cloudandthings
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎examples/delivery_stream/README.md‎
Lines changed: 277 additions & 0 deletions b/‎examples/delivery_stream/README.md‎
Lines changed: 277 additions & 0 deletions
@@ -45,6 +45,7 @@ Full contributing [guidelines are covered here](.github/contributing.md).
 | <a name="input_excluded_scoped_actions"></a> [excluded\_scoped\_actions](#input\_excluded\_scoped\_actions) | A list of service scoped actions that will not be alerted on. Format {{service}}.amazonaws.com:{{action}} | `list(string)` | `[]` | no |
 | <a name="input_excluded_scoped_actions_effect"></a> [excluded\_scoped\_actions\_effect](#input\_excluded\_scoped\_actions\_effect) | Should the existing exluded actions be replaces or appended to. By default it will append to the list, valid values: APPEND, REPLACE | `string` | `"APPEND"` | no |
 | <a name="input_excluded_users"></a> [excluded\_users](#input\_excluded\_users) | List of email addresses will not be reported on when practicing ClickOps. | `list(string)` | `[]` | no |
+| <a name="input_firehose_delivery_stream_name"></a> [firehose\_delivery\_stream\_name](#input\_firehose\_delivery\_stream\_name) | Kinesis Firehose delivery stream name to output ClickOps events to. | `string` | `null` | no |
 | <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | Existing IAM role ARN for the lambda. Required if `create_iam_role` is set to `false` | `string` | `null` | no |
 | <a name="input_included_accounts"></a> [included\_accounts](#input\_included\_accounts) | List of accounts that be scanned to manual actions. If empty will scan all accounts. | `list(string)` | `[]` | no |
 | <a name="input_included_users"></a> [included\_users](#input\_included\_users) | List of emails that be scanned to manual actions. If empty will scan all emails. | `list(string)` | `[]` | no |
 
@@ -0,0 +1,277 @@
+<!-- BEGIN_TF_DOCS -->
+----
+## main.tf
+```hcl
+terraform {
+  required_version = ">= 0.14.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.9.0"
+    }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "3.4.3"
+    }
+  }
+}
+
+provider "aws" {
+  region = "eu-west-1"
+}
+
+locals {
+  tags = {
+    usage = "clickops-testing"
+    run   = random_pet.run_id.id
+  }
+
+  naming_prefix = "clickops-test-basic-${random_pet.run_id.id}"
+}
+
+resource "random_pet" "run_id" {
+  keepers = {
+    # Generate a new pet name
+    run_id = var.run_id
+  }
+}
+
+#---------------------------------------
+# Cloudtrail infrastructure - standalone
+#---------------------------------------
+# S3 bucket
+module "logs_bucket" {
+  source  = "trussworks/logs/aws"
+  version = "~> 14"
+
+  s3_bucket_name = local.naming_prefix
+
+  allow_cloudtrail = true
+  force_destroy    = true
+}
+
+# Cloudtrail
+locals {
+  naming_prefix_cloudtrail = "${local.naming_prefix}-cloudtrail"
+  naming_prefix_firehose   = "${local.naming_prefix}-firehose"
+}
+module "aws_cloudtrail" {
+  source  = "trussworks/cloudtrail/aws"
+  version = "~> 4"
+
+  s3_bucket_name = module.logs_bucket.aws_logs_bucket
+
+  trail_name      = local.naming_prefix_cloudtrail
+  iam_policy_name = local.naming_prefix_cloudtrail
+  iam_role_name   = local.naming_prefix_cloudtrail
+
+  cloudwatch_log_group_name = local.naming_prefix_cloudtrail
+  log_retention_days        = 30
+}
+
+#---------------------------------------
+# ClickOps module
+#---------------------------------------
+module "clickops_notifications" {
+  source = "../.."
