Description: "SIEM on Amazon OpenSearch Service v2.10.3: log exporter - CWL resource without compress"
Parameters:
  KdfName:
    Type: String
    Default: siem-XXXXXXXXXXX-to-s3
    Description: Define new Kinesis Data Firehose Name to deliver CWL event
  KdfBufferSize:
    Type: Number
    Default: 1
    Description: Enter a buffer size between 1 - 128 (MiB)
    MaxValue: 128
    MinValue: 1
  KdfBufferInterval:
    Type: Number
    Default: 60
    Description: Enter a buffer interval between 60 - 900 (seconds.)
    MaxValue: 900
    MinValue: 60
  CwlLogGroupName:
    Type: String
    Default: /aws/XXXXXXXXXXXXXXXXX
    Description: Define existing CloudWatch Logs group name
  S3DestPrefix:
    Type: String
    Default: AWSLogs/YourAccuntId/LogType/Region/
    Description: Define S3 destination prefix
Resources:
  Kdf:
    Type: AWS::KinesisFirehose::DeliveryStream
    Properties:
      DeliveryStreamName:
        Ref: KdfName
      S3DestinationConfiguration:
        BucketARN:
          Fn::Join:
            - ""
            - - "arn:aws:s3:::"
              - Fn::ImportValue: sime-log-bucket-name-v2
        BufferingHints:
          IntervalInSeconds:
            Ref: KdfBufferInterval
          SizeInMBs:
            Ref: KdfBufferSize
        CompressionFormat: UNCOMPRESSED
        Prefix:
          Ref: S3DestPrefix
        RoleARN:
          Fn::Join:
            - ""
            - - "arn:aws:iam::"
              - Ref: AWS::AccountId
              - :role/service-role/
              - Fn::ImportValue: siem-kdf-to-s3-role-name-v2
  KinesisSubscription:
    Type: AWS::Logs::SubscriptionFilter
    Properties:
      DestinationArn:
        Fn::GetAtt:
          - Kdf
          - Arn
      FilterPattern: ""
      LogGroupName:
        Ref: CwlLogGroupName
      RoleArn:
        Fn::Join:
          - ""
          - - "arn:aws:iam::"
            - Ref: AWS::AccountId
            - :role/
            - Fn::ImportValue: siem-cwl-to-kdf-role-name-v2