Add pii stream option

snowplow-devops · Apr 26, 2024 · 8e52a4d · 8e52a4d
1 parent ae3a418
commit 8e52a4d
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -153,6 +153,7 @@ EOF
 
 locals {
   incomplete_tmpl_for_iam = var.incomplete_stream_name == "" ? "" : "\"arn:aws:kinesis:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stream/${var.incomplete_stream_name}\","
+  pii_tmpl_for_iam        = var.pii_stream_name == "" ? "" : "\"arn:aws:kinesis:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stream/${var.pii_stream_name}\","
 }
 
 resource "aws_iam_policy" "iam_policy" {
@@ -171,6 +172,7 @@ resource "aws_iam_policy" "iam_policy" {
       ],
       "Resource": [
         ${local.incomplete_tmpl_for_iam}
+        ${local.pii_tmpl_for_iam}
         "arn:aws:kinesis:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stream/${var.in_stream_name}",
         "arn:aws:kinesis:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stream/${var.enriched_stream_name}",
         "arn:aws:kinesis:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stream/${var.bad_stream_name}"
@@ -192,6 +194,7 @@ resource "aws_iam_policy" "iam_policy" {
       ],
       "Resource": [
         ${local.incomplete_tmpl_for_iam}
+        ${local.pii_tmpl_for_iam}
         "arn:aws:kinesis:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stream/${var.enriched_stream_name}",
         "arn:aws:kinesis:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stream/${var.bad_stream_name}"
       ]
@@ -358,6 +361,7 @@ locals {
     enriched_stream_name   = var.enriched_stream_name
     bad_stream_name        = var.bad_stream_name
     incomplete_stream_name = var.incomplete_stream_name
+    pii_stream_name        = var.pii_stream_name
     region                 = data.aws_region.current.name
     initial_position       = var.initial_position
 

diff --git a/templates/config.hocon.tmpl b/templates/config.hocon.tmpl
@@ -42,6 +42,18 @@
       }
     }
     %{ endif}
+    %{ if pii_stream_name != ""}
+    "pii": {
+      "type": "Kinesis"
+      "streamName": "${pii_stream_name}"
+      "region": "${region}"
+      "maxBufferedTime": ${time_limit_ms} millis
+      "collection": {
+        "maxCount": ${record_limit}
+        "maxSize": ${byte_limit}
+      }
+    }
+    %{ endif}
   }
 
   "assetsUpdatePeriod": "${assets_update_period}"

diff --git a/variables.tf b/variables.tf
@@ -192,6 +192,12 @@ variable "incomplete_stream_name" {
   default     = ""
 }
 
+variable "pii_stream_name" {
+  description = "The name of the pii kinesis stream that the Enricher will insert events with pii in it"
+  type        = string
+  default     = ""
+}
+
 variable "initial_position" {
   description = "Where to start processing the input Kinesis Stream from (TRIM_HORIZON or LATEST)"
   default     = "TRIM_HORIZON"