From 32f75c16372bb08da54b45430ff812b29c256c8d Mon Sep 17 00:00:00 2001 From: Sven Lito <57947418+svenlito@users.noreply.github.com> Date: Thu, 8 Apr 2021 23:25:27 +0700 Subject: [PATCH] feat: Some refactoring and added ability to handle default bus (#5) --- .github/workflows/pre-commit.yml | 4 +- .pre-commit-config.yaml | 1 - README.md | 113 ++++++++----- examples/api-gateway-event-source/README.md | 12 +- examples/api-gateway-event-source/main.tf | 22 +-- examples/api-gateway-event-source/versions.tf | 8 + examples/cloudwatch-target/main.tf | 68 -------- examples/complete/README.md | 8 +- examples/complete/main.tf | 149 +++++++++++------- .../sfn.asl.yaml | 1 - examples/complete/versions.tf | 8 + .../README.md | 13 +- examples/default-bus/main.tf | 45 ++++++ .../outputs.tf | 0 .../variables.tf | 0 examples/default-bus/versions.tf | 8 + examples/simple/README.md | 53 ------- examples/simple/main.tf | 34 ---- examples/simple/outputs.tf | 5 - examples/simple/variables.tf | 0 examples/sqs-target/README.md | 62 -------- examples/sqs-target/main.tf | 115 -------------- examples/sqs-target/outputs.tf | 14 -- examples/sqs-target/variables.tf | 0 examples/step-function-target/README.md | 55 ------- examples/step-function-target/main.tf | 79 ---------- examples/step-function-target/outputs.tf | 5 - examples/step-function-target/variables.tf | 0 examples/transform-input/README.md | 57 ------- examples/transform-input/main.tf | 84 ---------- examples/transform-input/outputs.tf | 5 - examples/transform-input/variables.tf | 0 examples/with-archive/README.md | 10 +- examples/with-archive/main.tf | 106 ++++++------- examples/with-archive/versions.tf | 8 + examples/with-permissions/README.md | 10 +- examples/with-permissions/main.tf | 36 ++--- examples/with-permissions/versions.tf | 8 + iam.tf | 7 +- main.tf | 55 ++++--- variables.tf | 74 ++++----- versions.tf | 2 +- 42 files changed, 420 insertions(+), 924 deletions(-) create mode 100644 examples/api-gateway-event-source/versions.tf delete mode 100644 examples/cloudwatch-target/main.tf rename examples/{step-function-target => complete}/sfn.asl.yaml (97%) create mode 100644 examples/complete/versions.tf rename examples/{cloudwatch-target => default-bus}/README.md (84%) create mode 100644 examples/default-bus/main.tf rename examples/{cloudwatch-target => default-bus}/outputs.tf (100%) rename examples/{cloudwatch-target => default-bus}/variables.tf (100%) create mode 100644 examples/default-bus/versions.tf delete mode 100644 examples/simple/README.md delete mode 100644 examples/simple/main.tf delete mode 100644 examples/simple/outputs.tf delete mode 100644 examples/simple/variables.tf delete mode 100644 examples/sqs-target/README.md delete mode 100644 examples/sqs-target/main.tf delete mode 100644 examples/sqs-target/outputs.tf delete mode 100644 examples/sqs-target/variables.tf delete mode 100644 examples/step-function-target/README.md delete mode 100644 examples/step-function-target/main.tf delete mode 100644 examples/step-function-target/outputs.tf delete mode 100644 examples/step-function-target/variables.tf delete mode 100644 examples/transform-input/README.md delete mode 100644 examples/transform-input/main.tf delete mode 100644 examples/transform-input/outputs.tf delete mode 100644 examples/transform-input/variables.tf create mode 100644 examples/with-archive/versions.tf create mode 100644 examples/with-permissions/versions.tf diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 2be2f5d..59cd0a8 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -1,4 +1,3 @@ ---- name: Pre-Commit on: @@ -59,6 +58,7 @@ jobs: run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf) + # Max Terraform version getBaseVersion: name: Module max TF version @@ -94,7 +94,7 @@ jobs: - name: Install pre-commit dependencies run: | pip install pre-commit - curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ + curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12\..+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit # Run all pre-commit checks on max version supported diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ed7b682..8814cf6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,4 +1,3 @@ ---- repos: - repo: git://github.com/antonbabenko/pre-commit-terraform rev: v1.48.0 diff --git a/README.md b/README.md index 106bf25..43afc48 100644 --- a/README.md +++ b/README.md @@ -4,15 +4,16 @@ Terraform module to create EventBridge resources. The following resources are currently supported: -* [Cloudwatch Event Archive](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_archive) -* [Cloudwatch Event Bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) -* [Cloudwatch Event Permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_permission) -* [Cloudwatch Event Rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) -* [Cloudwatch Event Target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) +* [EventBridge Archive](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_archive) +* [EventBridge Bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) +* [EventBridge Permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_permission) +* [EventBridge Rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) +* [EventBridge Target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) ## Features -- [x] Creates AWS EventBridge Resources +- [x] Creates AWS EventBridge Resources (bus, rules, targets, permissions) +- [x] Attach resources to an existing EventBridge bus - [x] Support AWS EventBridge Archives and Replays - [x] Conditional creation for many types of resources - [x] Support IAM policy attachments and various ways to create and attach additional policies @@ -20,6 +21,50 @@ The following resources are currently supported: ## Usage +### EventBridge Complete + +Most common use-case which creates custom bus, rules and targets. + +```hcl +module "eventbridge" { + source = "terraform-aws-modules/eventbridge/aws" + + bus_name = "my-bus" + + rules = { + orders = { + description = "Capture all order data" + event_pattern = jsonencode({ "source" : ["myapp.orders"] }) + enabled = true + } + } + + targets = { + orders = [ + { + name = "send-orders-to-sqs" + arn = aws_sqs_queue.queue.arn + dead_letter_arn = aws_sqs_queue.dlq.arn + }, + { + name = "send-orders-to-kinesis" + arn = aws_kinesis_stream.this.arn + dead_letter_arn = aws_sqs_queue.dlq.arn + input_transformer = local.kinesis_input_transformer + }, + { + name = "log-orders-to-cloudwatch" + arn = aws_cloudwatch_log_group.this.arn + } + ] + } + + tags = { + Name = "my-bus" + } +} +``` + ### EventBridge Bus ```hcl @@ -50,10 +95,6 @@ module "eventbridge" { event_pattern = jsonencode({ "source" : ["my.app.logs"] }) } } - - tags = { - Name = "my-bus" - } } ``` @@ -84,10 +125,6 @@ module "eventbridge" { } ] } - - tags = { - Name = "my-bus" - } } ``` @@ -101,9 +138,8 @@ module "eventbridge_with_archive" { create_archives = true - archive_config = [ - { - name = "my-bus-launch-archive", + archives = { + "my-bus-launch-archive" = { description = "EC2 AutoScaling Event archive", retention_days = 1 event_pattern = < ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | ## Providers @@ -266,7 +297,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [archive\_config](#input\_archive\_config) | A list of objects with the EventBridge Archive definitions. | `list(any)` | `[]` | no | +| [archives](#input\_archives) | A map of objects with the EventBridge Archive definitions. | `map(any)` | `{}` | no | | [attach\_cloudwatch\_policy](#input\_attach\_cloudwatch\_policy) | Controls whether the Cloudwatch policy should be added to IAM role for EventBridge Target | `bool` | `false` | no | | [attach\_ecs\_policy](#input\_attach\_ecs\_policy) | Controls whether the ECS policy should be added to IAM role for EventBridge Target | `bool` | `false` | no | | [attach\_kinesis\_firehose\_policy](#input\_attach\_kinesis\_firehose\_policy) | Controls whether the Kinesis Firehose policy should be added to IAM role for EventBridge Target | `bool` | `false` | no | @@ -280,7 +311,7 @@ No modules. | [attach\_sfn\_policy](#input\_attach\_sfn\_policy) | Controls whether the StepFunction policy should be added to IAM role for EventBridge Target | `bool` | `false` | no | | [attach\_sqs\_policy](#input\_attach\_sqs\_policy) | Controls whether the SQS policy should be added to IAM role for EventBridge Target | `bool` | `false` | no | | [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for EventBridge | `bool` | `false` | no | -| [bus\_name](#input\_bus\_name) | A unique name for your EventBridge Bus | `string` | `""` | no | +| [bus\_name](#input\_bus\_name) | A unique name for your EventBridge Bus | `string` | `"default"` | no | | [cloudwatch\_target\_arns](#input\_cloudwatch\_target\_arns) | The Amazon Resource Name (ARN) of the Cloudwatch Log Streams you want to use as EventBridge targets | `list(string)` | `[]` | no | | [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no | | [create\_archives](#input\_create\_archives) | Controls whether EventBridge Archive resources should be created | `bool` | `false` | no | @@ -295,7 +326,7 @@ No modules. | [lambda\_target\_arns](#input\_lambda\_target\_arns) | The Amazon Resource Name (ARN) of the Lambda Functions you want to use as EventBridge targets | `list(string)` | `[]` | no | | [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role | `number` | `0` | no | | [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role | `number` | `0` | no | -| [permission\_config](#input\_permission\_config) | A list of objects with EventBridge Permission definitions. | `list(any)` | `[]` | no | +| [permissions](#input\_permissions) | A map of objects with EventBridge Permission definitions. | `map(any)` | `{}` | no | | [policies](#input\_policies) | List of policy statements ARN to attach to IAM role | `list(string)` | `[]` | no | | [policy](#input\_policy) | An additional policy document ARN to attach to IAM role | `string` | `null` | no | | [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to IAM role | `string` | `null` | no | @@ -311,7 +342,7 @@ No modules. | [sfn\_target\_arns](#input\_sfn\_target\_arns) | The Amazon Resource Name (ARN) of the StepFunctions you want to use as EventBridge targets | `list(string)` | `[]` | no | | [sqs\_target\_arns](#input\_sqs\_target\_arns) | The Amazon Resource Name (ARN) of the AWS SQS Queues you want to use as EventBridge targets | `list(string)` | `[]` | no | | [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no | -| [targets](#input\_targets) | A Map of objects with EventBridge Target definitions. | `any` | `{}` | no | +| [targets](#input\_targets) | A map of objects with EventBridge Target definitions. | `any` | `{}` | no | | [trusted\_entities](#input\_trusted\_entities) | Step Function additional trusted entities for assuming roles (trust relationship) | `list(string)` | `[]` | no | ## Outputs diff --git a/examples/api-gateway-event-source/README.md b/examples/api-gateway-event-source/README.md index 5ce1768..d59b619 100644 --- a/examples/api-gateway-event-source/README.md +++ b/examples/api-gateway-event-source/README.md @@ -19,24 +19,24 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.14.0 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | +| [random](#requirement\_random) | >= 3 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.19 | -| [random](#provider\_random) | >= 0 | +| [random](#provider\_random) | >= 3 | ## Modules | Name | Source | Version | |------|--------|---------| -| [api\_gateway](#module\_api\_gateway) | terraform-aws-modules/apigateway-v2/aws | 0.14.0 | -| [apigateway\_put\_events\_to\_eventbridge\_policy](#module\_apigateway\_put\_events\_to\_eventbridge\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | 3.13.0 | -| [apigateway\_put\_events\_to\_eventbridge\_role](#module\_apigateway\_put\_events\_to\_eventbridge\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | 3.13.0 | +| [api\_gateway](#module\_api\_gateway) | terraform-aws-modules/apigateway-v2/aws | ~> 0 | +| [apigateway\_put\_events\_to\_eventbridge\_policy](#module\_apigateway\_put\_events\_to\_eventbridge\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | ~> 3 | +| [apigateway\_put\_events\_to\_eventbridge\_role](#module\_apigateway\_put\_events\_to\_eventbridge\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | ~> 3 | | [eventbridge](#module\_eventbridge) | ../../ | | ## Resources diff --git a/examples/api-gateway-event-source/main.tf b/examples/api-gateway-event-source/main.tf index 8e939ee..d37fa88 100644 --- a/examples/api-gateway-event-source/main.tf +++ b/examples/api-gateway-event-source/main.tf @@ -1,12 +1,3 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - provider "aws" { region = "ap-southeast-1" @@ -66,7 +57,7 @@ resource "random_pet" "this" { module "api_gateway" { source = "terraform-aws-modules/apigateway-v2/aws" - version = "0.14.0" + version = "~> 0" name = "${random_pet.this.id}-http" description = "My ${random_pet.this.id} HTTP API Gateway" @@ -95,16 +86,14 @@ module "api_gateway" { module "apigateway_put_events_to_eventbridge_role" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" - version = "3.13.0" + version = "~> 3" create_role = true role_name = "apigateway-put-events-to-eventbridge" role_requires_mfa = false - trusted_role_services = [ - "apigateway.amazonaws.com" - ] + trusted_role_services = ["apigateway.amazonaws.com"] custom_role_policy_arns = [ module.apigateway_put_events_to_eventbridge_policy.arn @@ -113,10 +102,9 @@ module "apigateway_put_events_to_eventbridge_role" { module "apigateway_put_events_to_eventbridge_policy" { source = "terraform-aws-modules/iam/aws//modules/iam-policy" - version = "3.13.0" + version = "~> 3" name = "apigateway-put-events-to-eventbridge" - path = "/" description = "Allow PutEvents to EventBridge" policy = data.aws_iam_policy_document.apigateway_put_events_to_eventbridge_policy.json @@ -149,10 +137,12 @@ data "aws_iam_policy_document" "queue" { statement { sid = "AllowSendMessage" actions = ["sqs:SendMessage"] + principals { type = "Service" identifiers = ["events.amazonaws.com"] } + resources = [aws_sqs_queue.queue.arn] } } diff --git a/examples/api-gateway-event-source/versions.tf b/examples/api-gateway-event-source/versions.tf new file mode 100644 index 0000000..82a020b --- /dev/null +++ b/examples/api-gateway-event-source/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.13.1" + + required_providers { + aws = ">= 3.19" + random = ">= 3" + } +} diff --git a/examples/cloudwatch-target/main.tf b/examples/cloudwatch-target/main.tf deleted file mode 100644 index 3ba6bb5..0000000 --- a/examples/cloudwatch-target/main.tf +++ /dev/null @@ -1,68 +0,0 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - -provider "aws" { - region = "ap-southeast-1" - - # Make it faster by skipping something - skip_get_ec2_platforms = true - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true - skip_requesting_account_id = true -} - -module "eventbridge" { - source = "../../" - - bus_name = "${random_pet.this.id}-bus" - - attach_cloudwatch_policy = true - - cloudwatch_target_arns = [ - aws_cloudwatch_log_group.this.arn - ] - - rules = { - orders = { - description = "Capture all created orders", - event_pattern = jsonencode({ "source" : ["orders.create"] }) - } - } - - targets = { - orders = [ - { - name = "log-orders-to-cloudwatch" - arn = aws_cloudwatch_log_group.this.arn - } - ] - } - - tags = { - Name = "${random_pet.this.id}-bus" - } -} - -################## -# Extra resources -################## - -resource "random_pet" "this" { - length = 2 -} - -resource "aws_cloudwatch_log_group" "this" { - name = "/aws/events/${random_pet.this.id}" - - tags = { - Name = "${random_pet.this.id}-log-group" - } -} - diff --git a/examples/complete/README.md b/examples/complete/README.md index d5ad6b2..08e517a 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -19,22 +19,23 