From 045b665f1317ac3c285a3af36935abfbbe3a53b3 Mon Sep 17 00:00:00 2001 From: Andrew Zenk Date: Thu, 6 Jun 2024 12:45:59 -0500 Subject: [PATCH] Add support for redaction and regex patterns --- modules/s3-logfile/main.tf | 6 ++++-- modules/s3-logfile/variables.tf | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/modules/s3-logfile/main.tf b/modules/s3-logfile/main.tf index 717ec46..9601612 100644 --- a/modules/s3-logfile/main.tf +++ b/modules/s3-logfile/main.tf @@ -54,7 +54,7 @@ module "s3_processor" { } - environment_variables = { + environment_variables = merge({ PARSER_TYPE = var.parser_type FORCE_GUNZIP = true ENVIRONMENT = var.environment @@ -66,7 +66,9 @@ module "s3_processor" { SAMPLE_RATE_RULES = jsonencode(var.sample_rate_rules) FILTER_FIELDS = join(",", var.filter_fields) RENAME_FIELDS = join(",", [for k, v in var.rename_fields : "${k}=${v}"]) - } + REDACT_PATTERN = var.redact_pattern + REGEX_PATTERN = var.regex_pattern + }, var.extra_env_vars) attach_policy = true policy = aws_iam_policy.lambda.arn diff --git a/modules/s3-logfile/variables.tf b/modules/s3-logfile/variables.tf index d36fa47..635a92e 100644 --- a/modules/s3-logfile/variables.tf +++ b/modules/s3-logfile/variables.tf @@ -93,6 +93,24 @@ variable "rename_fields" { default = {} } +variable "redact_pattern" { + type = string + description = "A regex pattern to redact sensitive information from the request field. Default is to redact nothing. All groups in the pattern will be replaced with a corresponding number of 'x' characters." + default = "" +} + +variable "regex_pattern" { + description = "with `PARSER_TYPE=regex`, will define the regular expression to use for parsing each line in the log file. Honeycomb columns are generated by defining named capture groups. For example, `(?P[a-z]+)` would create a column called 'name' if successfully parsed." + type = string + default = "" +} + +variable "extra_env_vars" { + type = map(string) + description = "Extra environment variables to set in the Lambda function." + default = {} +} + variable "s3_bucket_arn" { type = string description = "The full ARN of the bucket storing load balancer access logs."