feat(aws): AWSX-1595 Migrate transitgateway and ssm to logs-backend

aws/logs_monitoring/steps/enums.py

@@ -11,12 +11,7 @@ class AwsEventSource(Enum):
     ELB = "elb"
     FARGATE = "fargate"
     GUARDDUTY = "guardduty"
-    IAMAUTHENTICATOR = "aws-iam-authenticator"
     KINESIS = "kinesis"
-    KUBEAPISERVER = "kube-apiserver"
-    KUBECONTROLLERMANAGER = "kube-controller-manager"
-    KUBERNETESAUDIT = "kubernetes.audit"
-    KUBESCHEDULER = "kube_scheduler"
     LAMBDA = "lambda"
     MARIADB = "mariadb"
     MSK = "msk"
@@ -26,9 +21,7 @@ class AwsEventSource(Enum):
     ROUTE53 = "route53"
     S3 = "s3"
     SNS = "sns"
-    SSM = "ssm"
     STEPFUNCTION = "stepfunction"
-    TRANSITGATEWAY = "transitgateway"
     VERIFIED_ACCESS = "verified-access"
     VPC = "vpc"
     WAF = "waf"
@@ -46,7 +39,6 @@ def cloudwatch_sources():
             AwsEventSource.MSK,
             AwsEventSource.NETWORKFIREWALL,
             AwsEventSource.ROUTE53,
-            AwsEventSource.TRANSITGATEWAY,
             AwsEventSource.VERIFIED_ACCESS,
             AwsEventSource.VPC,
         ]
@@ -71,7 +63,6 @@ def __init__(self, string, event_source):
     NETWORKFIREWALL = ("network-firewall", AwsEventSource.NETWORKFIREWALL)
     # e.g. AWSLogs/123456779121/vpcdnsquerylogs/vpc-********/2021/05/11/vpc-********_vpcdnsquerylogs_********_20210511T0910Z_71584702.log.gz
     ROUTE53 = ("vpcdnsquerylogs", AwsEventSource.ROUTE53)
-    TRANSITGATEWAY = ("transit-gateway", AwsEventSource.TRANSITGATEWAY)
     VERIFIED_ACCESS = ("verified-access", AwsEventSource.VERIFIED_ACCESS)
     # e.g. AWSLogs/123456779121/vpcflowlogs/us-east-1/2020/10/02/123456779121_vpcflowlogs_us-east-1_fl-xxxxx.log.gz
     VPC = ("vpcflowlogs", AwsEventSource.VPC)
@@ -93,8 +84,6 @@ def __init__(self, string, event_source):
     LAMBDA = ("/aws/lambda", AwsEventSource.LAMBDA)
     # e.g. sns/us-east-1/123456779121/SnsTopicX
     SNS = ("sns/", AwsEventSource.SNS)
-    SSM = ("/aws/ssm/", AwsEventSource.SSM)
-    TRANSITGATEWAY = ("tgw-attach", AwsEventSource.TRANSITGATEWAY)
 
     def __str__(self):
         return f"{self.string}"

aws/logs_monitoring/steps/handlers/awslogs_handler.py

@@ -87,12 +87,10 @@ def set_source(self, event, metadata, aws_attributes):
         log_group = aws_attributes.get_log_group()
         log_stream = aws_attributes.get_log_stream()
         source = log_group if log_group else str(AwsEventSource.CLOUDWATCH)
-        # Use the logStream to identify if this is a CloudTrail, TransitGateway, or Bedrock event
+        # Use the logStream to identify if this is a CloudTrail event
         # i.e. 123456779121_CloudTrail_us-east-1
         if str(AwsCwEventSourcePrefix.CLOUDTRAIL) in log_stream:
             source = str(AwsEventSource.CLOUDTRAIL)
-        if str(AwsCwEventSourcePrefix.TRANSITGATEWAY) in log_stream:
-            source = str(AwsEventSource.TRANSITGATEWAY)
         metadata[DD_SOURCE] = parse_event_source(event, source)
 
         # Special handling for customized log group of Lambda Functions and Step Functions

aws/logs_monitoring/steps/handlers/s3_handler.py

@@ -19,7 +19,6 @@
     GOV_STRING,
 )
 from steps.common import add_service_tag, is_cloudtrail, merge_dicts, parse_event_source
-from steps.enums import AwsEventSource, AwsS3EventSourceKeyword
 
 
 class S3EventDataStore:
@@ -81,8 +80,6 @@ def _extract_event(self, event):
 
     def _set_source(self, event):
         self.data_store.source = parse_event_source(event, self.data_store.key)
-        if str(AwsS3EventSourceKeyword.TRANSITGATEWAY) in self.data_store.bucket:
-            self.data_store.source = str(AwsEventSource.TRANSITGATEWAY)
         self.metadata[DD_SOURCE] = self.data_store.source
 
     def _get_s3_arn(self):

aws/logs_monitoring/tests/test_s3_handler.py

@@ -300,26 +300,6 @@ def test_set_source_cloudfront(self):
             "s3",
         )
 
-    def test_set_source_transit_gateway(self):
-        self.s3_handler.data_store.key = "AWSLogs/1234566312/vpcflowlogs/us-east-1/2024/08/09/11/123455660991_vpcflowlogs_us-east-1_fl-01fb37"
-        self.s3_handler.data_store.bucket = "my-bucket-transit-gateway"
-        self.s3_handler._set_source(
-            {
-                "Records": [
-                    {
-                        "s3": {
-                            "bucket": {"name": "my-bucket-transit-gateway"},
-                            "object": {"key": self.s3_handler.data_store.key},
-                        }
-                    }
-                ]
-            }
-        )
-        self.assertEqual(
-            self.s3_handler.data_store.source,
-            "transitgateway",
-        )
-
 
 if __name__ == "__main__":
     unittest.main()