From fef6cdcba9f9813e0be76d9db1c30c97600bd0d1 Mon Sep 17 00:00:00 2001 From: Daniel Barnes Date: Wed, 4 Sep 2024 14:10:24 +0900 Subject: [PATCH 1/4] simple and advanced examples --- README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/README.md b/README.md index c072a06..1e03baf 100644 --- a/README.md +++ b/README.md @@ -30,12 +30,16 @@ logs:PutLogEvents logs:PutRetentionPolicy ``` +##### Terraform examples + Example Terraform [`aws_iam_role`][], [`aws_iam_role_policy`][] and [`aws_iam_policy_document`][] definitions which grant a minimal set of permissions required to push logs to CloudWatch: [`aws_iam_role`]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role [`aws_iam_role_policy`]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy [`aws_iam_policy_document`]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document +
Advanced Example + ```hcl data "aws_caller_identity" "current" {} variable "aws_region" { @@ -99,6 +103,46 @@ data "aws_iam_policy_document" "vercel_log_drain_permissions" { } ``` +
+ + +
Simple Example + +```hcl +resource "aws_iam_role" "vercel_log_drain" { + name = "vercel-log-drain" + description = "Role to be used by the vercel log drain deployment" + assume_role_policy = data.aws_iam_policy_document.vercel_log_drain_assume.json +} +data "aws_iam_policy_document" "vercel_log_drain_assume" { + # depends on how you intend to deploy/run the service +} +resource "aws_iam_role_policy" "vercel_log_drain_policy" { + name = "vercel-log-drain-policy" + role = aws_iam_role.vercel_log_drain.id + policy = data.aws_iam_policy_document.vercel_log_drain_permissions.json +} +data "aws_iam_policy_document" "vercel_log_drain_permissions" { + statement { + actions = [ + "logs:DescribeLogGroups", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:PutRetentionPolicy", + ] + resources = [ + "*" + ] + } +} +``` + +
+ + ### [Grafana Loki](https://grafana.com/docs/loki/latest/) > *Available with the `loki` [feature](#cargo-features) (enabled by default).* From c6f56580ac72e0df4e1f170d94e100d48dd75149 Mon Sep 17 00:00:00 2001 From: Daniel Barnes Date: Wed, 4 Sep 2024 14:16:53 +0900 Subject: [PATCH 2/4] header tweak --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1e03baf..74ef735 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ logs:PutLogEvents logs:PutRetentionPolicy ``` -##### Terraform examples +#### Terraform examples Example Terraform [`aws_iam_role`][], [`aws_iam_role_policy`][] and [`aws_iam_policy_document`][] definitions which grant a minimal set of permissions required to push logs to CloudWatch: From 3b979360e47c394201219e8809a408e139193204 Mon Sep 17 00:00:00 2001 From: Daniel Barnes Date: Wed, 4 Sep 2024 14:32:41 +0900 Subject: [PATCH 3/4] wording and ordering --- README.md | 80 +++++++++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/README.md b/README.md index 74ef735..0c00620 100644 --- a/README.md +++ b/README.md @@ -32,13 +32,50 @@ logs:PutRetentionPolicy #### Terraform examples -Example Terraform [`aws_iam_role`][], [`aws_iam_role_policy`][] and [`aws_iam_policy_document`][] definitions which grant a minimal set of permissions required to push logs to CloudWatch: +Below are [`aws_iam_role`][], [`aws_iam_role_policy`][] and [`aws_iam_policy_document`][] definitions which grant a minimal set of permissions required to push logs to CloudWatch: [`aws_iam_role`]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role [`aws_iam_role_policy`]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy [`aws_iam_policy_document`]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document -
Advanced Example + +
Simple + +```hcl +resource "aws_iam_role" "vercel_log_drain" { + name = "vercel-log-drain" + description = "Role to be used by the vercel log drain deployment" + assume_role_policy = data.aws_iam_policy_document.vercel_log_drain_assume.json +} +data "aws_iam_policy_document" "vercel_log_drain_assume" { + # depends on how you intend to deploy/run the service +} +resource "aws_iam_role_policy" "vercel_log_drain_policy" { + name = "vercel-log-drain-policy" + role = aws_iam_role.vercel_log_drain.id + policy = data.aws_iam_policy_document.vercel_log_drain_permissions.json +} +data "aws_iam_policy_document" "vercel_log_drain_permissions" { + statement { + actions = [ + "logs:DescribeLogGroups", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:PutRetentionPolicy", + ] + resources = [ + "*" + ] + } +} +``` + +
+ +
Advanced ```hcl data "aws_caller_identity" "current" {} @@ -106,43 +143,6 @@ data "aws_iam_policy_document" "vercel_log_drain_permissions" {
-
Simple Example - -```hcl -resource "aws_iam_role" "vercel_log_drain" { - name = "vercel-log-drain" - description = "Role to be used by the vercel log drain deployment" - assume_role_policy = data.aws_iam_policy_document.vercel_log_drain_assume.json -} -data "aws_iam_policy_document" "vercel_log_drain_assume" { - # depends on how you intend to deploy/run the service -} -resource "aws_iam_role_policy" "vercel_log_drain_policy" { - name = "vercel-log-drain-policy" - role = aws_iam_role.vercel_log_drain.id - policy = data.aws_iam_policy_document.vercel_log_drain_permissions.json -} -data "aws_iam_policy_document" "vercel_log_drain_permissions" { - statement { - actions = [ - "logs:DescribeLogGroups", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:PutRetentionPolicy", - ] - resources = [ - "*" - ] - } -} -``` - -
- - ### [Grafana Loki](https://grafana.com/docs/loki/latest/) > *Available with the `loki` [feature](#cargo-features) (enabled by default).* @@ -170,7 +170,7 @@ To use the loki driver, you'll need to set up: | `--loki-basic-auth-user` | `VERCEL_LOG_DRAIN_LOKI_USER` | `""` | Loki basic auth username | | `--loki-basic-auth-pass` | `VERCEL_LOG_DRAIN_LOKI_PASS` | `""` | Loki basic auth password | -## Setting up +## Setting up (in Vercel) Vercel requires that you host the application over HTTP or HTTPS, and have it be accessible from the public internet. From 8d8896afdf4b430a3ec8af81a465d2c68d14240c Mon Sep 17 00:00:00 2001 From: Daniel Barnes Date: Tue, 3 Sep 2024 22:34:56 -0700 Subject: [PATCH 4/4] emoji --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0c00620..39c4fe8 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Below are [`aws_iam_role`][], [`aws_iam_role_policy`][] and [`aws_iam_policy_doc [`aws_iam_policy_document`]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document -
Simple +
Simple 🏠 ```hcl resource "aws_iam_role" "vercel_log_drain" { @@ -75,7 +75,7 @@ data "aws_iam_policy_document" "vercel_log_drain_permissions" {
-
Advanced +
Advanced 🏘️ ```hcl data "aws_caller_identity" "current" {}