Managing HTTP Log Sources with Terraform
Manage HTTP log sources as code in Terraform
Overview
You can define your HTTP log source in Terraform using the Panther Terraform provider.
Other methods to create an HTTP log source include using the Panther API directly and manual creation in the Panther Console.
How to define your Panther HTTP log source in Terraform
The following sections outline how to define your HTTP log source in HashiCorp Configuration Language (HCL).
Prerequisite
Before starting, ensure you have an API URL and token with the
Manage Log Sourcespermission. This is required to complete Step 3.If needed, follow these instructions for creating an API token in the Panther Console.
Step 1: Choose an authentication method
Select an authentication method for your HTTP endpoint from the options listed on HTTP Source.
The authentication method you select will determine the variables you define in Step 2, below.
Step 2: Define variables
Define a
variables.tffile with the Panther variables shown in the code block below.
variable "panther_api_token" {
description = "Panther API token"
type = string
}
variable "panther_api_url" {
description = "Panther API URL"
type = string
}
variable "integration_label" {
description = "The name of the integration."
type = string
}
variable "auth_method" {
description = "Authentication method used."
type = string
}
// Auth variables are specific to auth_method. See table below
variable "auth_header_key" {
description = "Key for the authentication header."
type = string
}
variable "auth_secret_value" {
description = "Authentication secret value."
type = string
sensitive = true
}
// (Optional) Relevant only when log_stream_type = "JsonArray"
variable "json_array_envelope_field" {
description = "Envelope field for json array stream"
type = string
}Authentication method-specific variables
In your variables.tf file, include the values in the Additional variables column below for the authentication method you chose in Step 1.
Step 3: Provide values for the defined variables
Add a
*.tfvarsfile that assigns values to the variables you defined in Step 2. Note that to complete this section, you will need the API URL and token outlined in the Prerequisite section.Your
panther_api_urlvalue should be your root API URL. This is either:A GraphQL API URL without the
/public/graphqlsuffixA REST API URL as-is (REST URLs do not have a suffix after the root URL)
panther_api_token = "XXXXXXXXXX"
panther_api_url = "https://your-panther-url/v1"
integration_label = "test-integration"
auth_method = "SharedSecret" // SharedSecret, HMAC, Bearer, Basic, or None
// Auth variables are specific to auth_method. See table in Step 2
auth_header_key = "x-api-key"
auth_secret_value = "XXXXXXXXXX"
json_array_envelope_field = "records"Step 4: Define the Terraform provider
Add the Panther Terraform provider.
terraform {
required_providers {
panther = {
source = "panther-labs/panther"
version = "~> 0.2.4"
}
}
}Step 5: Define Panther HTTP log source
The following HCL configuration defines the HTTP log source in Panther.
provider "panther" {
token = var.panther_api_token
url = var.panther_api_url
}
resource "panther_httpsource" "demo_http_source" {
integration_label = var.integration_label
log_stream_type = "JSON" // Options: JSON, JsonArray, Auto, Lines, and CloudWatchLogs
log_types = ["AWS.CloudTrail"]
auth_method = var.auth_method
// Auth variables are specific to auth_method. See table in Step 2
auth_header_key = var.auth_header_key
auth_secret_value = var.auth_secret_value
// (Optional) Relevant only when log_stream_type = "JsonArray"
log_stream_type_options = {
json_array_envelope_field = var.json_array_envelope_field
}
}Last updated
Was this helpful?