# Spit logs to splunk for each of the log groups
module "kinesis_firehose" {
  source                                     = "../../thirdparty/terraform-aws-kinesis-firehose-splunk"
  for_each                                   = local.moose_cloudwatch_log_groups
  region                                     = var.aws_region
  arn_cloudwatch_logs_to_ship                = "arn:${var.aws_partition}:logs:${var.aws_region}::log-group:/${each.key}/*"
  name_cloudwatch_logs_to_ship               = each.key
  hec_token                                  = each.value.hec_token
  hec_url                                    = "https://${local.hec_pub_ack}:8088"
  firehose_name                              = each.value.firehose_name
  tags                                       = merge(local.standard_tags, var.tags)
  cloudwatch_log_retention                   = 30 # keep kinesis logs this long
  lambda_function_name                       = each.value.lambda_function_name
  log_stream_name                            = each.value.log_stream_name
  kinesis_firehose_lambda_role_name          = each.value.kinesis_firehose_lambda_role_name
  lambda_iam_policy_name                     = each.value.lambda_iam_policy_name
  kinesis_firehose_iam_policy_name           = each.value.kinesis_firehose_iam_policy_name
  kinesis_firehose_role_name                 = each.value.kinesis_firehose_role_name
  cloudwatch_to_firehose_trust_iam_role_name = each.value.cloudwatch_to_firehose_trust_iam_role_name
  cloudwatch_to_fh_access_policy_name        = each.value.cloudwatch_to_fh_access_policy_name
  s3_bucket_name                             = each.value.s3_bucket_name
  s3_bucket_block_public_access_enabled      = 1
  s3_backup_mode                             = "FailedEventsOnly"
  s3_expiration                              = 30
}