Merge branch 'improvement/add_cloud-init_to_replace_cwa_configuration…

…' into testing/redeployment_updates
cisagov · Oct 6, 2023 · 8125e8b · 8125e8b
2 parents e097779 + ccd6651
commit 8125e8b
Show file tree

Hide file tree

Showing 11 changed files with 594 additions and 1 deletion.
diff --git a/terraform/bod_bastion_cloud_init.tf b/terraform/bod_bastion_cloud_init.tf
@@ -15,4 +15,13 @@ data "cloudinit_config" "bod_bastion_cloud_init_tasks" {
     filename     = "set_hostname.yml"
     merge_type   = "list(append)+dict(recurse_array)+str()"
   }
+
+  part {
+    content = templatefile("${path.module}/cloud-init/configure_cloudwatch_agent.tpl.yml", {
+      cloudwatch_agent_log_group_base_name = local.bod_cloudwatch_agent_log_group_base
+    })
+    content_type = "text/cloud-config"
+    filename     = "configure_cloudwatch_agent.yml"
+    merge_type   = "list(append)+dict(recurse_array)+str()"
+  }
 }
diff --git a/terraform/bod_docker_cloud_init.tf b/terraform/bod_docker_cloud_init.tf
@@ -17,6 +17,15 @@ data "cloudinit_config" "bod_docker_cloud_init_tasks" {
     merge_type   = "list(append)+dict(recurse_array)+str()"
   }
 
+  part {
+    content = templatefile("${path.module}/cloud-init/configure_cloudwatch_agent.tpl.yml", {
+      cloudwatch_agent_log_group_base_name = local.bod_cloudwatch_agent_log_group_base
+    })
+    content_type = "text/cloud-config"
+    filename     = "configure_cloudwatch_agent.yml"
+    merge_type   = "list(append)+dict(recurse_array)+str()"
+  }
+
   part {
     content = templatefile("${path.module}/cloud-init/chown_directory.tpl.sh", {
       group          = "cyhy"

diff --git a/terraform/cloud-init/configure_cloudwatch_agent.tpl.yml b/terraform/cloud-init/configure_cloudwatch_agent.tpl.yml
diff --git a/terraform/cyhy_bastion_cloud_init.tf b/terraform/cyhy_bastion_cloud_init.tf
@@ -15,4 +15,13 @@ data "cloudinit_config" "cyhy_bastion_cloud_init_tasks" {
     filename     = "set_hostname.yml"
     merge_type   = "list(append)+dict(recurse_array)+str()"
   }
+
+  part {
+    content = templatefile("${path.module}/cloud-init/configure_cloudwatch_agent.tpl.yml", {
+      cloudwatch_agent_log_group_base_name = local.cyhy_cloudwatch_agent_log_group_base
+    })
+    content_type = "text/cloud-config"
+    filename     = "configure_cloudwatch_agent.yml"
+    merge_type   = "list(append)+dict(recurse_array)+str()"
+  }
 }
diff --git a/terraform/cyhy_dashboard_cloud_init.tf b/terraform/cyhy_dashboard_cloud_init.tf
@@ -16,6 +16,15 @@ data "cloudinit_config" "cyhy_dashboard_cloud_init_tasks" {
     merge_type   = "list(append)+dict(recurse_array)+str()"
   }
 
+  part {
+    content = templatefile("${path.module}/cloud-init/configure_cloudwatch_agent.tpl.yml", {
+      cloudwatch_agent_log_group_base_name = local.cyhy_cloudwatch_agent_log_group_base
+    })
+    content_type = "text/cloud-config"
+    filename     = "configure_cloudwatch_agent.yml"
+    merge_type   = "list(append)+dict(recurse_array)+str()"
+  }
+
   part {
     content = templatefile("${path.module}/cloud-init/chown_directory.tpl.sh", {
       group          = "cyhy"

diff --git a/terraform/cyhy_mongo_cloud_init.tf b/terraform/cyhy_mongo_cloud_init.tf
@@ -19,6 +19,15 @@ data "cloudinit_config" "cyhy_mongo_cloud_init_tasks" {
     merge_type   = "list(append)+dict(recurse_array)+str()"
   }
 
