attempt to get CW OAM links deployed

ServerlessOpsIO · Aug 17, 2024 · 534d178 · 534d178
1 parent 4ba30e8
commit 534d178
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 1 deletion.
diff --git a/cfn-parameters.json b/cfn-parameters.json
@@ -3,5 +3,7 @@
     "ObservabilityOu": "ou-c834-7gp1wa8v",
     "TargetRegions": "us-east-1",
     "DatadogHttpEndpointUrl": "https://aws-kinesis-http-intake.logs.us5.datadoghq.com/api/v2/logs?dd-protocol=aws-kinesis-firehose",
-    "DatadogApiKey": $secrets.DATADOG_API_KEY
+    "DatadogApiKey": $secrets.DATADOG_API_KEY,
+    "AwsOamSinkArn": $secrets.AWS_OAM_SINK_ARN,
+    "AwsOrgRootId": $secrets.AWS_ORG_ROOT_ID
 }
diff --git a/stacksets/cloudwatch-oam-link/stackset.yaml b/stacksets/cloudwatch-oam-link/stackset.yaml
@@ -0,0 +1,43 @@
+Metadata:
+  OamSink:
+    localTemplateFile: &template_body ./template.yaml
+
+AWSTemplateFormatVersion: '2010-09-09'
+Transform: AWS::Serverless-2016-10-31
+Description: AWS account infrastructure stackset (CW OAM Link)
+
+Parameters:
+  AwsOrgRootId:
+    Type: CommaDelimitedList
+    Description: Root ID of the AWS Organization
+  TargetRegions:
+    Type: CommaDelimitedList
+    Description: Regions to deploy to
+  AwsOamSinkArn:
+    Type: String
+    Description: ARN of CW OAM Sink
+
+Resources:
+  CloudWatchOamLinkStackSet:
+    Type: AWS::CloudFormation::StackSet
+    Properties:
+      StackSetName: CloudWatchOamLink
+      Description: CloudWatch OAM Link
+      Parameters:
+        - ParameterKey: AwsOamSinkArn
+          ParameterValue: !Ref AwsOamSinkArn
+      StackInstancesGroup:
+        - DeploymentTargets:
+            OrganizationalUnitIds: !Ref AwsOrgRootId
+          Regions: !Ref TargetRegions
+      AutoDeployment:
+        Enabled: true
+        RetainStacksOnAccountRemoval: false
+      ManagedExecution:
+        Active: true
+      OperationPreferences:
+        RegionConcurrencyType: PARALLEL
+        FailureToleranceCount: 1
+        MaxConcurrentCount: 5
+      PermissionModel: SERVICE_MANAGED
+      TemplateBody: *template_body
diff --git a/stacksets/cloudwatch-oam-link/template.yaml b/stacksets/cloudwatch-oam-link/template.yaml
@@ -0,0 +1,32 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: AWS CloudWatch OAM Sink
+
+Parameters:
+  AwsOamSinkArn:
+    Type: String
+    Description: ARN of CW OAM Sink
+
+Conditions:
+  SkipSinkAccount: !Not [
+    !Equals [
+      !Ref AWS::AccountId, !Select [
+        "4", !Split [
+          ":", !Ref AwsOamSinkArn]
+        ]
+      ]
+    ]
+
+
+Resources:
+  OamSink:
+    Type: AWS::Oam::Link
+    Condition: SkipSinkAccount
+    Properties:
+      LabelTemplate: "$AccountName"
+      ResourceTypes:
+        - AWS::CloudWatch::Metric
+        - AWS::Logs::LogGroup
+        - AWS::XRay::Trace
+        - AWS::ApplicationInsights::Application
+        - AWS::InternetMonitor::Monitor
+      SinkIdentifier: !Ref AwsOamSinkArn
diff --git a/template.yaml b/template.yaml
@@ -16,6 +16,10 @@ Parameters:
   DatadogApiKey:
     Type: String
     NoEcho: 'true'
+  AwsOamSinkArn:
+    Type: String
+  AwsOrgRootId:
+    Type: String
 
 Resources:
 
@@ -37,3 +41,12 @@ Resources:
         ObservabilityOu: !Ref ObservabilityOu
         TargetRegions: !Ref TargetRegions
         AwsOrgId: !Ref AwsOrgId
+
+  OamLinkStackSet:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: "./stacksets/cloudwatch-oam-link/stackset.yaml"
+      Parameters:
+        AwsOrgRootId: !Ref AwsOrgRootId
+        TargetRegions: !Ref TargetRegions
+        AwsOamSinkArn: !Ref AwsOamSinkArn