Skip to content

ericdahl/tf-splunk-fargate-efs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
docker
docker
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cloudfront_splunk.tf
cloudfront_splunk.tf
 
 
ec2_jumphost.tf
ec2_jumphost.tf
 
 
ecs_service_graviton.tf
ecs_service_graviton.tf
 
 
ecs_service_httpbin.tf
ecs_service_httpbin.tf
 
 
ecs_service_splunk.tf
ecs_service_splunk.tf
 
 
efs_splunk_db.tf
efs_splunk_db.tf
 
 
elbv2_httpbin.tf
elbv2_httpbin.tf
 
 
elbv2_splunk.tf
elbv2_splunk.tf
 
 
iam_ecs_common.tf
iam_ecs_common.tf
 
 
iam_ecs_execution_role_graviton.tf
iam_ecs_execution_role_graviton.tf
 
 
iam_ecs_execution_role_httpbin.tf
iam_ecs_execution_role_httpbin.tf
 
 
iam_ecs_execution_role_splunk.tf
iam_ecs_execution_role_splunk.tf
 
 
iam_ecs_task_role_graviton.tf
iam_ecs_task_role_graviton.tf
 
 
iam_ecs_task_role_httpbin.tf
iam_ecs_task_role_httpbin.tf
 
 
iam_ecs_task_role_splunk.tf
iam_ecs_task_role_splunk.tf
 
 
iam_firehose_splunk.tf
iam_firehose_splunk.tf
 
 
kinesis_firehose_splunk.tf
kinesis_firehose_splunk.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

tf_splunk_fargate_efs

Demo app of Splunk running on AWS ECS Fargate with EFS for storage. It shows:

  • Fargate usage on ECS
  • Fargate EFS integration
  • ECS Exec to log in to containers
  • ALB integration
  • Graviton Fargate usage
  • Splunk running in a container
  • Kinesis Firehose -> Splunk integration with HEC

This uses a custom docker image which builds on top of the official Splunk image only to pre-set up some indexes and HEC keys

It also uses CloudFront as a hack/trick to add HTTPS support without the need for you to have a public domain for a cert. Kinesis requires that the HEC endpoint use HTTPS.

Quick Start

  • terraform apply
  • wait for deployment
  • wait 10 minutes more
    • initially Kinesis will have logs like Failed to deliver data to Splunk or to receive acknowledgment. Make sure HEC endpoint is reachable from Firehose and it is healthy.
      • not sure exactly what timing issue is here
  • Query Splunk: index=ecs

TODO

  • SSM Session Manager for instance
  • shorter log buffering? fluent-bit config?

Debugging

ECS Exec

aws ecs execute-command --cluster tf-splunk-fargate-ecs --command /bin/sh --interactive --container httpbin --task TASK_ID

Console Access

  • log in to web console
  • default creds = admin/password
  • Settings -> Data Inputs -> HTTP Event Collector
    • 1111... requires HEC ACK
    • 2222... does not require ACK
      • Firehose seems to require this version

## TODO

- reduce delivery stream delay
- HTTPS only on console?
- fargate private IP

- clean up SGs

About

Demo app of Splunk running on ECS Fargate with EFS

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages