Skip to content

Commit 413d899

Browse files
bencegadanyi1-nhsbencegadanyi1-nhs
authored
Update: [AEA-5928] - add log forwarding (#314)
## Summary - Routine Change ### Details - send api gateway logs to csoc
1 parent 8f1dc22 commit 413d899

File tree

11 files changed

+38
-3
lines changed

11 files changed

+38
-3
lines changed

.gitallowed

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ self.token = token
88
--token="\$GITHUB-TOKEN"
99
"accountId": "123456789012"
1010
accountId: "123456789012"
11+
"AWS_ACCOUNT_ID": "123456789012"
1112
console\.log\(`access token : \${access_token}`\)
1213
.*CidrBlock.*
1314
.*Gemfile\.lock.*

.github/scripts/fix_cdk_json.sh

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,5 +61,7 @@ fix_string_key enableBedrockLogging "${ENABLE_BEDROCK_LOGGING:-false}"
6161
fix_string_key slackBotToken "${SLACK_BOT_TOKEN}"
6262
fix_string_key slackSigningSecret "${SLACK_SIGNING_SECRET}"
6363
fix_string_key cfnDriftDetectionGroup "${CFN_DRIFT_DETECTION_GROUP}"
64+
fix_string_key csocApiGatewayDestination "arn:aws:logs:eu-west-2:693466633220:destination:api_gateway_log_destination" # CSOC API GW log destination - do not change
65+
fix_boolean_number_key forwardCsocLogs "${FORWARD_CSOC_LOGS}"
6466
fix_boolean_number_key isPullRequest "${IS_PULL_REQUEST}"
6567
fix_boolean_number_key runRegressionTests "${RUN_REGRESSION_TESTS}"

.github/workflows/ci.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ jobs:
7070
MARK_JIRA_RELEASED: false
7171
CREATE_INT_RC_RELEASE_NOTES: false
7272
IS_PULL_REQUEST: false
73+
FORWARD_CSOC_LOGS: false
7374
RUN_REGRESSION_TESTS: true
7475
secrets:
7576
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -99,6 +100,7 @@ jobs:
99100
MARK_JIRA_RELEASED: false
100101
CREATE_INT_RC_RELEASE_NOTES: false
101102
IS_PULL_REQUEST: false
103+
FORWARD_CSOC_LOGS: false
102104
RUN_REGRESSION_TESTS: true
103105
secrets:
104106
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/pull_request.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,7 @@ jobs:
9595
MARK_JIRA_RELEASED: false
9696
CREATE_INT_RC_RELEASE_NOTES: false
9797
IS_PULL_REQUEST: true
98+
FORWARD_CSOC_LOGS: false
9899
RUN_REGRESSION_TESTS: true
99100
secrets:
100101
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/release.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,7 @@ jobs:
6969
MARK_JIRA_RELEASED: false
7070
CREATE_INT_RC_RELEASE_NOTES: false
7171
IS_PULL_REQUEST: false
72+
FORWARD_CSOC_LOGS: false
7273
RUN_REGRESSION_TESTS: true
7374
secrets:
7475
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -98,6 +99,7 @@ jobs:
9899
MARK_JIRA_RELEASED: false
99100
CREATE_INT_RC_RELEASE_NOTES: false
100101
IS_PULL_REQUEST: false
102+
FORWARD_CSOC_LOGS: false
101103
RUN_REGRESSION_TESTS: true
102104
secrets:
103105
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -127,6 +129,7 @@ jobs:
127129
MARK_JIRA_RELEASED: false
128130
CREATE_INT_RC_RELEASE_NOTES: true
129131
IS_PULL_REQUEST: false
132+
FORWARD_CSOC_LOGS: false
130133
RUN_REGRESSION_TESTS: false
131134
secrets:
132135
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -156,6 +159,7 @@ jobs:
156159
MARK_JIRA_RELEASED: true
157160
CREATE_INT_RC_RELEASE_NOTES: false
158161
IS_PULL_REQUEST: false
162+
FORWARD_CSOC_LOGS: true
159163
RUN_REGRESSION_TESTS: false
160164
secrets:
161165
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -167,4 +171,3 @@ jobs:
167171
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
168172
SLACK_BOT_TOKEN: ${{ secrets.PROD_SLACK_BOT_TOKEN }}
169173
SLACK_SIGNING_SECRET: ${{ secrets.PROD_SLACK_SIGNING_SECRET }}
170-