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.14.0 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | +| [random](#requirement\_random) | >= 3 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.19 | -| [random](#provider\_random) | >= 0 | +| [random](#provider\_random) | >= 3 | ## Modules | Name | Source | Version | |------|--------|---------| | [eventbridge](#module\_eventbridge) | ../../ | | +| [step\_function](#module\_step\_function) | terraform-aws-modules/step-functions/aws | ~> 1.0 | ## Resources @@ -43,6 +44,7 @@ Note that this example may create resources which cost money. Run `terraform des | [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource | | [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [aws_sqs_queue.fifo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | | [aws_sqs_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | | [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 6b0f193..900fb37 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,12 +1,3 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - provider "aws" { region = "ap-southeast-1" @@ -18,60 +9,28 @@ provider "aws" { skip_requesting_account_id = true } -resource "random_pet" "this" { - length = 2 -} - module "eventbridge" { source = "../../" bus_name = "${random_pet.this.id}-bus" - create_bus = true - create_rules = true - create_targets = true - create_archives = true - create_permissions = true + attach_tracing_policy = true - attach_tracing_policy = true - attach_kinesis_policy = true - attach_kinesis_firehose_policy = true - attach_sqs_policy = true - attach_ecs_policy = true - attach_lambda_policy = true - attach_sfn_policy = true - attach_cloudwatch_policy = true + attach_kinesis_policy = true + kinesis_target_arns = [aws_kinesis_stream.this.arn] - sqs_target_arns = [aws_sqs_queue.queue.arn] - ecs_target_arns = [] - kinesis_target_arns = [aws_kinesis_stream.this.arn] - kinesis_firehose_target_arns = [] - lambda_target_arns = [] - sfn_target_arns = [] - cloudwatch_target_arns = [aws_cloudwatch_log_group.this.arn] + attach_sfn_policy = true + sfn_target_arns = [module.step_function.this_state_machine_arn] - permission_config = [ - { - account_id = "099720109477", - statement_id = "canonical" - }, - { - account_id = "099720109466", - statement_id = "canonical_two" - } + attach_sqs_policy = true + sqs_target_arns = [ + aws_sqs_queue.queue.arn, + aws_sqs_queue.fifo.arn, + aws_sqs_queue.dlq.arn ] - archive_config = [ - { - description = "some archive" - retention_days = 1 - event_pattern = < [terraform](#requirement\_terraform) | >= 0.14.0 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | +| [random](#requirement\_random) | >= 3 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.19 | -| [random](#provider\_random) | >= 0 | +| [random](#provider\_random) | >= 3 | ## Modules @@ -40,7 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| -| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_sqs_queue.products](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs @@ -53,3 +53,4 @@ No inputs. |------|-------------| | [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN | + diff --git a/examples/default-bus/main.tf b/examples/default-bus/main.tf new file mode 100644 index 0000000..895f71e --- /dev/null +++ b/examples/default-bus/main.tf @@ -0,0 +1,45 @@ +provider "aws" { + region = "ap-southeast-1" + + # Make it faster by skipping something + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true + skip_requesting_account_id = true +} + +module "eventbridge" { + source = "../../" + + create_bus = false + + rules = { + product_create = { + description = "product create rule", + event_pattern = jsonencode({ "source" : ["product.create"] }) + } + } + + targets = { + product_create = [ + { + arn = aws_sqs_queue.products.arn + name = "send-product-to-sqs" + } + ] + } +} + +################## +# Extra resources +################## + +resource "random_pet" "this" { + length = 2 +} + +resource "aws_sqs_queue" "products" { + name = random_pet.this.id +} + diff --git a/examples/cloudwatch-target/outputs.tf b/examples/default-bus/outputs.tf similarity index 100% rename from examples/cloudwatch-target/outputs.tf rename to examples/default-bus/outputs.tf diff --git a/examples/cloudwatch-target/variables.tf b/examples/default-bus/variables.tf similarity index 100% rename from examples/cloudwatch-target/variables.tf rename to examples/default-bus/variables.tf diff --git a/examples/default-bus/versions.tf b/examples/default-bus/versions.tf new file mode 100644 index 0000000..82a020b --- /dev/null +++ b/examples/default-bus/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.13.1" + + required_providers { + aws = ">= 3.19" + random = ">= 3" + } +} diff --git a/examples/simple/README.md b/examples/simple/README.md deleted file mode 100644 index 418c54d..0000000 --- a/examples/simple/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# EventBridge Simple Example - -Configuration in this directory creates EventBridge resource configuration. