From be62a491b261ce5cf15a9877e55e31fe06c84979 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Taveira=20Ara=C3=BAjo?= <joao@observeinc.com>
Date: Wed, 12 Jun 2024 13:56:11 -0700
Subject: [PATCH] fix(logwriter): subscribe on log group creation (#172)

This commit adds an eventbridge rule to trigger the subscriber lambda on
log group creation. This functionality was missing from terraform, but
correctly implemented in cloudformation.
---
 modules/subscriber/README.md      |  2 ++
 modules/subscriber/eventbridge.tf | 39 +++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 modules/subscriber/eventbridge.tf

diff --git a/modules/subscriber/README.md b/modules/subscriber/README.md
index 959df65..edf9793 100644
--- a/modules/subscriber/README.md
+++ b/modules/subscriber/README.md
@@ -27,6 +27,8 @@ This app is specifically to register new cloudwatch log groups for the `logwrite
 
 | Name | Type |
 |------|------|
+| [aws_cloudwatch_event_rule.discovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
+| [aws_cloudwatch_event_target.discovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
 | [aws_cloudwatch_log_group.log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_iam_role.scheduler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.subscriber](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
diff --git a/modules/subscriber/eventbridge.tf b/modules/subscriber/eventbridge.tf
new file mode 100644
index 0000000..4ff69e8
--- /dev/null
+++ b/modules/subscriber/eventbridge.tf
@@ -0,0 +1,39 @@
+resource "aws_cloudwatch_event_rule" "discovery" {
+  count       = local.has_discovery_rate ? 1 : 0
+  name_prefix = local.name_prefix
+  description = "Subscribe new log groups. Requires CloudTrail in target region."
+  state       = "ENABLED"
+
+  event_pattern = <<-EOF
+    {
+      "source": ["aws.logs"],
+      "detail-type": ["AWS API Call via CloudTrail"],
+      "detail": {
+        "eventSource": ["logs.amazonaws.com"],
+        "eventName": ["CreateLogGroup"]
+      }
+    }
+  EOF
+}
+
+resource "aws_cloudwatch_event_target" "discovery" {
+  count = local.has_discovery_rate ? 1 : 0
+  rule  = aws_cloudwatch_event_rule.discovery[0].name
+  arn   = aws_sqs_queue.queue.arn
+
+  input_transformer {
+    input_paths = {
+      logGroupName = "$.detail.requestParameters.logGroupName"
+    }
+
+    input_template = jsonencode({
+      "subscribe" : {
+        "logGroups" : [
+          {
+            "logGroupName" : "<logGroupName>"
+          }
+        ]
+      }
+    })
+  }
+}