From 704d9ce3d2523c4eaa91d926dacbe3a57ef0ae9b Mon Sep 17 00:00:00 2001
From: David Sibley <david.sibley@digital.justice.gov.uk>
Date: Tue, 8 Oct 2024 14:58:23 +0100
Subject: [PATCH 1/2] added config to stream firewal logs to XSIAM endpoint

---
 terraform/environments/core-network-services/logging.tf | 7 +++++++
 terraform/environments/core-network-services/ssm.tf     | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/terraform/environments/core-network-services/logging.tf b/terraform/environments/core-network-services/logging.tf
index 1c3c04a1a..eca8b61a3 100644
--- a/terraform/environments/core-network-services/logging.tf
+++ b/terraform/environments/core-network-services/logging.tf
@@ -26,3 +26,10 @@ resource "aws_route53_resolver_query_log_config_association" "core_logging" {
   resolver_query_log_config_id = each.value.rlq_id
   resource_id                  = each.value.vpc_id
 }
+
+module "stream_firewall_logs" {
+  source                     = "github.com/ministryofjustice/modernisation-platform-terraform-aws-data-firehose?ref=fe5220c39053d52e33ef6feeec0245d65a8157f3"
+  cloudwatch_log_group_names = [module.vpc_inspection["live_data"].fw_cloudwatch_name, aws_cloudwatch_log_group.external_inspection.name]
+  destination_http_endpoint  = data.aws_ssm_parameter.cortex_xsiam_endpoint.value
+  tags                       = local.tags
+}
\ No newline at end of file
diff --git a/terraform/environments/core-network-services/ssm.tf b/terraform/environments/core-network-services/ssm.tf
index 0aa847017..6b579aba6 100644
--- a/terraform/environments/core-network-services/ssm.tf
+++ b/terraform/environments/core-network-services/ssm.tf
@@ -2,3 +2,8 @@ data "aws_ssm_parameter" "core_logging_bucket_arns" {
   provider = aws.modernisation-platform
   name     = "core_logging_bucket_arns"
 }
+
+data "aws_ssm_parameter" "cortex_xsiam_endpoint" {
+  provider = aws.modernisation-platform
+  name     = "cortex_xsiam_endpoint"
+}
\ No newline at end of file

From a11874f79d478099dc4ff6c0aae60b0f305da8e5 Mon Sep 17 00:00:00 2001
From: David Sibley <david.sibley@digital.justice.gov.uk>
Date: Tue, 8 Oct 2024 17:08:11 +0100
Subject: [PATCH 2/2] bumped version of firehose module

---
 terraform/environments/core-network-services/logging.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/environments/core-network-services/logging.tf b/terraform/environments/core-network-services/logging.tf
index eca8b61a3..367984ab6 100644
--- a/terraform/environments/core-network-services/logging.tf
+++ b/terraform/environments/core-network-services/logging.tf
@@ -28,7 +28,7 @@ resource "aws_route53_resolver_query_log_config_association" "core_logging" {
 }
 
 module "stream_firewall_logs" {
-  source                     = "github.com/ministryofjustice/modernisation-platform-terraform-aws-data-firehose?ref=fe5220c39053d52e33ef6feeec0245d65a8157f3"
+  source                     = "github.com/ministryofjustice/modernisation-platform-terraform-aws-data-firehose?ref=cebe39c438390ffb5355827ec9469cfe9b09c22c" # v1.2.1
   cloudwatch_log_group_names = [module.vpc_inspection["live_data"].fw_cloudwatch_name, aws_cloudwatch_log_group.external_inspection.name]
   destination_http_endpoint  = data.aws_ssm_parameter.cortex_xsiam_endpoint.value
   tags                       = local.tags