This module creates all the proper policies, roles and S3 buckets so that Fullstory can connect to the Redshift Cluster or Workgroup and load data. For more information checkout this KB article.
This module does not create the permissions in your database that are required for Fullstory to create schemas. See this guide for instructions on how to grant your IAM role the correct permissions on your database objects.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 4.66.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_identifier | The identifier of the Redshift cluster. Required if you are using Redshift provisioned. | string |
"" |
no |
| database_arn | The ARN of the database within Redshift cluster. Required if you are using Redshift provisioned. This is not the cluster ARN, see https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-role-permissions.html for more information. | string |
"" |
no |
| fullstory_cidr_ipv4s | The CIDR block that Fullstory will use to connect to the Redshift cluster. | list(string) |
[] |
no |
| fullstory_data_center | The data center where your Fullstory account is hosted. Either 'NA1' or 'EU1'. See https://help.fullstory.com/hc/en-us/articles/8901113940375-Fullstory-Data-Residency for more information. | string |
"NA1" |
no |
| fullstory_google_audience | The Google audience identifier that Fullstory will use to assume the role in order to call AWS APIs | string |
"" |
no |
| is_serverless | Whether the Redshift cluster is serverless or not. If true, workgroup_arn is required. If false, database_arn is required. | bool |
n/a | yes |
| port | The port number where the Redshift cluster is listening. | number |
5439 |
no |
| prefix | The prefix to use for the resources created by this module. | string |
"fullstory" |
no |
| s3_bucket_name | The name of the S3 bucket where the Fullstory bundles are stored. | string |
n/a | yes |
| vpc_id | The VPC ID where the Redshift cluster or Redshift Serverless workgroup is deployed. | string |
n/a | yes |
| workgroup_arn | The ARN of the Redshift Serverless workgroup. Required if you are using Redshift Serverless. | string |
"" |
no |
| Name | Description |
|---|---|
| role_arn | The ARN of the role that Fullstory will use when loading data into Redshift. |
resource "aws_redshiftserverless_namespace" "main" {
namespace_name = "my-namespace"
manage_admin_password = true
}
resource "aws_redshiftserverless_workgroup" "main" {
namespace_name = aws_redshiftserverless_namespace.main.id
workgroup_name = "my-workgroup"
publicly_accessible = true # Your workgroup must be publicly accessible to allow Fullstory to access it.
# This is the minimum capacity for a serverless workgroup. See https://docs.aws.amazon.com/redshift/latest/mgmt/serverless-capacity.html for more details.
base_capacity = 8 #
subnet_ids = [
"my-subnet-1",
"my-subnet-2",
]
}
resource "aws_s3_bucket" "main" {
bucket = "my-bucket"
}
module "fullstory_redshift_setup" {
source = "fullstorydev/fullstory-redshift-setup/aws"
vpc_id = "my-vpc-id"
workgroup_arn = aws_redshiftserverless_workgroup.main.arn
s3_bucket_name = aws_s3_bucket.main.bucket
fullstory_data_center = "NA1" # If your Fullstory account is hosted in the EU, set this to "EU1".
}
output "fullstory_host" {
value = aws_redshiftserverless_workgroup.main.endpoint
description = "The host that should be entered when setting up this destination in Fullstory."
}
output "fullstory_port" {
value = aws_redshiftserverless_workgroup.main.port
description = "The host that should be entered when setting up this destination in Fullstory."
}
output "fullstory_role_arn" {
value = module.fullstory_redshift_setup.role_arn
description = "The role ARN that should be entered when setting up this destination in Fullstory."
}
output "fullstory_database" {
value = aws_redshiftserverless_namespace.main.db_name
description = "The database name that Fullstory will connect to."
}
output "fullstory_workgroup" {
value = aws_redshiftserverless_workgroup.main.id
description = "The workgroup identifier of the Redshift Serverless cluster."
}
output "fullstory_s3_bucket_name" {
value = aws_s3_bucket.main.bucket
description = "The name of the S3 bucket that Fullstory will use to store bundles."
}resource "aws_redshift_cluster" "main" {
cluster_identifier = "mycluster"
database_name = "mydatabase"
master_username = "mysuperuser"
node_type = "dc1.large"
cluster_type = "single-node"
manage_master_password = true
}
resource "aws_s3_bucket" "main" {
bucket = "my-bucket"
}
module "fullstory_redshift_setup" {
source = "fullstorydev/fullstory-redshift-setup/aws"
vpc_id = "my-vpc-id"
database_arn = "arn:aws:redshift:${local.region}:${local.account_id}:dbname:${aws_redshift_cluster.main.cluster_identifier}/${aws_redshift_cluster.main.database_name}"
cluster_identifier = aws_redshift_cluster.main.cluster_identifier
port = aws_redshift_cluster.main.port
s3_bucket_name = aws_s3_bucket.main.bucket
fullstory_data_center = "NA1" # If your Fullstory account is hosted in the EU, set this to "EU1".
}
output "fullstory_host" {
value = aws_redshift_cluster.main.dns_name
description = "The host that should be entered when setting up this destination in Fullstory."
}
output "fullstory_port" {
value = aws_redshift_cluster.main.port
description = "The host that should be entered when setting up this destination in Fullstory."
}
output "fullstory_role_arn" {
value = module.fullstory_redshift_setup.role_arn
description = "The role ARN that should be entered when setting up this destination in Fullstory."
}
output "fullstory_database" {
value = aws_redshift_cluster.main.database_name
description = "The database name that Fullstory will connect to."
}
output "fullstory_cluster_identifier" {
value = aws_redshift_cluster.main.cluster_identifier
description = "The identifier of the Redshift cluster."
}
output "fullstory_s3_bucket_name" {
value = aws_s3_bucket.main.bucket
description = "The name of the S3 bucket that Fullstory will use to store bundles."
}This module outputs some of the fields required by Fullstory to setup your Redshift connection. In order to view the outputs of this module, the outputs must also be included in your root module, then accessed via the Terraform CLI:
terraform output <name of your output varible > | pbcopyAlternatively, you can view all the configuration information inside the AWS console.
See CONTRIBUTING.md for best practices and instructions on setting up your dev environment.