OpsGenie won';自动配置SNS订阅-在AWS仪表板或terraform中
我正在尝试将我的amazon帐户连接到我们的Opsgenie帐户,以便将CloudWatch事件推送到团队中。我遵循以下指南: 我正在terraform中创建这些项目,因为我们希望能够动态创建和破坏这个环境,并使其具有某种可配置性。所有内容似乎都已创建,但OpsGenie不会自动配置主题的SNS订阅。即使我在UI中做同样的事情,OpsGenie也不会确认 下面是我的地形代码:OpsGenie won';自动配置SNS订阅-在AWS仪表板或terraform中,terraform,amazon-cloudwatch,amazon-sns,opsgenie,Terraform,Amazon Cloudwatch,Amazon Sns,Opsgenie,我正在尝试将我的amazon帐户连接到我们的Opsgenie帐户,以便将CloudWatch事件推送到团队中。我遵循以下指南: 我正在terraform中创建这些项目,因为我们希望能够动态创建和破坏这个环境,并使其具有某种可配置性。所有内容似乎都已创建,但OpsGenie不会自动配置主题的SNS订阅。即使我在UI中做同样的事情,OpsGenie也不会确认 下面是我的地形代码: ############################################################
##############################################################################
# Opsgenie integration
###############################################################################
resource "opsgenie_api_integration" "test_integration" {
name = "api-based-int"
type = "API"
responders {
type = "user"
id = opsgenie_user.first.id
}
enabled = true
allow_write_access = true
ignore_responders_from_payload = false
suppress_notifications = false
owner_team_id = opsgenie_team.test_team.id
}
resource "opsgenie_user" "first" {
username = "testerman@gmail.com"
full_name = "Tester Man"
role = "Admin"
}
resource "opsgenie_user" "second" {
username = "testerman2@gmail.com"
full_name = "Tester Man II"
role = "User"
}
resource "opsgenie_team" "test_team" {
name = "example"
description = "This team deals with all the things"
member {
id = opsgenie_user.first.id
role = "admin"
}
member {
id = opsgenie_user.second.id
role = "user"
}
}
###############################################################################
# Cloudwatch
###############################################################################
resource "aws_cloudwatch_event_rule" "opsgenie_cloudwatch_event_rule" {
name = "send_events_to_opsgenie"
description = "Send all events to opsgenie"
event_pattern = <<EOF
{
"source": [
"aws.sns"
]
}
EOF
}
resource "aws_cloudwatch_event_target" "opsgenie_cloudwatch_event_rule" {
rule = aws_cloudwatch_event_rule.opsgenie_cloudwatch_event_rule.name
target_id = "OpsGenie"
arn = aws_sns_topic.opsgenie_notifications.arn
}
###############################################################################
# SNS
###############################################################################
resource "aws_sns_topic" "opsgenie_notifications" {
name = "OpsGenie"
kms_master_key_id = aws_kms_key.kms_key_for_sns_topic.key_id
policy = <<POLICY
{
"Version":"2012-10-17",
"Statement":[{
"Effect": "Allow",
"Principal": {"Service":"events.amazonaws.com"},
"Action":[
"SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:AddPermission",
"SNS:RemovePermission",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:ListSubscriptionsByTopic",
"SNS:Publish",
"SNS:Receive"
],
"Resource": "*"
}]
}
POLICY
}
resource "aws_sns_topic_policy" "opsgenie_topic_policy" {
arn = aws_sns_topic.opsgenie_notifications.arn
policy = data.aws_iam_policy_document.sns_topic_policy_doc.json
}
resource "aws_sns_topic_subscription" "user_updates_opsgenie_target" {
topic_arn = aws_sns_topic.opsgenie_notifications.arn
protocol = "https"
### IS THIS ENDPOINT CORRECT?? ###
endpoint = "https://api.opsgenie.com/v1/json/amazonsns?apiKey=${opsgenie_api_integration.test_integration.api_key}"
confirmation_timeout_in_minutes = 1
endpoint_auto_confirms = true
}
###############################################################################
# IAM
###############################################################################
data "aws_iam_policy_document" "sns_topic_policy_doc" {
statement {
effect = "Allow"
actions = ["SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:AddPermission",
"SNS:RemovePermission",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:ListSubscriptionsByTopic",
"SNS:Publish",
"SNS:Receive"]
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
resources = ["aws_sns_topic.opsgenie_notifications.arn"]
}
}
###############################################################################
# KMS
###############################################################################
resource "aws_kms_key" "kms_key_for_sns_topic" {
description = "For OpsGenie"
key_usage = "ENCRYPT_DECRYPT"
customer_master_key_spec = "SYMMETRIC_DEFAULT"
enable_key_rotation = true
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::${data.aws_caller_identity.primary_region.account_id}:root"
},
"Action": "kms:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": [
"kms:Encrypt*",
"kms:Decrypt*",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": [
"kms:Encrypt*",
"kms:Decrypt*",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:Describe*"
],
"Resource": "*"
}
]
}
POLICY
}
resource "aws_kms_alias" "topic_key_alias" {
name_prefix = "alias/opsgenie-notifications"
target_key_id = aws_kms_key.kms_key_for_sns_topic.key_id
}
##############################################################################
#Opsgenie集成
###############################################################################
资源“opsgenie_api_集成”“测试_集成”{
name=“基于api的int”
type=“API”
响应者{
type=“用户”
id=opsgenie_user.first.id
}
启用=真
允许写入访问=真
忽略来自有效载荷的响应者=错误
抑制通知=false
所有者\u团队\u id=opsgenie\u团队.test\u团队.id
}
资源“opsgenie_用户”优先{
用户名=”testerman@gmail.com"
全名=“测试人员”
role=“Admin”
}
资源“opsgenie_用户”“秒”{
用户名=”testerman2@gmail.com"
全名=“测试人员II”
role=“用户”
}
资源“opsgenie_团队”“测试团队”{
name=“示例”
description=“这个团队处理所有事情”
成员{
id=opsgenie_user.first.id
role=“admin”
}
成员{
id=opsgenie_user.second.id
role=“用户”
}
}
###############################################################################
#云表
###############################################################################
资源“aws_cloudwatch_事件_规则”“opsgenie_cloudwatch_事件_规则”{
name=“将事件发送给运营商”
description=“将所有事件发送到opsgenie”
event_pattern=看起来我需要进一步阅读文档。类型中的“API”:
resource "opsgenie_api_integration" "test_integration" {
name = "api-based-int"
type = "API"
…需要是一种特殊的类型在我的情况下
type = "CloudWatchEvents"
是我所需要的。为了便于参考,文档链接位于本页: