From 205732bcec10feea1e5163a52920060fc7717257 Mon Sep 17 00:00:00 2001
From: mikereiddigital <mike.reid@digital.justice.gov.uk>
Date: Wed, 20 Mar 2024 09:36:22 +0000
Subject: [PATCH] Adds an additional module call but for the firewall vpc flow
 logs.

---
 .../core-network-services/firehose.tf          | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/terraform/environments/core-network-services/firehose.tf b/terraform/environments/core-network-services/firehose.tf
index 3882e330f..36383653a 100644
--- a/terraform/environments/core-network-services/firehose.tf
+++ b/terraform/environments/core-network-services/firehose.tf
@@ -4,10 +4,14 @@
 
 locals {
 
-    firewall_logs = toset([module.vpc_inspection["live_data"].fw_cloudwatch_name, module.vpc_inspection["non_live_data"].fw_cloudwatch_name, module.firewall_logging.cloudwatch_log_group_name])
+  firewall_logs = toset([module.vpc_inspection["live_data"].fw_cloudwatch_name, module.vpc_inspection["non_live_data"].fw_cloudwatch_name, module.firewall_logging.cloudwatch_log_group_name])
+
+  firewall_vpc_logs = toset([module.vpc_inspection["live_data"].vpc_cloudwatch_name, module.vpc_inspection["non_live_data"].vpc_cloudwatch_name, aws_cloudwatch_log_group.external_inspection.name])
 
 }
 
+# The initial call is for the creation of firehose stream resources for the firewall inspection logs.
+
 module "external_inspection_firehose" {
   source          = "../../modules/firehose"
   for_each        = local.firewall_logs
@@ -16,4 +20,16 @@ module "external_inspection_firehose" {
   tags            = local.tags
   xsiam_endpoint  = substr(each.value, 3, 3) != "non" ? tostring(local.xsiam["xsiam_prod_firewall_endpoint"]) : tostring(local.xsiam["xsiam_preprod_firewall_endpoint"])
   xsiam_secret    = substr(each.value, 3, 3) != "non" ? tostring(local.xsiam["xsiam_prod_firewall_secret"]) : tostring(local.xsiam["xsiam_preprod_firewall_secret"])
+}
+
+# A 2nd call of the module which will generate the firehose streams for the firewall vpc flow logs.
+
+module "firehose_for_firewall_vpc_flow_logs" {
+  source          = "../../modules/firehose"
+  for_each        = local.firewall_vpc_logs
+  resource_prefix = format("%s-vpc", substr(each.value, 0, 3)) # As above but we add an additional identifier 
+  log_group_name  = each.value
+  tags            = local.tags
+  xsiam_endpoint  = substr(each.value, 0, 3) != "non" ? tostring(local.xsiam["xsiam_prod_network_endpoint"]) : tostring(local.xsiam["xsiam_preprod_network_endpoint"])
+  xsiam_secret    = substr(each.value, 0, 3) != "non" ? tostring(local.xsiam["xsiam_prod_network_secret"]) : tostring(local.xsiam["xsiam_preprod_network_secret"])
 }
\ No newline at end of file