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.14.0 | -| [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | - -## Providers - -| Name | Version | -|------|---------| -| [random](#provider\_random) | >= 0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eventbridge](#module\_eventbridge) | ../../ | | - -## Resources - -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN | - diff --git a/examples/simple/main.tf b/examples/simple/main.tf deleted file mode 100644 index e2dfbb2..0000000 --- a/examples/simple/main.tf +++ /dev/null @@ -1,34 +0,0 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - -provider "aws" { - region = "ap-southeast-1" - - # Make it faster by skipping something - skip_get_ec2_platforms = true - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true - skip_requesting_account_id = true -} - -resource "random_pet" "this" { - length = 2 -} - -module "eventbridge" { - source = "../../" - - bus_name = "${random_pet.this.id}-bus" - - tags = { - Name = "${random_pet.this.id}-bus" - } -} - diff --git a/examples/simple/outputs.tf b/examples/simple/outputs.tf deleted file mode 100644 index 7a3ecdc..0000000 --- a/examples/simple/outputs.tf +++ /dev/null @@ -1,5 +0,0 @@ -output "eventbridge_bus_arn" { - description = "The EventBridge Bus ARN" - value = module.eventbridge.this_eventbridge_bus_arn -} - diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/sqs-target/README.md b/examples/sqs-target/README.md deleted file mode 100644 index e1d8817..0000000 --- a/examples/sqs-target/README.md +++ /dev/null @@ -1,62 +0,0 @@ -# EventBridge SQS Example - -Configuration in this directory creates EventBridge resource configuration. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.14.0 | -| [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 3.19 | -| [random](#provider\_random) | >= 0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eventbridge](#module\_eventbridge) | ../../ | | - -## Resources - -| Name | Type | -|------|------| -| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [aws_sqs_queue.fifo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [aws_sqs_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_iam_policy_document.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN | -| [eventbridge\_rule\_arns](#output\_eventbridge\_rule\_arns) | The EventBridge Rule ARNs | -| [eventbridge\_rule\_ids](#output\_eventbridge\_rule\_ids) | The EventBridge Rule IDs | - - diff --git a/examples/sqs-target/main.tf b/examples/sqs-target/main.tf deleted file mode 100644 index a5afedb..0000000 --- a/examples/sqs-target/main.tf +++ /dev/null @@ -1,115 +0,0 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - -provider "aws" { - region = "ap-southeast-1" - - # Make it faster by skipping something - skip_get_ec2_platforms = true - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true - skip_requesting_account_id = true -} - -module "eventbridge" { - source = "../../" - - bus_name = "${random_pet.this.id}-bus" - - attach_sqs_policy = true - sqs_target_arns = [ - aws_sqs_queue.queue.arn, - aws_sqs_queue.fifo.arn, - aws_sqs_queue.dlq.arn - ] - - rules = { - orders = { - description = "Capture all created orders", - event_pattern = jsonencode({ "source" : ["orders.create"] }) - } - } - - targets = { - orders = [ - { - name = "send-orders-to-sqs" - arn = aws_sqs_queue.queue.arn - }, - { - name = "send-orders-to-sqs-wth-dead-letter" - arn = aws_sqs_queue.queue.arn - dead_letter_arn = aws_sqs_queue.dlq.arn - }, - { - name = "send-orders-to-sqs-with-retry-policy" - arn = aws_sqs_queue.queue.arn - dead_letter_arn = aws_sqs_queue.dlq.arn - retry_policy = { - maximum_retry_attempts = 10 - maximum_event_age_in_seconds = 300 - } - }, - { - name = "send-orders-to-fifo-sqs" - arn = aws_sqs_queue.fifo.arn - dead_letter_arn = aws_sqs_queue.dlq.arn - message_group_id = "send-orders-to-fifo-sqs" - } - ] - } - - tags = { - Name = "${random_pet.this.id}-bus" - } -} - -################## -# Extra resources -################## - -resource "random_pet" "this" { - length = 2 -} - -resource "aws_sqs_queue" "queue" { - name = random_pet.this.id -} - -resource "aws_sqs_queue" "fifo" { - name = "${random_pet.this.id}.fifo" - fifo_queue = true - content_based_deduplication = true -} - -resource "aws_sqs_queue" "dlq" { - name = "${random_pet.this.id}-dlq" -} - -resource "aws_sqs_queue_policy" "queue" { - queue_url = aws_sqs_queue.queue.id - policy = data.aws_iam_policy_document.queue.json -} - -data "aws_iam_policy_document" "queue" { - statement { - sid = "events-policy" - actions = ["sqs:SendMessage"] - principals { - type = "Service" - identifiers = ["events.amazonaws.com"] - } - resources = [ - aws_sqs_queue.queue.arn, - aws_sqs_queue.fifo.arn - ] - } -} - diff --git a/examples/sqs-target/outputs.tf b/examples/sqs-target/outputs.tf deleted file mode 100644 index 4b50256..0000000 --- a/examples/sqs-target/outputs.tf +++ /dev/null @@ -1,14 +0,0 @@ -output "eventbridge_bus_arn" { - description = "The EventBridge Bus ARN" - value = module.eventbridge.this_eventbridge_bus_arn -} - -output "eventbridge_rule_ids" { - description = "The EventBridge Rule IDs" - value = module.eventbridge.this_eventbridge_rule_ids -} - -output "eventbridge_rule_arns" { - description = "The EventBridge Rule ARNs" - value = module.eventbridge.this_eventbridge_rule_arns -} diff --git a/examples/sqs-target/variables.tf b/examples/sqs-target/variables.