.github/workflows/release_all_stacks.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,9 @@ on:
4545
IS_PULL_REQUEST:
4646
type: boolean
4747
default: false
48+
FORWARD_CSOC_LOGS:
49+
type: boolean
50+
required: true
4851
secrets:
4952
CLOUD_FORMATION_DEPLOY_ROLE:
5053
required: true
@@ -148,6 +151,7 @@ jobs:
148151
SLACK_BOT_TOKEN: "${{ secrets.SLACK_BOT_TOKEN }}"
149152
SLACK_SIGNING_SECRET: "${{ secrets.SLACK_SIGNING_SECRET }}"
150153
CDK_APP_NAME: ${{ inputs.CDK_APP_NAME }}
154+
FORWARD_CSOC_LOGS: ${{ inputs.FORWARD_CSOC_LOGS }}
151155
IS_PULL_REQUEST: ${{ inputs.IS_PULL_REQUEST }}
152156
RUN_REGRESSION_TESTS: ${{ inputs.RUN_REGRESSION_TESTS }}
153157

Makefile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,7 @@ cdk-synth-non-pr:
117117
SLACK_SIGNING_SECRET=dummy_secret \
118118
LOG_RETENTION_IN_DAYS=30 \
119119
LOG_LEVEL=debug \
120+
FORWARD_CSOC_LOGS=false \
120121
RUN_REGRESSION_TESTS=true \
121122
./.github/scripts/fix_cdk_json.sh .local_config/epsam.config.json
122123
CONFIG_FILE_NAME=.local_config/epsam.config.json npx cdk synth \
@@ -135,6 +136,7 @@ cdk-synth-pr:
135136
SLACK_SIGNING_SECRET=dummy_secret \
136137
LOG_RETENTION_IN_DAYS=30 \
137138
LOG_LEVEL=debug \
139+
FORWARD_CSOC_LOGS=false \
138140
RUN_REGRESSION_TESTS=true \
139141
./.github/scripts/fix_cdk_json.sh .local_config/epsam.config.json
140142
CONFIG_FILE_NAME=.local_config/epsam.config.json npx cdk synth \

packages/cdk/constructs/RestApiGateway.ts

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@ export interface RestApiGatewayProps {
2727
readonly logRetentionInDays: number
2828
readonly trustStoreKey: string
2929
readonly truststoreVersion: string
30+
readonly forwardCsocLogs: boolean
31+
readonly csocApiGatewayDestination: string
3032
}
3133

3234
export class RestApiGateway extends Construct {
@@ -69,6 +71,15 @@ export class RestApiGateway extends Construct {
6971

7072
})
7173

74+
if (props.forwardCsocLogs) {
75+
new CfnSubscriptionFilter(this, "ApiGatewayAccessLogsCSOCSubscriptionFilter", {
76+
destinationArn: props.csocApiGatewayDestination,
77+
filterPattern: "",
78+
logGroupName: logGroup.logGroupName,
79+
roleArn: splunkSubscriptionFilterRole.roleArn
80+
})
81+
}
82+
7283
const certificate = new Certificate(this, "Certificate", {
7384
domainName: serviceDomainName,
7485
validation: CertificateValidation.fromDns(hostedZone)

packages/cdk/constructs/RestApiGateway/accessLogFormat.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ export const accessLogFormat = () => {
1616
responseLatency: "$context.responseLatency",
1717
responseLength: "$context.responseLength",
1818
domainName: "$context.domainName",
19+
api_key: "$context.identity.apiKey",
1920
identity: {
2021
sourceIp: "$context.identity.sourceIp",
2122
userAgent: "$context.identity.userAgent",

packages/cdk/resources/Apis.ts

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ export interface ApisProps {
88
readonly stackName: string
99
readonly logRetentionInDays: number
1010
functions: {[key: string]: LambdaFunction}
11+
readonly forwardCsocLogs: boolean
12+
readonly csocApiGatewayDestination: string
1113
}
1214

1315
export class Apis extends Construct {
@@ -21,7 +23,9 @@ export class Apis extends Construct {
2123
stackName: props.stackName,
2224
logRetentionInDays: props.logRetentionInDays,
2325
trustStoreKey: "unused",
24-
truststoreVersion: "unused"
26+
truststoreVersion: "unused",
27+
forwardCsocLogs: props.forwardCsocLogs,
28+
csocApiGatewayDestination: props.csocApiGatewayDestination
2529
})
2630
// Create /slack resource path
2731
const slackResource = apiGateway.api.root.addResource("slack")

0 commit comments

Comments
 (0)