+  part {
+    content = templatefile("${path.module}/cloud-init/configure_cloudwatch_agent.tpl.yml", {
+      cloudwatch_agent_log_group_base_name = local.cyhy_cloudwatch_agent_log_group_base
+    })
+    content_type = "text/cloud-config"
+    filename     = "configure_cloudwatch_agent.yml"
+    merge_type   = "list(append)+dict(recurse_array)+str()"
+  }
+
   part {
     content = templatefile("${path.module}/cloud-init/chown_directory.tpl.sh", {
       group          = "cyhy"

diff --git a/terraform/cyhy_nessus_cloud_init.tf b/terraform/cyhy_nessus_cloud_init.tf
@@ -19,6 +19,15 @@ data "cloudinit_config" "cyhy_nessus_cloud_init_tasks" {
     merge_type   = "list(append)+dict(recurse_array)+str()"
   }
 
+  part {
+    content = templatefile("${path.module}/cloud-init/configure_cloudwatch_agent.tpl.yml", {
+      cloudwatch_agent_log_group_base_name = local.cyhy_cloudwatch_agent_log_group_base
+    })
+    content_type = "text/cloud-config"
+    filename     = "configure_cloudwatch_agent.yml"
+    merge_type   = "list(append)+dict(recurse_array)+str()"
+  }
+
   part {
     content = templatefile("${path.module}/cloud-init/chown_directory.tpl.sh", {
       group          = "cyhy"

diff --git a/terraform/cyhy_nmap_cloud_init.tf b/terraform/cyhy_nmap_cloud_init.tf
@@ -19,6 +19,15 @@ data "cloudinit_config" "cyhy_nmap_cloud_init_tasks" {
     merge_type   = "list(append)+dict(recurse_array)+str()"
   }
 
+  part {
+    content = templatefile("${path.module}/cloud-init/configure_cloudwatch_agent.tpl.yml", {
+      cloudwatch_agent_log_group_base_name = local.cyhy_cloudwatch_agent_log_group_base
+    })
+    content_type = "text/cloud-config"
+    filename     = "configure_cloudwatch_agent.yml"
+    merge_type   = "list(append)+dict(recurse_array)+str()"
+  }
+
   part {
     content = templatefile("${path.module}/cloud-init/chown_directory.tpl.sh", {
       group          = "cyhy"

diff --git a/terraform/cyhy_reporter_cloud_init.tf b/terraform/cyhy_reporter_cloud_init.tf
@@ -17,6 +17,15 @@ data "cloudinit_config" "cyhy_reporter_cloud_init_tasks" {
     merge_type   = "list(append)+dict(recurse_array)+str()"
   }
 
+  part {
+    content = templatefile("${path.module}/cloud-init/configure_cloudwatch_agent.tpl.yml", {
+      cloudwatch_agent_log_group_base_name = local.cyhy_cloudwatch_agent_log_group_base
+    })
+    content_type = "text/cloud-config"
+    filename     = "configure_cloudwatch_agent.yml"
+    merge_type   = "list(append)+dict(recurse_array)+str()"
+  }
+
   part {
     content = templatefile("${path.module}/cloud-init/chown_directory.tpl.sh", {
       group          = "cyhy"

diff --git a/terraform/locals.tf b/terraform/locals.tf
@@ -116,6 +116,14 @@ locals {
   bod_public_subdomain  = "bod.ncats."
   mgmt_public_subdomain = "mgmt.ncats."
 
+  # This base will be used by all instances for their CloudWatch Agent
+  # configuration
+  cloudwatch_agent_log_group_base = "/instance-logs/${terraform.workspace}"
+  # CloudWatch Agent log group name base for cyhy instances
+  cyhy_cloudwatch_agent_log_group_base = "${local.cloudwatch_agent_log_group_base}/${local.cyhy_private_domain}"
+  # CloudWatch Agent log group name base for bod instances
+  bod_cloudwatch_agent_log_group_base = "${local.cloudwatch_agent_log_group_base}/${local.bod_private_domain}"
+
   # DNS zone calculations based on requested instances.  The numbers
   # represent the count of IP addresses in a subnet.
   #

diff --git a/terraform/nvdsync_failure_alarms.tf b/terraform/nvdsync_failure_alarms.tf
@@ -7,7 +7,7 @@ resource "aws_cloudwatch_log_group" "instance_logs" {
   #
   # We have to account for the fact that the local hostname on the
   # instance drops the local domain name.
-  name = "/instance-logs/${split(".", each.value)[0]}"
+  name = "${local.cloudwatch_agent_log_group_base}/${split(".", each.value)[1]}/${split(".", each.value)[0]}"
 }
 
 # Create a log metric filter that bumps a metric when a syslog