diff --git a/spire/templates/root.yml b/spire/templates/root.yml index a31419be..cdd9ad20 100644 --- a/spire/templates/root.yml +++ b/spire/templates/root.yml @@ -1177,11 +1177,6 @@ Outputs: SharedAuroraPostgresqlPort: Value: !Ref SharedAuroraPostgresqlPort - DovetailCdnLogsKinesisStreamArn: - Value: !GetAtt SharedDovetailKinesisStack.Outputs.DovetailCdnLogsKinesisStreamArn - DovetailCdnLogsKinesisStreamOrgWriterRoleArn: - Value: !GetAtt SharedDovetailKinesisStack.Outputs.DovetailCdnLogsKinesisStreamOrgWriterRoleArn - AuguryHostname: { Value: !GetAtt Constants2.Outputs.AuguryHostname } TheCastleHostname: { Value: !GetAtt Constants2.Outputs.TheCastleHostname } TheCountHostname: { Value: !GetAtt Constants2.Outputs.TheCountHostname } diff --git a/spire/templates/shared-dovetail-kinesis.yml b/spire/templates/shared-dovetail-kinesis.yml index dd94a7d5..c1fffaa8 100644 --- a/spire/templates/shared-dovetail-kinesis.yml +++ b/spire/templates/shared-dovetail-kinesis.yml @@ -18,62 +18,6 @@ Conditions: Resources: NestedChangeSetScrubber: { Type: AWS::SNS::Topic, Condition: EnableNestedChangeSetScrubbingResources } - # realtime cloudfront logs, including bytes-downloaded by listeners - # - # dovetail-cdn realtime logs --> dovetail-counts - DovetailCdnLogsKinesisStream: - Type: AWS::Kinesis::Stream - DeletionPolicy: Retain - UpdateReplacePolicy: Retain - Properties: - RetentionPeriodHours: !If [IsProduction, 48, 24] - StreamModeDetails: - StreamMode: ON_DEMAND - Tags: - - { Key: prx:meta:tagging-version, Value: "2021-04-07" } - - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName } - - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId } - - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName } - - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId } - - { Key: prx:ops:environment, Value: !Ref EnvironmentType } - - { Key: prx:dev:family, Value: Dovetail } - - { Key: prx:dev:application, Value: Counts } - DovetailCdnLogsKinesisStreamOrgWriterRole: - # This role exists so that it can be assumed by roles in other accounts, so - # that they can write to the Kinesis stream above - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - # TODO This should probably be limited in some way, at least so stag - # and prod can't cross contaminate - Statement: - - Action: sts:AssumeRole - Condition: - StringEquals: - aws:ResourceOrgID: ${aws:PrincipalOrgID} - Effect: Allow - Principal: - AWS: "*" - Version: "2012-10-17" - Policies: - - PolicyDocument: - Statement: - - Action: kinesis:PutRecords - Effect: Allow - Resource: !GetAtt DovetailCdnLogsKinesisStream.Arn - Sid: AllowRecordsWrite - Version: "2012-10-17" - PolicyName: OrgStreamWriterPolicy - Tags: - - { Key: prx:meta:tagging-version, Value: "2021-04-07" } - - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName } - - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId } - - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName } - - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId } - - { Key: prx:ops:environment, Value: !Ref EnvironmentType } - - { Key: prx:dev:family, Value: Dovetail } - - { Key: prx:dev:application, Value: Counts } - # IAB2 counted segment-numbers # but ALSO dovetail-router redirect data TODO: move this # @@ -121,14 +65,6 @@ Resources: - { Key: prx:dev:application, Value: Analytics } Outputs: - DovetailCdnLogsKinesisStreamName: - Value: !Ref DovetailCdnLogsKinesisStream - DovetailCdnLogsKinesisStreamArn: - Value: !GetAtt DovetailCdnLogsKinesisStream.Arn - - DovetailCdnLogsKinesisStreamOrgWriterRoleArn: - Value: !GetAtt DovetailCdnLogsKinesisStreamOrgWriterRole.Arn - DovetailCountedKinesisStreamName: Value: !Ref DovetailCountedKinesisStream DovetailCountedKinesisStreamArn: