Skip to content

Feat/#54 Cloudtrail에 대한 Opensearch 모니터링 환경 구성#57

Merged
3olly merged 48 commits intomainfrom
feat/#54
Jul 27, 2025
Merged

Feat/#54 Cloudtrail에 대한 Opensearch 모니터링 환경 구성#57
3olly merged 48 commits intomainfrom
feat/#54

Conversation

@3olly
Copy link
Contributor

@3olly 3olly commented Jul 24, 2025

#️⃣ Related Issues

#54

📝 Work Summary

  • Managemnet-account에서 cloudtrail이 Org 전체 로그를 수집합니다
  • Cloudtrail 이 Operation-account 의 s3 버킷으로 로그를 전송해 저장합니다.
  • s3 버킷에 새 객체가 업로드될 때마다 Eventbridge가 lambda로 트리거합니다.
  • lambda는 두 가지가 있습니다.
  1. s3버킷에서 opensearch로 로그를 전송하는 함수
  2. opensearch의 모든 설정을 자동화하는 함수
  • lambda가 보낸 모든 로그는 opensearch로 보내집니다.
  • Opensearch 쪽에서는 미리 구성해놓은 룰셋으로, 보안 위험 로그 발생 시 slack 알림을 보냅니다.
  • Opensearch에서는 대시보드로 전체 상황을 통합적으로 모니터링할 수 있으며, 새로운 룰 추가도 가능합니다.

@3olly 3olly linked an issue Jul 24, 2025 that may be closed by this pull request
3 tasks
@WHS-DevSecOps-infra WHS-DevSecOps-infra deleted a comment from github-actions bot Jul 24, 2025
@WHS-DevSecOps-infra WHS-DevSecOps-infra deleted a comment from github-actions bot Jul 24, 2025
@github-actions
Copy link

[Terraform Plan Summary]

항목
Status success
Directory management-team-account/monitoring
Executed At 2025-07-24 13:49:53 UTC

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

@github-actions
Copy link

github-actions bot commented Jul 24, 2025

💰 Infracost report

Monthly estimate generated

This comment will be updated when code changes.

@WHS-DevSecOps-infra WHS-DevSecOps-infra deleted a comment from github-actions bot Jul 24, 2025
@WHS-DevSecOps-infra WHS-DevSecOps-infra deleted a comment from github-actions bot Jul 27, 2025
@WHS-DevSecOps-infra WHS-DevSecOps-infra deleted a comment from github-actions bot Jul 27, 2025
@github-actions
Copy link

[Terraform Plan Summary]

항목
Status success
Directory management-team-account/monitoring
Executed At 2025-07-27 10:31:54 UTC

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

@WHS-DevSecOps-infra WHS-DevSecOps-infra deleted a comment from github-actions bot Jul 27, 2025
@github-actions
Copy link

[Terraform Plan Summary]

항목
Status success
Directory management-team-account/monitoring
Executed At 2025-07-27 10:50:07 UTC

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

@github-actions
Copy link

[Terraform Plan Summary]

항목
Status success
Directory operation-team-account/monitoring
Executed At 2025-07-27 10:50:09 UTC

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.lambda_alerting.aws_lambda_function.alerting_setup will be updated in-place
  ~ resource "aws_lambda_function" "alerting_setup" {
        id                             = "opensearch-alerting-setup"
        tags                           = {}
        # (23 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "SLACK_WEBHOOK_URL"   = (sensitive value)
                # (1 unchanged element hidden)
            }
        }

        # (3 unchanged blocks hidden)
    }

  # module.opensearch_domain.aws_opensearch_domain.this will be updated in-place
  ~ resource "aws_opensearch_domain" "this" {
      ~ access_policies    = (sensitive value)
        id                 = "arn:aws:es:ap-northeast-2:502676416967:domain/whs-domain"
        tags               = {}
        # (10 unchanged attributes hidden)

        # (10 unchanged blocks hidden)
    }

  # module.s3.aws_s3_bucket_policy.cloudtrail will be updated in-place
  ~ resource "aws_s3_bucket_policy" "cloudtrail" {
        id     = "whs-aws-logs"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                    # (2 unchanged elements hidden)
                    {
                        Action    = "s3:PutObject"
                        Condition = {
                            StringEquals = {
                                "s3:x-amz-acl" = "bucket-owner-full-control"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Service = "cloudtrail.amazonaws.com"
                        }
                        Resource  = "arn:aws:s3:::whs-aws-logs/AWSLogs/*"
                        Sid       = "AllowCloudTrailWrite"
                    },
                  ~ {
                      ~ Principal = {
                          ~ AWS = "arn:aws:iam::243359234795:root" -> "arn:aws:iam::502676416967:root"
                        }
                      ~ Resource  = "arn:aws:s3:::whs-aws-logs/AWSLogs/243359234795/*" -> "arn:aws:s3:::whs-aws-logs/AWSLogs/502676416967/*"
                        # (4 unchanged attributes hidden)
                    },
                  ~ {
                      ~ Principal = {
                          ~ AWS = "arn:aws:iam::243359234795:root" -> "arn:aws:iam::502676416967:root"
                        }
                        # (4 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Plan Error (if any)

(no errors)

Copy link
Contributor

@imyourhopeee imyourhopeee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

모니터링팀의 management account 관련 코드 및 opensearch 자동 설정, S3에서 로그 전달하는 코드, 도메인 생성, 로그 작업 허용하는 코드들 확인했습니다!

@3olly 3olly merged commit 0fb0804 into main Jul 27, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feature] Opensearch 구성

2 participants