All data stored in the State file is kept in plain text. If we include any sensitive data to the State, we have to save it to a remote location with limited access. This can be achieved using a different Terraform Backend
Project to manage Splunk alerts and Dashboards accross different environments
- Terraform (brew tap hashicorp/tap;brew install hashicorp/tap/terraform)
- Docker (brew install docker)
- jq library (brew install jq)
- Execute the following bash script. The script will:
- Spin up a local Splunk container
- Enable the Splunk API token authentication in order to generate API tokens
- Create an API token
- Set the environment variable containing the Splunk API Token and Splunk Host IP (these variables will be used to configure the Terraform Providers)
source setup.sh
- Initialise the project working directory. (Execute the following command from the root folder)
terraform init
- Create the resources on Splunk
terraform apply -var-file='environments/local.tfvars' -auto-approve
- Access Splunk on port 8000
https://<PLACE_YOUR_MINIKUBE_IP_HERE>:8000 (Minikube)
or
https://localhost:8000 (Docker Desktop)
- Destroy the resources on Splunk
terraform destroy -var-file='environments/local.tfvars'
- Set environment variables (replace the REPLACE_HERE_WITH_THE_API_TOKEN_BACKEND and REPLACE_HERE_WITH_THE_API_TOKEN_FRONTEND with the token provided by X)
export TF_VAR_backend_splunk_access_token='REPLACE_HERE_WITH_THE_API_TOKEN_BACKEND'
export TF_VAR_frontend_splunk_access_token='REPLACE_HERE_WITH_THE_API_TOKEN_FRONTEND'
- Initialise the project working directory. (Execute the following command from the root folder)
terraform init
- Create a workspace
terraform workspace new prod
- Select a workspace
terraform workspace select prod
- Create the resources on Splunk
terraform apply -var-file='environments/prod.tfvars' -auto-approve
- Create a file to hold the properties for the new environment in here
- Include the new environment to the pipeline
The Alert module sets few properties that are common to all of our alerts. You can find them hardcoded in here. In case you need to make them customizable (per environment or per alert), you can define a new variable in here and set it in the previous file. After that, the new varianble will be available to be configured in your alerts.