.",<br/>  "fields": {},<br/>  "iam_details": {<br/>    "create_iam_role": true,<br/>    "iam_role_arn": null<br/>  },<br/>  "paused": false,<br/>  "scan_interval": 300000,<br/>  "sns_topic_details": {<br/>    "create_sns_topic": true,<br/>    "sns_topic_arn": null<br/>  },<br/>  "source_category": "Labs/aws/cloudtrail",<br/>  "source_name": "CloudTrail Source",<br/>  "sumo_account_id": 926226587429<br/>}</pre> | no |
 | <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
-| <a name="input_wait_for_seconds"></a> [wait\_for\_seconds](#input\_wait\_for\_seconds) | wait\_for\_seconds is used to delay sumo logic source creation. This helps persisting IAM role in AWS system.<br>        Default value is 180 seconds.<br>        If the AWS IAM role is created outside the module, the value can be decreased to 1 second. | `number` | `180` | no |
+| <a name="input_wait_for_seconds"></a> [wait\_for\_seconds](#input\_wait\_for\_seconds) | wait\_for\_seconds is used to delay sumo logic source creation. This helps persisting IAM role in AWS system.<br/>        Default value is 180 seconds.<br/>        If the AWS IAM role is created outside the module, the value can be decreased to 1 second. | `number` | `180` | no |
 
 ## Outputs
 

aws/cloudtrail/cloudtrail.tf

@@ -75,8 +75,6 @@ resource "aws_iam_role" "source_iam_role" {
     ENVIRONMENT           = data.sumologic_caller_identity.current.environment,
     SUMO_LOGIC_ORG_ID     = var.sumologic_organization_id
   })
-
-  managed_policy_arns = [aws_iam_policy.iam_policy["iam_policy"].arn]
 }
 
 resource "aws_iam_policy" "iam_policy" {
@@ -88,6 +86,12 @@ resource "aws_iam_policy" "iam_policy" {
   })
 }
 
+resource "aws_iam_role_policy_attachment" "source-role-policy-attach" {
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["source_iam_role"] : [])
+  role       = aws_iam_role.source_iam_role["source_iam_role"].name
+  policy_arn = aws_iam_policy.iam_policy["iam_policy"].arn
+}
+
 resource "sumologic_collector" "collector" {
   for_each    = toset(var.create_collector ? ["collector"] : [])
   name        = local.collector_name

aws/cloudtrail/examples/default/README.md

@@ -5,15 +5,15 @@
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.16.2, < 6.0.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >=3.1.0 |
-| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.31.3, < 3.0.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.31.3, < 4.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.43.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.6.0 |
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.28.3 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.16.2, < 6.0.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | >=3.1.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.31.3, < 4.0.0 |
 
 ## Modules
 
@@ -36,8 +36,8 @@
 |------|-------------|------|---------|:--------:|
 | <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
-| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
-| <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |
+| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, fed, jp, kr, us1 or us2. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br/>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |
 
 ## Outputs
 

aws/cloudtrail/examples/default/main.auto.tfvars

@@ -1,5 +1,5 @@
 ####### BELOW ARE REQUIRED PARAMETERS FOR TERRAFORM SCRIPT #######
-sumologic_environment       = "<YOUR SUMO DEPLOYMENT>"   # Please replace <YOUR SUMO DEPLOYMENT> (including brackets) with au, ca, de, eu, fed, in, jp, kr, us1 or us2.
+sumologic_environment       = "<YOUR SUMO DEPLOYMENT>"   # Please replace <YOUR SUMO DEPLOYMENT> (including brackets) with au, ca, de, eu, fed, jp, kr, us1 or us2.
 sumologic_organization_id   = "<YOUR SUMO ORG ID>"       # Please replace <YOUR SUMO ORG ID> (including brackets) with your Sumo Logic Organization ID.
 sumologic_access_id         = "<YOUR SUMO ACCESS ID>"    # Please replace <YOUR SUMO ACCESS ID> (including brackets) with your Sumo Logic Access ID.
-sumologic_access_key        = "<YOUR SUMO ACCESS KEY>"   # Please replace <YOUR SUMO ACCESS KEY> (including brackets) with your Sumo Logic Access KEY.
+sumologic_access_key        = "<YOUR SUMO ACCESS KEY>"   # Please replace <YOUR SUMO ACCESS KEY> (including brackets) with your Sumo Logic Access KEY.

aws/cloudtrail/examples/default/main.tf

@@ -1,4 +1,3 @@
-
 resource "random_string" "aws_random" {
   length  = 10
   upper   = false

aws/cloudtrail/examples/default/variables.tf

@@ -1,6 +1,6 @@
 variable "sumologic_environment" {
   type        = string
-  description = "Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+  description = "Enter au, ca, de, eu, fed, jp, kr, us1 or us2. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 
   validation {
     condition = contains([
@@ -9,13 +9,12 @@ variable "sumologic_environment" {
       "de",
       "eu",
       "fed",
-      "in",
       "jp",
       "kr",
       "us1",
       "us2"
     ], var.sumologic_environment)
-    error_message = "The value must be one of au, ca, de, eu, fed, in, jp, kr, us1 or us2."
+    error_message = "The value must be one of au, ca, de, eu, fed, jp, kr, us1 or us2."
   }
 }
 

aws/cloudtrail/examples/default/versions.tf

@@ -3,7 +3,7 @@ terraform {
 
   required_providers {
     sumologic = {
-      version = ">= 2.31.3, < 3.0.0"
+      version = ">= 2.31.3, < 4.0.0"
       source  = "SumoLogic/sumologic"
     }
     aws = {

aws/cloudtrail/versions.tf

@@ -7,7 +7,7 @@ terraform {
       version = ">= 5.16.2, < 6.0.0"
     }
     sumologic = {
-      version = ">= 2.31.3, < 3.0.0"
+      version = ">= 2.31.3, < 4.0.0"
       source  = "SumoLogic/sumologic"
     }
     time = {