Adding a saved cloudwatch query definition to the scp violation repor…

…t service (#430)
cds-snc · Feb 20, 2024 · 70b2e86 · 70b2e86
1 parent 56e7fc0
commit 70b2e86
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/terragrunt/aws/csp_violation_report_service/alarms.tf b/terragrunt/aws/csp_violation_report_service/alarms.tf
@@ -26,3 +26,19 @@ resource "aws_cloudwatch_metric_alarm" "csp_report_error" {
   alarm_actions = [local.sns_alarm_topic_arn]
   ok_actions    = [local.sns_alarm_topic_arn]
 }
+
+
+resource "aws_cloudwatch_query_definition" "scp_report_error_query" {
+  name = "SCP Report Errors"
+
+  log_group_names = [
+    local.csp_reports_log_group_name
+  ]
+
+  query_string = <<-QUERY
+    fields @timestamp, @message, @logStream
+    | filter @message like /(?i)ERROR/
+    | sort @timestamp desc
+    | limit 20
+  QUERY
+}