Aws nr test

[ben851]

Summary | Résumé

TODO: 1-3 sentence description of the changed you're proposing.

Related Issues | Cartes liées

• https://app.zenhub.com/workspaces/notify-planning-614b3ad91bc2030015ed22f5/issues/gh/cds-snc/notification-planning/1
• https://app.zenhub.com/workspaces/notify-planning-core-6411dfb7c95fb80014e0cab0/issues/gh/cds-snc/notification-planning-core/1

Test instructions | Instructions pour tester la modification

TODO: Fill in test instructions for the reviewer.

Release Instructions | Instructions pour le déploiement

None.

Reviewer checklist | Liste de vérification du réviseur

• [ ] This PR does not break existing functionality.
• [ ] This PR does not violate GCNotify's privacy policies.
• [ ] This PR does not raise new security concerns. Refer to our GC Notify Risk Register document on our Google drive.
• [ ] This PR does not significantly alter performance.
• [ ] Additional required documentation resulting of these changes is covered (such as the README, setup instructions, a related ADR or the technical documentation).

⚠ If boxes cannot be checked off before merging the PR, they should be moved to the "Release Instructions" section with appropriate steps required to verify before release. For example, changes to celery code may require tests on staging to verify that performance has not been affected.

[github-actions[bot]]

Staging: newrelic

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success

Plan: 21 to add, 0 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|---------------------------------------------------------------------| | add | `aws_cloudwatch_metric_stream.newrelic_metric_stream` | | | `aws_config_configuration_recorder_status.newrelic_recorder_status` | | | `aws_config_delivery_channel.newrelic_recorder_delivery` | | | `aws_iam_policy.newrelic_aws_permissions` | | | `aws_iam_role.firehose_newrelic_role` | | | `aws_iam_role.metric_stream_to_firehose` | | | `aws_iam_role.newrelic_aws_role` | | | `aws_iam_role.newrelic_configuration_recorder` | | | `aws_iam_role_policy.metric_stream_to_firehose` | | | `aws_iam_role_policy.newrelic_configuration_recorder_s3` | | | `aws_iam_role_policy_attachment.newrelic_aws_policy_attach` | | | `aws_iam_role_policy_attachment.newrelic_configuration_recorder` | | | `aws_kinesis_firehose_delivery_stream.newrelic_firehose_stream` | | | `aws_s3_bucket.newrelic_aws_bucket` | | | `aws_s3_bucket.newrelic_configuration_recorder_s3` | | | `aws_s3_bucket_ownership_controls.newrelic_ownership_controls` | | | `newrelic_api_access_key.newrelic_aws_access_key` | | | `newrelic_cloud_aws_integrations.newrelic_cloud_integration_pull` | | | `newrelic_cloud_aws_link_account.newrelic_cloud_integration_pull` | | | `newrelic_cloud_aws_link_account.newrelic_cloud_integration_push` | | | `random_string.s3-bucket-name` |

