diff --git a/cdn/dovetail-cdn/real-time-logs-kinesis.yml b/cdn/dovetail-cdn/real-time-logs-kinesis.yml index 48ee5d19..409f1731 100644 --- a/cdn/dovetail-cdn/real-time-logs-kinesis.yml +++ b/cdn/dovetail-cdn/real-time-logs-kinesis.yml @@ -28,6 +28,29 @@ Resources: - { Key: prx:ops:environment, Value: !Ref EnvironmentType } - { Key: prx:dev:family, Value: Dovetail } - { Key: prx:dev:application, Value: Counts } + CloudfrontRealTimeLogsStreamPolicy: + Type: AWS::Kinesis::ResourcePolicy + Properties: + ResourceArn: !GetAtt CloudfrontRealTimeLogsStream.Arn + ResourcePolicy: + Statement: + - Action: + - kinesis:DescribeStream + - kinesis:DescribeStreamSummary + - kinesis:GetRecords + - kinesis:GetShardIterator + - kinesis:ListShards + Condition: + StringEquals: + aws:ResourceOrgID: ${aws:PrincipalOrgID} + aws:ResourceTag/prx:ops:environment: ${aws:PrincipalTag/prx:ops:environment} + Effect: Allow + Resource: !GetAtt CloudfrontRealTimeLogsStream.Arn + Principal: + AWS: + - "561178107736" + - !Ref AWS::AccountId + Version: "2012-10-17" Outputs: RealTimeLogsStreamArn: diff --git a/spire/templates/apps-100A.yml b/spire/templates/apps-100A.yml index da91272c..c4cffecb 100644 --- a/spire/templates/apps-100A.yml +++ b/spire/templates/apps-100A.yml @@ -194,7 +194,8 @@ Resources: ArrangementsDynamodbRegion: !Sub /prx/${EnvironmentTypeAbbreviation}/dovetail-cdn-arranger/ARRANGEMENTS_DDB_REGION ArrangementsDynamodbTableName: !Sub /prx/${EnvironmentTypeAbbreviation}/dovetail-cdn-arranger/ARRANGEMENTS_DDB_TABLE ArrangementsDynamodbAccessRoleArn: !Sub /prx/${EnvironmentTypeAbbreviation}/dovetail-cdn-arranger/ARRANGEMENTS_DDB_ACCESS_ROLE - DovetailCdnLogsKinesisStreamArn: !Ref DovetailCdnLogsKinesisStreamArn + DovetailCdnLogsKinesisStreamArn: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Dovetail-Counts/cdn-logs-kinesis-stream-arn-${AWS::Region} + OldDovetailCdnLogsKinesisStreamArn: !Ref DovetailCdnLogsKinesisStreamArn DovetailCountedKinesisStreamArn: !Ref DovetailCountedKinesisStreamArn DovetailRedisClientSecurityGroupId: !Ref DovetailRedisClientSecurityGroupId DovetailRedisReplicationGroupEndpointAddress: !Ref DovetailRedisReplicationGroupEndpointAddress diff --git a/spire/templates/apps/dovetail-counts.yml b/spire/templates/apps/dovetail-counts.yml index 3a9de26f..ae8814af 100644 --- a/spire/templates/apps/dovetail-counts.yml +++ b/spire/templates/apps/dovetail-counts.yml @@ -28,7 +28,8 @@ Parameters: ArrangementsDynamodbRegion: { Type: AWS::SSM::Parameter::Value } ArrangementsDynamodbTableName: { Type: AWS::SSM::Parameter::Value } ArrangementsDynamodbAccessRoleArn: { Type: AWS::SSM::Parameter::Value } - DovetailCdnLogsKinesisStreamArn: { Type: String } + DovetailCdnLogsKinesisStreamArn: { Type: AWS::SSM::Parameter::Value } + OldDovetailCdnLogsKinesisStreamArn: { Type: String } DovetailCountedKinesisStreamArn: { Type: String } DovetailRedisReplicationGroupEndpointAddress: { Type: String } DovetailRedisReplicationGroupEndpointPort: { Type: String } @@ -88,6 +89,14 @@ Resources: BisectBatchOnFunctionError: true Enabled: true StartingPosition: LATEST + Stream: !Ref OldDovetailCdnLogsKinesisStreamArn + Type: Kinesis + CountsBytesKinesisStreamTrigger: + Properties: + BatchSize: 100 + BisectBatchOnFunctionError: true + Enabled: !If [IsProduction, false, true] + StartingPosition: LATEST Stream: !Ref DovetailCdnLogsKinesisStreamArn Type: Kinesis Handler: index.handler