Merge pull request #234 from SumoLogic/fy26q1

Fy26q1

Author: akhil-sumologic

aws-observability-terraform/README.md

@@ -5,7 +5,7 @@
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.16.2, < 6.0.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1.0 |
-| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.31.3, < 3.0.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.31.3, < 4.0.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.11.1 |
 
 ## Providers
@@ -71,7 +71,7 @@
 | <a name="input_aws_account_alias"></a> [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.<br/>            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.<br/>            Do not include special characters in the alias. | `string` | n/a | yes |
 | <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
-| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, fed, jp, kr, us1 or us2. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_sumologic_folder_installation_location"></a> [sumologic\_folder\_installation\_location](#input\_sumologic\_folder\_installation\_location) | Indicates where to install the app folder. Enter "Personal Folder" for installing in "Personal" folder and "Admin Recommended Folder" for installing in "Admin Recommended" folder. | `string` | `"Personal Folder"` | no |
 | <a name="input_sumologic_folder_share_with_org"></a> [sumologic\_folder\_share\_with\_org](#input\_sumologic\_folder\_share\_with\_org) | Indicates if AWS Observability folder should be shared (view access) with entire organization. true to enable; false to disable. | `bool` | `true` | no |
 | <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br/>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |

aws-observability-terraform/app-modules/README.md

@@ -4,13 +4,13 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.1 |
-| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.31.3, < 3.0.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.31.3, < 4.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.31.3, < 3.0.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.31.3, < 4.0.0 |
 | <a name="provider_time"></a> [time](#provider\_time) | n/a |
 
 ## Modules
@@ -60,7 +60,7 @@
 | <a name="input_elasticache_monitors_disabled"></a> [elasticache\_monitors\_disabled](#input\_elasticache\_monitors\_disabled) | Indicates if Elasticache Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
 | <a name="input_elb_monitors_disabled"></a> [elb\_monitors\_disabled](#input\_elb\_monitors\_disabled) | Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br/>    {<br/>      connection_type       = string,<br/>      recipients            = list(string),<br/>      subject               = string,<br/>      time_zone             = string,<br/>      message_body          = string,<br/>      run_for_trigger_types = list(string)<br/>    }<br/>  ))</pre> | `[]` | no |
-| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, fed, jp, kr, us1 or us2. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_folder_installation_location"></a> [folder\_installation\_location](#input\_folder\_installation\_location) | Indicates where to install the app folder. Enter "Personal Folder" for installing in "Personal" folder and "Admin Recommended Folder" for installing in "Admin Recommended" folder. | `string` | `"Personal Folder"` | no |
 | <a name="input_folder_share_with_org"></a> [folder\_share\_with\_org](#input\_folder\_share\_with\_org) | Indicates if AWS Observability folder should be shared with entire organization. true to enable; false to disable. | `bool` | `true` | no |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |

aws-observability-terraform/app-modules/alb/README.md

@@ -25,7 +25,7 @@ No resources.
 | <a name="input_app_folder_id"></a> [app\_folder\_id](#input\_app\_folder\_id) | Please provide a folder ID where you would like the app to be installed. | `string` | `""` | no |
 | <a name="input_connection_notifications"></a> [connection\_notifications](#input\_connection\_notifications) | Connection Notifications to be sent by the alert. | <pre>list(object(<br/>    {<br/>      connection_type       = string,<br/>      connection_id         = string,<br/>      payload_override      = string,<br/>      run_for_trigger_types = list(string)<br/>    }<br/>  ))</pre> | n/a | yes |
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br/>    {<br/>      connection_type       = string,<br/>      recipients            = list(string),<br/>      subject               = string,<br/>      time_zone             = string,<br/>      message_body          = string,<br/>      run_for_trigger_types = list(string)<br/>    }<br/>  ))</pre> | n/a | yes |
-| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, fed, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
 | <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
 | <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |

aws-observability-terraform/app-modules/alb/app.tf

@@ -1,5 +1,6 @@
 module "alb_module" {
   source = "SumoLogic/sumo-logic-integrations/sumologic//sumologic"
+  version = "1.0.19"
 
   access_id   = var.access_id
   access_key  = var.access_key
@@ -27,7 +28,7 @@ module "alb_module" {
       monitor_is_disabled  = var.monitors_disabled
       monitor_evaluation_delay = "0m"
       queries = {
-        A = "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName"
+        A = "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName nodrop\n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName"
       }
       triggers = [
         {

aws-observability-terraform/app-modules/alb/variables.tf

@@ -1,6 +1,6 @@
 variable "environment" {
   type        = string
-  description = "Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+  description = "Enter au, ca, de, eu, fed, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 
   validation {
     condition = contains([
@@ -9,12 +9,11 @@ variable "environment" {
       "de",
       "eu",
       "fed",
-      "in",
       "jp",
       "kr",
       "us1",
       "us2"], var.environment)
-    error_message = "The value must be one of au, ca, de, eu, fed, in, jp, kr, us1 or us2."
+    error_message = "The value must be one of au, ca, de, eu, fed, jp, kr, us1 or us2."
   }
 }
 

aws-observability-terraform/app-modules/apigateway/README.md

@@ -25,7 +25,7 @@ No resources.
 | <a name="input_app_folder_id"></a> [app\_folder\_id](#input\_app\_folder\_id) | Please provide a folder ID where you would like the app to be installed. | `string` | `""` | no |
 | <a name="input_connection_notifications"></a> [connection\_notifications](#input\_connection\_notifications) | Connection Notifications to be sent by the alert. | <pre>list(object(<br/>    {<br/>      connection_type       = string,<br/>      connection_id         = string,<br/>      payload_override      = string,<br/>      run_for_trigger_types = list(string)<br/>    }<br/>  ))</pre> | n/a | yes |
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br/>    {<br/>      connection_type       = string,<br/>      recipients            = list(string),<br/>      subject               = string,<br/>      time_zone             = string,<br/>      message_body          = string,<br/>      run_for_trigger_types = list(string)<br/>    }<br/>  ))</pre> | n/a | yes |
-| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, fed, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
 | <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
 | <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |

aws-observability-terraform/app-modules/apigateway/app.tf

@@ -1,5 +1,6 @@
 module "apigateway_module" {
   source = "SumoLogic/sumo-logic-integrations/sumologic//sumologic"
+  version = "1.0.19"
 
   access_id   = var.access_id
   access_key  = var.access_key

aws-observability-terraform/app-modules/apigateway/variables.tf

@@ -1,6 +1,6 @@
 variable "environment" {
   type        = string
-  description = "Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+  description = "Enter au, ca, de, eu, fed, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 
   validation {
     condition = contains([
@@ -9,12 +9,11 @@ variable "environment" {
       "de",
       "eu",
       "fed",
-      "in",
       "jp",
       "kr",
       "us1",
       "us2"], var.environment)
-    error_message = "The value must be one of au, ca, de, eu, fed, in, jp, kr, us1 or us2."
+    error_message = "The value must be one of au, ca, de, eu, fed, jp, kr, us1 or us2."
   }
 }
 

aws-observability-terraform/app-modules/dynamodb/README.md

@@ -25,7 +25,7 @@ No resources.
 | <a name="input_app_folder_id"></a> [app\_folder\_id](#input\_app\_folder\_id) | Please provide a folder ID where you would like the app to be installed. | `string` | `""` | no |
 | <a name="input_connection_notifications"></a> [connection\_notifications](#input\_connection\_notifications) | Connection Notifications to be sent by the alert. | <pre>list(object(<br/>    {<br/>      connection_type       = string,<br/>      connection_id         = string,<br/>      payload_override      = string,<br/>      run_for_trigger_types = list(string)<br/>    }<br/>  ))</pre> | n/a | yes |
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br/>    {<br/>      connection_type       = string,<br/>      recipients            = list(string),<br/>      subject               = string,<br/>      time_zone             = string,<br/>      message_body          = string,<br/>      run_for_trigger_types = list(string)<br/>    }<br/>  ))</pre> | n/a | yes |
-| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, fed, in, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, fed, jp, kr, us1 or us2. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
 | <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
 | <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |

aws-observability-terraform/app-modules/dynamodb/app.tf

@@ -1,5 +1,6 @@
 module "dynamodb_module" {
   source = "SumoLogic/sumo-logic-integrations/sumologic//sumologic"
+  version = "1.0.19"
 
   access_id   = var.access_id
   access_key  = var.access_key