Show plan

```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_cloudwatch_metric_stream.newrelic_metric_stream will be created + resource "aws_cloudwatch_metric_stream" "newrelic_metric_stream" { + arn = (known after apply) + creation_date = (known after apply) + firehose_arn = (known after apply) + id = (known after apply) + last_update_date = (known after apply) + name = "newrelic-metric-stream-staging" + name_prefix = (known after apply) + output_format = "opentelemetry0.7" + role_arn = (known after apply) + state = (known after apply) + tags_all = (known after apply) } # aws_config_configuration_recorder_status.newrelic_recorder_status will be created + resource "aws_config_configuration_recorder_status" "newrelic_recorder_status" { + id = (known after apply) + is_enabled = true + name = "aws-controltower-BaselineConfigRecorder" } # aws_config_delivery_channel.newrelic_recorder_delivery will be created + resource "aws_config_delivery_channel" "newrelic_recorder_delivery" { + id = (known after apply) + name = "newrelic_configuration_recorder-staging" + s3_bucket_name = (known after apply) } # aws_iam_policy.newrelic_aws_permissions will be created + resource "aws_iam_policy" "newrelic_aws_permissions" { + arn = (known after apply) + attachment_count = (known after apply) + id = (known after apply) + name = "NewRelicCloudStreamReadPermissions-staging" + name_prefix = (known after apply) + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "budgets:ViewBudget", + "cloudtrail:LookupEvents", + "config:BatchGetResourceConfig", + "config:ListDiscoveredResources", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeNatGateways", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeNetworkAcls", + "ec2:DescribeVpcAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpnConnections", + "health:DescribeAffectedEntities", + "health:DescribeEventDetails", + "health:DescribeEvents", + "tag:GetResources", + "xray:BatchGet*", + "xray:Get*", ] + Effect = "Allow" + Resource = "*" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_role.firehose_newrelic_role will be created + resource "aws_iam_role" "firehose_newrelic_role" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "firehose.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "firehose_newrelic_role_staging" + name_prefix = (known after apply) + path = "/" + tags_all = (known after apply) + unique_id = (known after apply) } # aws_iam_role.metric_stream_to_firehose will be created + resource "aws_iam_role" "metric_stream_to_firehose" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "streams.metrics.cloudwatch.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "newrelic_metric_stream_to_firehose_role_staging" + name_prefix = (known after apply) + path = "/" + tags_all = (known after apply) + unique_id = (known after apply) } # aws_iam_role.newrelic_aws_role will be created + resource "aws_iam_role" "newrelic_aws_role" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Condition = { + StringEquals = { + "sts:ExternalId" = "2691974" } } + Effect = "Allow" + Principal = { + AWS = "754728514883" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + description = "New Relic Cloud integration role" + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "NewRelicInfrastructure-Integrations-staging" + name_prefix = (known after apply) + path = "/" + tags_all = (known after apply) + unique_id = (known after apply) } # aws_iam_role.newrelic_configuration_recorder will be created + resource "aws_iam_role" "newrelic_configuration_recorder" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "config.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "newrelic_configuration_recorder-staging" + name_prefix = (known after apply) + path = "/" + tags_all = (known after apply) + unique_id = (known after apply) } # aws_iam_role_policy.metric_stream_to_firehose will be created + resource "aws_iam_role_policy" "metric_stream_to_firehose" { + id = (known after apply) + name = "default" + name_prefix = (known after apply) + policy = (known after apply) + role = (known after apply) } # aws_iam_role_policy.newrelic_configuration_recorder_s3 will be created + resource "aws_iam_role_policy" "newrelic_configuration_recorder_s3" { + id = (known after apply) + name = "newrelic-configuration-recorder-s3-staging" + name_prefix = (known after apply) + policy = (known after apply) + role = (known after apply) } # aws_iam_role_policy_attachment.newrelic_aws_policy_attach will be created + resource "aws_iam_role_policy_attachment" "newrelic_aws_policy_attach" { + id = (known after apply) + policy_arn = (known after apply) + role = "NewRelicInfrastructure-Integrations-staging" } # aws_iam_role_policy_attachment.newrelic_configuration_recorder will be created + resource "aws_iam_role_policy_attachment" "newrelic_configuration_recorder" { + id = (known after apply) + policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole" + role = "newrelic_configuration_recorder-staging" } # aws_kinesis_firehose_delivery_stream.newrelic_firehose_stream