sigmasternchen/terraform-aws-eventbridge
1
0
Fork 0
mirror of https://github.com/sigmasternchen/terraform-aws-eventbridge synced 2025-03-15 07:58:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: Some refactoring and added ability to handle default bus (#5)

Browse source
This commit is contained in:
Sven Lito 2021-04-08 23:25:27 +07:00 committed by GitHub
parent 53b6f46d7a
commit 32f75c1637
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
42 changed files with 420 additions and 924 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/pre-commit.yml vendored
View file

@ -1,4 +1,3 @@
---
name: Pre-Commit
on:
@ -59,6 +58,7 @@ jobs:
run:
pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)
# Max Terraform version
getBaseVersion:
name: Module max TF version
@ -94,7 +94,7 @@ jobs:
- name: Install pre-commit dependencies
run: |
pip install pre-commit
curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/
curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12\..+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/
curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/
- name: Execute pre-commit
# Run all pre-commit checks on max version supported

1
.pre-commit-config.yaml
View file

@ -1,4 +1,3 @@
---
repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.48.0

111
README.md
View file

@ -4,15 +4,16 @@ Terraform module to create EventBridge resources.
The following resources are currently supported:
* [Cloudwatch Event Archive](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_archive)
* [Cloudwatch Event Bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus)
* [Cloudwatch Event Permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_permission)
* [Cloudwatch Event Rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule)
* [Cloudwatch Event Target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target)
* [EventBridge Archive](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_archive)
* [EventBridge Bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus)
* [EventBridge Permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_permission)
* [EventBridge Rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule)
* [EventBridge Target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target)
## Features
- [x] Creates AWS EventBridge Resources
- [x] Creates AWS EventBridge Resources (bus, rules, targets, permissions)
- [x] Attach resources to an existing EventBridge bus
- [x] Support AWS EventBridge Archives and Replays
- [x] Conditional creation for many types of resources
- [x] Support IAM policy attachments and various ways to create and attach additional policies
@ -20,6 +21,50 @@ The following resources are currently supported:
## Usage
### EventBridge Complete
Most common use-case which creates custom bus, rules and targets.
```hcl
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "my-bus"
rules = {
orders = {
description = "Capture all order data"
event_pattern = jsonencode({ "source" : ["myapp.orders"] })
enabled = true
}
}
targets = {
orders = [
{
name = "send-orders-to-sqs"
arn = aws_sqs_queue.queue.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
},
{
name = "send-orders-to-kinesis"
arn = aws_kinesis_stream.this.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
input_transformer = local.kinesis_input_transformer
},
{
name = "log-orders-to-cloudwatch"
arn = aws_cloudwatch_log_group.this.arn
}
]
}
tags = {
Name = "my-bus"
}
}
```
### EventBridge Bus
```hcl
@ -50,10 +95,6 @@ module "eventbridge" {
event_pattern = jsonencode({ "source" : ["my.app.logs"] })
}
}
tags = {
Name = "my-bus"
}
}
```
@ -84,10 +125,6 @@ module "eventbridge" {
}
]
}
tags = {
Name = "my-bus"
}
}
```
@ -101,9 +138,8 @@ module "eventbridge_with_archive" {
create_archives = true
archive_config = [
{
name = "my-bus-launch-archive",
archives = {
"my-bus-launch-archive" = {
description = "EC2 AutoScaling Event archive",
retention_days = 1
event_pattern = <<PATTERN
@ -113,7 +149,7 @@ module "eventbridge_with_archive" {
}
PATTERN
}
]
}
tags = {
Name = "my-bus"
@ -131,12 +167,11 @@ module "eventbridge_with_permissions" {
create_permissions = true
permission_config = [
{
account_id = "YOUR_ACCOUNT_ID",
statement_id = "development_account"
permissions = {
"099720109477 DevAccess" = {}
"099720109466 ProdAccess" = {}
}
]
tags = {
Name = "my-bus"
@ -173,13 +208,13 @@ module "eventbridge" {
create_permissions = false # to control creation of EventBridge Permissions
create_role = false # to control creation of the IAM role and policies required for EventBridge
attach_cloudwatch_policy = false
attach_ecs_policy = false
attach_kinesis_policy = false
attach_kinesis_firehose_policy = false
attach_sqs_policy = false
attach_ecs_policy = false
attach_lambda_policy = false
attach_sfn_policy = false
attach_cloudwatch_policy = false
attach_sqs_policy = false
attach_tracing_policy = false
# ... omitted
@ -188,23 +223,19 @@ module "eventbridge" {
## Examples
* [Complete](/examples/complete)
* [Simple](/examples/simple)
* [Archive](/examples/with-archive)
* [Permissions](/examples/with-permissions)
* [SQS Target](/examples/sqs-target)
* [API-Gateway](/examples/api-gateway-event-source)
* [Input Transformation](/examples/transform-input)
* [Step Function Target](/examples/step-function-target)
* [Complete](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/complete) - Creates EventBridge resources (bus, rules and targets) and connect with SQS queues, Kinesis Stream, Step Function, CloudWatch Logs, and more.