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/step-function-target/README.md b/examples/step-function-target/README.md deleted file mode 100644 index 49aefa2..0000000 --- a/examples/step-function-target/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# EventBridge StepFunction Example - -Configuration in this directory creates EventBridge resource configuration. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.14.0 | -| [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | - -## Providers - -| Name | Version | -|------|---------| -| [random](#provider\_random) | >= 0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eventbridge](#module\_eventbridge) | ../../ | | -| [step\_function](#module\_step\_function) | terraform-aws-modules/step-functions/aws | 1.2.0 | - -## Resources - -| Name | Type | -|------|------| -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN | - - diff --git a/examples/step-function-target/main.tf b/examples/step-function-target/main.tf deleted file mode 100644 index dc694b0..0000000 --- a/examples/step-function-target/main.tf +++ /dev/null @@ -1,79 +0,0 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - -provider "aws" { - region = "ap-southeast-1" - - # Make it faster by skipping something - skip_get_ec2_platforms = true - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true - skip_requesting_account_id = true -} - -module "eventbridge" { - source = "../../" - - bus_name = "${random_pet.this.id}-bus" - - attach_sfn_policy = true - sfn_target_arns = [module.step_function.this_state_machine_arn] - - rules = { - orders = { - description = "Capture order data" - event_pattern = jsonencode({ "source" : ["orders.create"] }) - } - } - - targets = { - orders = [ - { - name = "process-order-with-sfn" - arn = module.step_function.this_state_machine_arn - attach_role_arn = true - } - ] - } - - tags = { - Name = "${random_pet.this.id}-bus" - } -} - -################## -# Extra resources -################## - -resource "random_pet" "this" { - length = 2 -} - -module "step_function" { - source = "terraform-aws-modules/step-functions/aws" - version = "1.2.0" - - name = random_pet.this.id - - definition = jsonencode(yamldecode(templatefile("sfn.asl.yaml", {}))) - - trusted_entities = ["events.amazonaws.com"] - - service_integrations = { - stepfunction = { - stepfunction = ["*"] - } - } - - tags = { - Name = "${random_pet.this.id}-step-function" - } -} - diff --git a/examples/step-function-target/outputs.tf b/examples/step-function-target/outputs.tf deleted file mode 100644 index 7a3ecdc..0000000 --- a/examples/step-function-target/outputs.tf +++ /dev/null @@ -1,5 +0,0 @@ -output "eventbridge_bus_arn" { - description = "The EventBridge Bus ARN" - value = module.eventbridge.this_eventbridge_bus_arn -} - diff --git a/examples/step-function-target/variables.tf b/examples/step-function-target/variables.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/transform-input/README.md b/examples/transform-input/README.md deleted file mode 100644 index 6041b29..0000000 --- a/examples/transform-input/README.md +++ /dev/null @@ -1,57 +0,0 @@ -# EventBridge Input Transform Example - -Configuration in this directory creates EventBridge resource configuration. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.14.0 | -| [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 3.19 | -| [random](#provider\_random) | >= 0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eventbridge](#module\_eventbridge) | ../../ | | - -## Resources - -| Name | Type | -|------|------| -| [aws_sqs_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | -| [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_iam_policy_document.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN | - diff --git a/examples/transform-input/main.tf b/examples/transform-input/main.tf deleted file mode 100644 index 6c6547f..0000000 --- a/examples/transform-input/main.tf +++ /dev/null @@ -1,84 +0,0 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - -provider "aws" { - region = "ap-southeast-1" - - # Make it faster by skipping something - skip_get_ec2_platforms = true - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true - skip_requesting_account_id = true -} - -module "eventbridge" { - source = "../../" - - bus_name = "${random_pet.this.id}-bus" - - rules = { - orders = { - description = "Capture all order data" - event_pattern = jsonencode({ "source" : ["orders.create"] }) - } - } - - targets = { - orders = [ - { - name = "send-orders-to-sqs" - arn = aws_sqs_queue.queue.arn - input_transformer = { - input_paths = { - order_id = "$.detail.order_id" - } - input_template = < - } - EOF - } - } - ] - } - - tags = { - Name = "${random_pet.this.id}-bus" - } -} - -################## -# Extra resources -################## - -resource "random_pet" "this" { - length = 2 -} - -resource "aws_sqs_queue" "queue" { - name = "${random_pet.this.id}-queue" -} - -resource "aws_sqs_queue_policy" "queue" { - queue_url = aws_sqs_queue.queue.id - policy = data.aws_iam_policy_document.queue.json -} - -data "aws_iam_policy_document" "queue" { - statement { - sid = "events-policy" - actions = ["sqs:SendMessage"] - principals { - type = "Service" - identifiers = ["events.amazonaws.com"] - } - resources = [aws_sqs_queue.queue.arn] - } -} diff --git a/examples/transform-input/outputs.tf b/examples/transform-input/outputs.tf deleted file mode 100644 index 7a3ecdc..0000000 --- a/examples/transform-input/outputs.tf +++ /dev/null @@ -1,5 +0,0 @@ -output "eventbridge_bus_arn" { - description = "The EventBridge Bus ARN" - value = module.eventbridge.this_eventbridge_bus_arn -} - diff --git a/examples/transform-input/variables.tf b/examples/transform-input/variables.