forked from Sage-Bionetworks-IT/organizations-infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_tasks.yaml
48 lines (43 loc) · 1.54 KB
/
_tasks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Parameters:
<<: !Include '../_parameters.yaml'
appName:
Type: String
Default: 'CloudWatch2S3'
accountId:
Type: String
Description: The identifier from the account used as the main account
Default: !Ref LogCentralAccount
#---- Storage for application logs ---
Cloudwatch2S3-bucket:
Type: update-stacks
Template: CloudWatch2S3-bucket.yaml
StackName: !Sub '${resourcePrefix}-${appName}-bucket'
DefaultOrganizationBindingRegion: !Ref primaryRegion
DefaultOrganizationBinding:
Account: !Ref accountId
#---- Central account for application logs ---
Cloudwatch2S3-main:
Type: update-stacks
Template: CloudWatch2S3-main.yaml
StackName: !Sub '${resourcePrefix}-${appName}'
DefaultOrganizationBindingRegion: !Ref primaryRegion
DefaultOrganizationBinding:
Account: !Ref accountId
OrganizationBindings:
LogMemberBinding:
Account: '*'
IncludeMasterAccount: true
Parameters:
LogGroupNamePrefix: "null" # do not archive any logs from logcentral account
BucketName: !CopyValue [!Sub '${primaryRegion}-${resourcePrefix}-${appName}-bucket-BucketArn']
#---- Forward app logs into central logging account ---
Cloudwatch2S3-vpnlog:
Type: update-stacks
Template: CloudWatch2S3-member.yaml
StackName: !Sub '${resourcePrefix}-${appName}-vpnlog'
DefaultOrganizationBindingRegion: !Ref primaryRegion
DefaultOrganizationBinding:
Account: !Ref TransitAccount
Parameters:
LogGroupNamePrefix: "/aws/vpn"
LogDestination: "arn:aws:logs:us-east-1:231505186444:destination:BucketBackupLogDestination"