* [HTTP API Gateway](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/api-gateway-event-source) - Creates an integration with HTTP API Gateway as event source.
* [Using Default Bus](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/default-bus) - Creates resources in the `default` bus.
* [Archive](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/with-archive) - EventBridge Archives resources in various configurations.
* [Permissions](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/with-permissions) - Controls permissions to EventBridge.
## Change log
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
## Providers
@ -266,7 +297,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_archive_config"></a> [archive\_config](#input\_archive\_config) | A list of objects with the EventBridge Archive definitions. | `list(any)` | `[]` | no |
| <a name="input_archives"></a> [archives](#input\_archives) | A map of objects with the EventBridge Archive definitions. | `map(any)` | `{}` | no |
| <a name="input_attach_cloudwatch_policy"></a> [attach\_cloudwatch\_policy](#input\_attach\_cloudwatch\_policy) | Controls whether the Cloudwatch policy should be added to IAM role for EventBridge Target | `bool` | `false` | no |
| <a name="input_attach_ecs_policy"></a> [attach\_ecs\_policy](#input\_attach\_ecs\_policy) | Controls whether the ECS policy should be added to IAM role for EventBridge Target | `bool` | `false` | no |
| <a name="input_attach_kinesis_firehose_policy"></a> [attach\_kinesis\_firehose\_policy](#input\_attach\_kinesis\_firehose\_policy) | Controls whether the Kinesis Firehose policy should be added to IAM role for EventBridge Target | `bool` | `false` | no |
@ -280,7 +311,7 @@ No modules.
| <a name="input_attach_sfn_policy"></a> [attach\_sfn\_policy](#input\_attach\_sfn\_policy) | Controls whether the StepFunction policy should be added to IAM role for EventBridge Target | `bool` | `false` | no |
| <a name="input_attach_sqs_policy"></a> [attach\_sqs\_policy](#input\_attach\_sqs\_policy) | Controls whether the SQS policy should be added to IAM role for EventBridge Target | `bool` | `false` | no |
| <a name="input_attach_tracing_policy"></a> [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for EventBridge | `bool` | `false` | no |
| <a name="input_bus_name"></a> [bus\_name](#input\_bus\_name) | A unique name for your EventBridge Bus | `string` | `""` | no |
| <a name="input_bus_name"></a> [bus\_name](#input\_bus\_name) | A unique name for your EventBridge Bus | `string` | `"default"` | no |
| <a name="input_cloudwatch_target_arns"></a> [cloudwatch\_target\_arns](#input\_cloudwatch\_target\_arns) | The Amazon Resource Name (ARN) of the Cloudwatch Log Streams you want to use as EventBridge targets | `list(string)` | `[]` | no |
| <a name="input_create"></a> [create](#input\_create) | Controls whether resources should be created | `bool` | `true` | no |
| <a name="input_create_archives"></a> [create\_archives](#input\_create\_archives) | Controls whether EventBridge Archive resources should be created | `bool` | `false` | no |
@ -295,7 +326,7 @@ No modules.