will be created + resource "aws_kinesis_firehose_delivery_stream" "newrelic_firehose_stream" { + arn = (known after apply) + destination = "http_endpoint" + destination_id = (known after apply) + id = (known after apply) + name = "newrelic_firehose_stream_staging" + tags_all = (known after apply) + version_id = (known after apply) + http_endpoint_configuration { + access_key = (sensitive value) + buffering_interval = 60 + buffering_size = 1 + name = "New Relic staging" + retry_duration = 300 + role_arn = (known after apply) + s3_backup_mode = "FailedDataOnly" + url = "https://aws-api.newrelic.com/cloudwatch-metrics/v1" + request_configuration { + content_encoding = "GZIP" } + s3_configuration { + bucket_arn = (known after apply) + buffering_interval = 400 + buffering_size = 10 + compression_format = "GZIP" + role_arn = (known after apply) } } } # aws_s3_bucket.newrelic_aws_bucket will be created + resource "aws_s3_bucket" "newrelic_aws_bucket" { + acceleration_status = (known after apply) + acl = (known after apply) + arn = (known after apply) + bucket = (known after apply) + bucket_domain_name = (known after apply) + bucket_prefix = (known after apply) + bucket_regional_domain_name = (known after apply) + force_destroy = true + hosted_zone_id = (known after apply) + id = (known after apply) + object_lock_enabled = (known after apply) + policy = (known after apply) + region = (known after apply) + request_payer = (known after apply) + tags_all = (known after apply) + website_domain = (known after apply) + website_endpoint = (known after apply) } # aws_s3_bucket.newrelic_configuration_recorder_s3 will be created + resource "aws_s3_bucket" "newrelic_configuration_recorder_s3" { + acceleration_status = (known after apply) + acl = (known after apply) + arn = (known after apply) + bucket = (known after apply) + bucket_domain_name = (known after apply) + bucket_prefix = (known after apply) + bucket_regional_domain_name = (known after apply) + force_destroy = true + hosted_zone_id = (known after apply) + id = (known after apply) + object_lock_enabled = (known after apply) + policy = (known after apply) + region = (known after apply) + request_payer = (known after apply) + tags_all = (known after apply) + website_domain = (known after apply) + website_endpoint = (known after apply) } # aws_s3_bucket_ownership_controls.newrelic_ownership_controls will be created + resource "aws_s3_bucket_ownership_controls" "newrelic_ownership_controls" { + bucket = (known after apply) + id = (known after apply) + rule { + object_ownership = "BucketOwnerEnforced" } } # newrelic_api_access_key.newrelic_aws_access_key will be created + resource "newrelic_api_access_key" "newrelic_aws_access_key" { + account_id = (sensitive value) + id = (known after apply) + ingest_type = "LICENSE" + key = (sensitive value) + key_type = "INGEST" + name = "Metric Stream Key for staging" + notes = "AWS Cloud Integrations Metric Stream Key" + user_id = (known after apply) } # newrelic_cloud_aws_integrations.newrelic_cloud_integration_pull will be created + resource "newrelic_cloud_aws_integrations" "newrelic_cloud_integration_pull" { + account_id = (sensitive value) + id = (known after apply) + linked_account_id = (known after apply) + alb {} + api_gateway {} + auto_scaling {} + aws_app_sync {} + aws_athena {} + aws_cognito {} + aws_connect {} + aws_direct_connect {} + aws_fsx {} + aws_glue {} + aws_kinesis_analytics {} + aws_media_convert {} + aws_media_package_vod {} + aws_mq {} + aws_msk {} + aws_neptune {} + aws_qldb {} + aws_route53resolver {} + aws_states {} + aws_transit_gateway {} + aws_waf {} + aws_wafv2 {} + billing {} + cloudfront {} + cloudtrail {} + doc_db {} + dynamodb {} + ebs {} + ec2 {} + ecs {} + efs {} + elasticache {} + elasticbeanstalk {} + elasticsearch {} + elb {} + emr {} + health {} + iam {} + iot {} + kinesis {} + kinesis_firehose {} + lambda {} + rds {} + redshift {} + route53 {} + s3 {} + ses {} + sns {} + sqs {} + trusted_advisor {} + vpc {} + x_ray {} } # newrelic_cloud_aws_link_account.newrelic_cloud_integration_pull will be created + resource "newrelic_cloud_aws_link_account" "newrelic_cloud_integration_pull" { + account_id = (sensitive value) + arn = (known after apply) + id = (known after apply) + metric_collection_mode = "PULL" + name = "staging pull" } # newrelic_cloud_aws_link_account.newrelic_cloud_integration_push will be created + resource "newrelic_cloud_aws_link_account" "newrelic_cloud_integration_push" { + account_id = (sensitive value) + arn = (known after apply) + id = (known after apply) + metric_collection_mode = "PUSH" + name = "staging metric stream" } # random_string.s3-bucket-name will be created + resource "random_string" "s3-bucket-name" { + id = (known after apply) + length = 8 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + numeric = true + result = (known after apply) + special = false + upper = false } Plan: 21 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```