+
+  standalone = true
+
+  naming_prefix = local.naming_prefix
+
+  webhook        = "https://fake.com"
+  message_format = "slack"
+
+  tags = local.tags
+
+  # cloudtrail_bucket_name = aws_s3_bucket.clickops_cloudtrail.id
+  cloudtrail_log_group = local.naming_prefix_cloudtrail
+
+  firehose_delivery_stream_name = aws_kinesis_firehose_delivery_stream.extended_s3_stream.name
+
+  depends_on = [
+    module.aws_cloudtrail
+  ]
+
+}
+
+#---------------------------------------
+# Delivery stream infrastructure
+#---------------------------------------
+resource "aws_kinesis_firehose_delivery_stream" "extended_s3_stream" {
+  name        = local.naming_prefix
+  destination = "extended_s3"
+
+  extended_s3_configuration {
+    role_arn   = aws_iam_role.firehose.arn
+    bucket_arn = aws_s3_bucket.firehose.arn
+
+    compression_format = "UNCOMPRESSED"
+
+    buffer_size     = 64
+    buffer_interval = 300
+
+    # Hive-style dynamic partitioning by recipientAccountId and awsRegion
+    # https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html
+
+    dynamic_partitioning_configuration {
+      enabled = "true"
+    }
+
+    prefix = join("/", [
+      "data",
+      "recipientAccountId=!{partitionKeyFromQuery:recipientAccountId}",
+      "awsRegion=!{partitionKeyFromQuery:awsRegion}",
+      "year=!{timestamp:yyyy}", "month=!{timestamp:MM}", "day=!{timestamp:dd}", "hour=!{timestamp:HH}",
+      ""
+    ])
+    error_output_prefix = join("/", [
+      "errors",
+      "year=!{timestamp:yyyy}", "month=!{timestamp:MM}", "day=!{timestamp:dd}", "hour=!{timestamp:HH}",
+      "!{firehose:error-output-type}",
+      ""
+    ])
+
+    processing_configuration {
+      enabled = "true"
+
+      # DeAggreagate records
+      processors {
+        type = "RecordDeAggregation"
+        parameters {
+          parameter_name  = "SubRecordType"
+          parameter_value = "JSON"
+        }
+      }
+
+      # Calculate partition variables
+      processors {
+        type = "MetadataExtraction"
+        parameters {
+          parameter_name  = "JsonParsingEngine"
+          parameter_value = "JQ-1.6"
+        }
+        parameters {
+          parameter_name  = "MetadataExtractionQuery"
+          parameter_value = "{recipientAccountId:.recipientAccountId, awsRegion:.awsRegion}"
+        }
+      }
+
+      # Append new line between output records
+      processors {
+        type = "AppendDelimiterToRecord"
+      }
+    }
+  }
+}
+
+resource "aws_s3_bucket" "firehose" {
+  bucket = local.naming_prefix_firehose
+}
+
+resource "aws_s3_bucket_acl" "firehose_bucket_acl" {
+  bucket = aws_s3_bucket.firehose.id
+  acl    = "private"
+}
+
+resource "aws_iam_role" "firehose" {
+  name = local.naming_prefix_firehose
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "firehose.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy" "firehose" {
+  name   = local.naming_prefix_firehose
+  role   = aws_iam_role.firehose.id
+  policy = data.aws_iam_policy_document.firehose.json
+}
+
+data "aws_iam_policy_document" "firehose" {
+  statement {
+    actions = [
+      "s3:AbortMultipartUpload",
+      "s3:GetBucketLocation",
+      "s3:GetObject",
+      "s3:ListBucket",
+      "s3:ListBucketMultipartUploads",
+      "s3:PutObject"
+    ]
+
+    resources = [
+      aws_s3_bucket.firehose.arn,
+      "${aws_s3_bucket.firehose.arn}/*"
+    ]
+  }
+}
+```
+----
+
+## Documentation
+
+----
+### Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_run_id"></a> [run\_id](#input\_run\_id) | Used to ensure resources are unique | `string` | n/a | yes |
+
+----
+### Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_aws_cloudtrail"></a> [aws\_cloudtrail](#module\_aws\_cloudtrail) | trussworks/cloudtrail/aws | ~> 4 |
+| <a name="module_clickops_notifications"></a> [clickops\_notifications](#module\_clickops\_notifications) | ../.. | n/a |
+| <a name="module_logs_bucket"></a> [logs\_bucket](#module\_logs\_bucket) | trussworks/logs/aws | ~> 14 |
+
+----
+### Outputs
+
+No outputs.
+
+----
+### Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.9.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.4.3 |
+
+----
+### Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 4.9.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | 3.4.3 |
+
+----
+### Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_role.firehose](https://registry.terraform.io/providers/hashicorp/aws/4.9.0/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy.firehose](https://registry.terraform.io/providers/hashicorp/aws/4.9.0/docs/resources/iam_role_policy) | resource |
+| [aws_kinesis_firehose_delivery_stream.extended_s3_stream](https://registry.terraform.io/providers/hashicorp/aws/4.9.0/docs/resources/kinesis_firehose_delivery_stream) | resource |
+| [aws_s3_bucket.firehose](https://registry.terraform.io/providers/hashicorp/aws/4.9.0/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_acl.firehose_bucket_acl](https://registry.terraform.io/providers/hashicorp/aws/4.9.0/docs/resources/s3_bucket_acl) | resource |
+| [random_pet.run_id](https://registry.terraform.io/providers/hashicorp/random/3.4.3/docs/resources/pet) | resource |
+| [aws_iam_policy_document.firehose](https://registry.terraform.io/providers/hashicorp/aws/4.9.0/docs/data-sources/iam_policy_document) | data source |
+
+----
+<!-- END_TF_DOCS -->