| <a name="input_lambda_target_arns"></a> [lambda\_target\_arns](#input\_lambda\_target\_arns) | The Amazon Resource Name (ARN) of the Lambda Functions you want to use as EventBridge targets | `list(string)` | `[]` | no |
| <a name="input_number_of_policies"></a> [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role | `number` | `0` | no |
| <a name="input_number_of_policy_jsons"></a> [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role | `number` | `0` | no |
| <a name="input_permission_config"></a> [permission\_config](#input\_permission\_config) | A list of objects with EventBridge Permission definitions. | `list(any)` | `[]` | no |
| <a name="input_permissions"></a> [permissions](#input\_permissions) | A map of objects with EventBridge Permission definitions. | `map(any)` | `{}` | no |
| <a name="input_policies"></a> [policies](#input\_policies) | List of policy statements ARN to attach to IAM role | `list(string)` | `[]` | no |
| <a name="input_policy"></a> [policy](#input\_policy) | An additional policy document ARN to attach to IAM role | `string` | `null` | no |
| <a name="input_policy_json"></a> [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to IAM role | `string` | `null` | no |
@ -311,7 +342,7 @@ No modules.
| <a name="input_sfn_target_arns"></a> [sfn\_target\_arns](#input\_sfn\_target\_arns) | The Amazon Resource Name (ARN) of the StepFunctions you want to use as EventBridge targets | `list(string)` | `[]` | no |
| <a name="input_sqs_target_arns"></a> [sqs\_target\_arns](#input\_sqs\_target\_arns) | The Amazon Resource Name (ARN) of the AWS SQS Queues you want to use as EventBridge targets | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no |
| <a name="input_targets"></a> [targets](#input\_targets) | A Map of objects with EventBridge Target definitions. | `any` | `{}` | no |
| <a name="input_targets"></a> [targets](#input\_targets) | A map of objects with EventBridge Target definitions. | `any` | `{}` | no |
| <a name="input_trusted_entities"></a> [trusted\_entities](#input\_trusted\_entities) | Step Function additional trusted entities for assuming roles (trust relationship) | `list(string)` | `[]` | no |
## Outputs

12
examples/api-gateway-event-source/README.md
View file

@ -19,24 +19,24 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_api_gateway"></a> [api\_gateway](#module\_api\_gateway) | terraform-aws-modules/apigateway-v2/aws | 0.14.0 |
| <a name="module_apigateway_put_events_to_eventbridge_policy"></a> [apigateway\_put\_events\_to\_eventbridge\_policy](#module\_apigateway\_put\_events\_to\_eventbridge\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | 3.13.0 |
| <a name="module_apigateway_put_events_to_eventbridge_role"></a> [apigateway\_put\_events\_to\_eventbridge\_role](#module\_apigateway\_put\_events\_to\_eventbridge\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | 3.13.0 |
| <a name="module_api_gateway"></a> [api\_gateway](#module\_api\_gateway) | terraform-aws-modules/apigateway-v2/aws | ~> 0 |
| <a name="module_apigateway_put_events_to_eventbridge_policy"></a> [apigateway\_put\_events\_to\_eventbridge\_policy](#module\_apigateway\_put\_events\_to\_eventbridge\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | ~> 3 |
| <a name="module_apigateway_put_events_to_eventbridge_role"></a> [apigateway\_put\_events\_to\_eventbridge\_role](#module\_apigateway\_put\_events\_to\_eventbridge\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | ~> 3 |
| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | |
## Resources

22
examples/api-gateway-event-source/main.tf
View file

@ -1,12 +1,3 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
@ -66,7 +57,7 @@ resource "random_pet" "this" {
module "api_gateway" {
source = "terraform-aws-modules/apigateway-v2/aws"
version = "0.14.0"
version = "~> 0"
name = "${random_pet.this.id}-http"
description = "My ${random_pet.this.id} HTTP API Gateway"
@ -95,16 +86,14 @@ module "api_gateway" {
module "apigateway_put_events_to_eventbridge_role" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
version = "3.13.0"
version = "~> 3"