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/with-archive/README.md b/examples/with-archive/README.md index 7a610c4..4e8578d 100644 --- a/examples/with-archive/README.md +++ b/examples/with-archive/README.md @@ -1,6 +1,6 @@ # EventBridge Archive Example -Configuration in this directory creates EventBridge resource configuration. +Configuration in this directory creates EventBridge Archives resources in various configurations. ## Usage @@ -19,16 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.14.0 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | +| [random](#requirement\_random) | >= 3 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.19 | -| [random](#provider\_random) | >= 0 | +| [random](#provider\_random) | >= 3 | ## Modules @@ -41,7 +41,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| -| [aws_cloudwatch_event_bus.pre_existing_bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource | +| [aws_cloudwatch_event_bus.existing_bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs diff --git a/examples/with-archive/main.tf b/examples/with-archive/main.tf index 2388b31..9404ea2 100644 --- a/examples/with-archive/main.tf +++ b/examples/with-archive/main.tf @@ -1,12 +1,3 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - provider "aws" { region = "ap-southeast-1" @@ -18,83 +9,76 @@ provider "aws" { skip_requesting_account_id = true } -resource "random_pet" "this" { - length = 2 -} - module "eventbridge" { source = "../../" + create_bus = true create_archives = true - archive_config = [ - { - name = "${random_pet.this.id}-launch-archive", - description = "${random_pet.this.id}-launch-archive", - retention_days = 1 - event_pattern = < [terraform](#requirement\_terraform) | >= 0.14.0 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.19 | -| [random](#requirement\_random) | >= 0 | +| [random](#requirement\_random) | >= 3 | ## Providers | Name | Version | |------|---------| -| [random](#provider\_random) | >= 0 | +| [aws](#provider\_aws) | >= 3.19 | +| [random](#provider\_random) | >= 3 | ## Modules @@ -39,6 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| +| [aws_cloudwatch_event_bus.external](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs diff --git a/examples/with-permissions/main.tf b/examples/with-permissions/main.tf index a2f27b9..b18f8a3 100644 --- a/examples/with-permissions/main.tf +++ b/examples/with-permissions/main.tf @@ -1,12 +1,3 @@ -terraform { - required_version = ">= 0.14.0" - - required_providers { - aws = ">= 3.19" - random = ">= 0" - } -} - provider "aws" { region = "ap-southeast-1" @@ -21,20 +12,21 @@ provider "aws" { module "eventbridge" { source = "../../" + bus_name = "${random_pet.this.id}-bus" + create_permissions = true - permission_config = [ - { - account_id = "099720109477", - statement_id = "canonical" - }, - { - account_id = "099720109466", - statement_id = "canonical_two" - } - ] + permissions = { + "099720109477 DevAccess" = {} - bus_name = "${random_pet.this.id}-bus" + "099720109466 ProdAccess" = { + action = "events:PutEvents" + } + + "* PublicAccessToExternalBus" = { + event_bus_name = aws_cloudwatch_event_bus.external.name + } + } tags = { Name = "${random_pet.this.id}-bus" @@ -48,3 +40,7 @@ module "eventbridge" { resource "random_pet" "this" { length = 2 } + +resource "aws_cloudwatch_event_bus" "external" { + name = "${random_pet.this.id}-external" +} diff --git a/examples/with-permissions/versions.tf b/examples/with-permissions/versions.tf new file mode 100644 index 0000000..82a020b --- /dev/null +++ b/examples/with-permissions/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_version = ">= 0.13.1" + + required_providers { + aws = ">= 3.19" + random = ">= 3" + } +} diff --git a/iam.tf b/iam.tf index 381b1ff..65fb81c 100644 --- a/iam.tf +++ b/iam.tf @@ -1,6 +1,11 @@ locals { create_role = var.create && var.create_bus && var.create_role - role_name = local.create_role ? coalesce(var.role_name, var.bus_name, "*") : null + + # Defaulting to "*" (an invalid character for an IAM Role name) will cause an error when + # attempting to plan if the role_name and bus_name are not set. This is a workaround + # that will allow one to import resources without receiving an error from coalesce. + # @see https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/83 + role_name = local.create_role ? coalesce(var.role_name, var.bus_name, "*") : null } ########### diff --git a/main.tf b/main.tf index 81ebcb7..42f3723 100644 --- a/main.tf +++ b/main.tf @@ -1,12 +1,18 @@ locals { eventbridge_rules = flatten([ for index, rule in var.rules : - merge(rule, { "name" = index }) + merge(rule, { + "name" = index + "Name" = "${replace(index, "_", "-")}-rule" + }) ]) eventbridge_targets = flatten([ for index, rule in var.rules : [ for target in var.targets[index] : - merge(target, { "rule" = index }) + merge(target, { + "rule" = index + "Name" = "${replace(index, "_", "-")}-rule" + }) ] if length(var.targets) != 0 ]) } @@ -23,19 +29,19 @@ resource "aws_cloudwatch_event_rule" "this" { for rule in local.eventbridge_rules : rule.name => rule } : {} - name = "${replace(each.value.name, "_", "-")}-rule" + name = each.value.Name + name_prefix = lookup(each.value, "name_prefix", null) - event_bus_name = aws_cloudwatch_event_bus.this[0].name + event_bus_name = var.create_bus ? aws_cloudwatch_event_bus.this[0].name : "default" description = lookup(each.value, "description", null) - name_prefix = lookup(each.value, "name_prefix", null) is_enabled = lookup(each.value, "enabled", true) event_pattern = lookup(each.value, "event_pattern", null) schedule_expression = lookup(each.value, "schedule_expression", null) - role_arn = aws_iam_role.eventbridge[0].arn + role_arn = lookup(each.value, "role_arn", false) ? aws_iam_role.eventbridge[0].arn : null tags = merge(var.tags, { - Name = "${replace(each.value.name, "_", "-")}-rule" + Name = each.value.Name }) } @@ -44,12 +50,12 @@ resource "aws_cloudwatch_event_target" "this" { for target in local.eventbridge_targets : target.name => target } : tomap({}) - event_bus_name = aws_cloudwatch_event_bus.this[0].name + event_bus_name = var.create_bus ? aws_cloudwatch_event_bus.this[0].name : "default" - rule = "${replace(each.value.rule, "_", "-")}-rule" + rule = each.value.Name arn = each.value.arn - role_arn = lookup(each.value, "attach_role_arn", null) != null ? aws_iam_role.eventbridge[0].arn : null + role_arn = lookup(each.value, "attach_role_arn", null) != null ? try(aws_iam_role.eventbridge[0].arn, "") : null target_id = lookup(each.value, "target_id", null) input = lookup(each.value, "input", null) input_path = lookup(each.value, "input_path", null) @@ -141,26 +147,27 @@ resource "aws_cloudwatch_event_target" "this" { maximum_retry_attempts = retry_policy.value.maximum_retry_attempts } } + + depends_on = [aws_cloudwatch_event_rule.this] } resource "aws_cloudwatch_event_archive" "this" { - for_each = var.create && var.create_archives ? { - for k, v in var.archive_config : k => v - } : {} + for_each = var.create && var.create_archives ? var.archives : {} - name = each.value.name - event_source_arn = lookup(each.value, "event_source_arn", null) == null ? aws_cloudwatch_event_bus.this[0].arn : null - description = lookup(each.value, "description", null) - event_pattern = lookup(each.value, "event_pattern", null) - retention_days = lookup(each.value, "retention_days", null) + name = each.key + event_source_arn = try(each.value["event_source_arn"], aws_cloudwatch_event_bus.this[0].arn) + + description = lookup(each.value, "description", null) + event_pattern = lookup(each.value, "event_pattern", null) + retention_days = lookup(each.value, "retention_days", null) } resource "aws_cloudwatch_event_permission" "this" { - for_each = var.create && var.create_permissions ? { - for permission in var.permission_config : permission.statement_id => permission - } : {} + for_each = var.create && var.create_permissions ? var.permissions : {} - principal = each.value.account_id - statement_id = each.value.statement_id - event_bus_name = lookup(each.value, aws_cloudwatch_event_bus.this[0].name, null) == null ? aws_cloudwatch_event_bus.this[0].name : null + principal = compact(split(" ", each.key))[0] + statement_id = compact(split(" ", each.key))[1] + + action = lookup(each.value, "action", null) + event_bus_name = try(each.value["event_bus_name"], aws_cloudwatch_event_bus.this[0].name, null) } diff --git a/variables.tf b/variables.tf index 42ba02d..a71c99b 100644 --- a/variables.tf +++ b/variables.tf @@ -1,39 +1,3 @@ -variable "bus_name" { - description = "A unique name for your EventBridge Bus" - type = string - default = "" -} - -variable "rules" { - description = "A map of objects with EventBridge Rule definitions." - type = map(any) - default = {} -} - -variable "targets" { - description = "A Map of objects with EventBridge Target definitions." - type = any - default = {} -} - -variable "archive_config" { - description = "A list of objects with the EventBridge Archive definitions." - type = list(any) - default = [] -} - -variable "permission_config" { - description = "A list of objects with EventBridge Permission definitions." - type = list(any) - default = [] -} - -variable "tags" { - description = "A map of tags to assign to resources." - type = map(string) - default = {} -} - variable "create" { description = "Controls whether resources should be created" type = bool @@ -76,6 +40,44 @@ variable "create_archives" { default = false } +####################### + +variable "bus_name" { + description = "A unique name for your EventBridge Bus" + type = string + default = "default" +} + +variable "rules" { + description = "A map of objects with EventBridge Rule definitions." + type = map(any) + default = {} +} + +variable "targets" { + description = "A map of objects with EventBridge Target definitions." + type = any + default = {} +} + +variable "archives" { + description = "A map of objects with the EventBridge Archive definitions." + type = map(any) + default = {} +} + +variable "permissions" { + description = "A map of objects with EventBridge Permission definitions." + type = map(any) + default = {} +} + +variable "tags" { + description = "A map of tags to assign to resources." + type = map(string) + default = {} +} + ###### # IAM ###### diff --git a/versions.tf b/versions.tf index 2c2f74f..065f20c 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = ">= 3.19"