create_role = true
role_name = "apigateway-put-events-to-eventbridge"
role_requires_mfa = false
trusted_role_services = [
"apigateway.amazonaws.com"
]
trusted_role_services = ["apigateway.amazonaws.com"]
custom_role_policy_arns = [
module.apigateway_put_events_to_eventbridge_policy.arn
@ -113,10 +102,9 @@ module "apigateway_put_events_to_eventbridge_role" {
module "apigateway_put_events_to_eventbridge_policy" {
source = "terraform-aws-modules/iam/aws//modules/iam-policy"
version = "3.13.0"
version = "~> 3"
name = "apigateway-put-events-to-eventbridge"
path = "/"
description = "Allow PutEvents to EventBridge"
policy = data.aws_iam_policy_document.apigateway_put_events_to_eventbridge_policy.json
@ -149,10 +137,12 @@ data "aws_iam_policy_document" "queue" {
statement {
sid = "AllowSendMessage"
actions = ["sqs:SendMessage"]
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
resources = [aws_sqs_queue.queue.arn]
}
}

8
examples/api-gateway-event-source/versions.tf Normal file
View file

@ -0,0 +1,8 @@
terraform {
required_version = ">= 0.13.1"
required_providers {
aws = ">= 3.19"
random = ">= 3"
}
}

68
examples/cloudwatch-target/main.tf
View file

@ -1,68 +0,0 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
# Make it faster by skipping something
skip_get_ec2_platforms = true
skip_metadata_api_check = true
skip_region_validation = true
skip_credentials_validation = true
skip_requesting_account_id = true
}
module "eventbridge" {
source = "../../"
bus_name = "${random_pet.this.id}-bus"
attach_cloudwatch_policy = true
cloudwatch_target_arns = [
aws_cloudwatch_log_group.this.arn
]
rules = {
orders = {
description = "Capture all created orders",
event_pattern = jsonencode({ "source" : ["orders.create"] })
}
}
targets = {
orders = [
{
name = "log-orders-to-cloudwatch"
arn = aws_cloudwatch_log_group.this.arn
}
]
}
tags = {
Name = "${random_pet.this.id}-bus"
}
}
##################
# Extra resources
##################
resource "random_pet" "this" {
length = 2
}
resource "aws_cloudwatch_log_group" "this" {
name = "/aws/events/${random_pet.this.id}"
tags = {
Name = "${random_pet.this.id}-log-group"
}
}

8
examples/complete/README.md
View file

@ -19,22 +19,23 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | |
| <a name="module_step_function"></a> [step\_function](#module\_step\_function) | terraform-aws-modules/step-functions/aws | ~> 1.0 |
## Resources
@ -43,6 +44,7 @@ Note that this example may create resources which cost money. Run `terraform des
| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource |
| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [aws_sqs_queue.fifo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [aws_sqs_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |

147
examples/complete/main.tf
View file

@ -1,12 +1,3 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
@ -18,67 +9,40 @@ provider "aws" {
skip_requesting_account_id = true
}
resource "random_pet" "this" {
length = 2
}
module "eventbridge" {
source = "../../"
bus_name = "${random_pet.this.id}-bus"
create_bus = true
create_rules = true
create_targets = true
create_archives = true
create_permissions = true
attach_tracing_policy = true
attach_kinesis_policy = true
attach_kinesis_firehose_policy = true
attach_sqs_policy = true
attach_ecs_policy = true
attach_lambda_policy = true
attach_sfn_policy = true
attach_cloudwatch_policy = true
sqs_target_arns = [aws_sqs_queue.queue.arn]
ecs_target_arns = []
kinesis_target_arns = [aws_kinesis_stream.this.arn]
kinesis_firehose_target_arns = []
lambda_target_arns = []
sfn_target_arns = []
attach_sfn_policy = true
sfn_target_arns = [module.step_function.this_state_machine_arn]
attach_sqs_policy = true
sqs_target_arns = [
aws_sqs_queue.queue.arn,
aws_sqs_queue.fifo.arn,
aws_sqs_queue.dlq.arn
]
attach_cloudwatch_policy = true
cloudwatch_target_arns = [aws_cloudwatch_log_group.this.arn]
permission_config = [
{
account_id = "099720109477",
statement_id = "canonical"
},
{
account_id = "099720109466",
statement_id = "canonical_two"
}
]
archive_config = [
{
description = "some archive"
retention_days = 1
event_pattern = <<PATTERN
{
"source": ["myapp.orders"]
}
PATTERN
}
]
rules = {
orders = {
description = "Capture all order data"
event_pattern = jsonencode({ "source" : ["myapp.orders"] })
enabled = false
}
emails = {
description = "Capture all emails data"
event_pattern = jsonencode({ "source" : ["myapp.emails"] })
enabled = true
}
}
targets = {
@ -86,20 +50,50 @@ module "eventbridge" {
{
name = "send-orders-to-sqs"
arn = aws_sqs_queue.queue.arn
input_transformer = local.order_input_transformer
},
{
name = "send-orders-to-sqs-wth-dead-letter"
arn = aws_sqs_queue.queue.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
},
{
name = "send-orders-to-kinesis"
arn = aws_kinesis_stream.this.arn
name = "send-orders-to-sqs-with-retry-policy"
arn = aws_sqs_queue.queue.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
input_transformer = local.kinesis_input_transformer
retry_policy = {
maximum_retry_attempts = 10
maximum_event_age_in_seconds = 300
}
},
{
name = "send-orders-to-fifo-sqs"
arn = aws_sqs_queue.fifo.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
message_group_id = "send-orders-to-fifo-sqs"
},
{
name = "log-orders-to-cloudwatch"
arn = aws_cloudwatch_log_group.this.arn
}
]
emails = [
{
name = "process-email-with-sfn"
arn = module.step_function.this_state_machine_arn
attach_role_arn = true
},
{
name = "send-orders-to-kinesis"
arn = aws_kinesis_stream.this.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
input_transformer = local.order_input_transformer
attach_role_arn = true
}
]
}
######################
# Additional policies
######################
@ -165,7 +159,7 @@ EOF
}
locals {
kinesis_input_transformer = {
order_input_transformer = {
input_paths = {
order_id = "$.detail.order_id"
}
@ -181,6 +175,10 @@ locals {
# Extra resources
##################
resource "random_pet" "this" {
length = 2
}
resource "aws_kinesis_stream" "this" {
name = random_pet.this.id
shard_count = 1
@ -190,6 +188,12 @@ resource "aws_sqs_queue" "queue" {
name = "${random_pet.this.id}-queue"
}
resource "aws_sqs_queue" "fifo" {
name = "${random_pet.this.id}.fifo"
fifo_queue = true
content_based_deduplication = true
}
resource "aws_sqs_queue" "dlq" {
name = "${random_pet.this.id}-dlq"
}
@ -203,11 +207,16 @@ data "aws_iam_policy_document" "queue" {
statement {
sid = "events-policy"
actions = ["sqs:SendMessage"]
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
resources = [aws_sqs_queue.queue.arn]
resources = [
aws_sqs_queue.queue.arn,
aws_sqs_queue.fifo.arn
]
}
}
@ -219,3 +228,23 @@ resource "aws_cloudwatch_log_group" "this" {
}
}
################
# Step Function
################
module "step_function" {
source = "terraform-aws-modules/step-functions/aws"
version = "~> 1.0"
name = random_pet.this.id
definition = jsonencode(yamldecode(templatefile("sfn.asl.yaml", {})))
trusted_entities = ["events.amazonaws.com"]
service_integrations = {
stepfunction = {
stepfunction = ["*"]
}
}
}

1
examples/step-function-target/sfn.asl.yaml → examples/complete/sfn.asl.yaml
View file

@ -1,4 +1,3 @@
---
Comment: Default Step Function
StartAt: Hello
States:

8
examples/complete/versions.tf Normal file
View file

@ -0,0 +1,8 @@
terraform {
required_version = ">= 0.13.1"
required_providers {
aws = ">= 3.19"
random = ">= 3"
}
}

13
examples/cloudwatch-target/README.md → examples/default-bus/README.md
View file

@ -1,6 +1,6 @@
# EventBridge Cloudwatch Example
# EventBridge Default Bus Example
Configuration in this directory creates EventBridge resource configuration.
Configuration in this directory creates EventBridge resource configuration using `default` EventBridge bus.
## Usage
@ -19,16 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3 |
## Modules
@ -40,7 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_sqs_queue.products](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
## Inputs
@ -53,3 +53,4 @@ No inputs.
|------|-------------|
| <a name="output_eventbridge_bus_arn"></a> [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

45
examples/default-bus/main.tf Normal file
View file

@ -0,0 +1,45 @@
provider "aws" {
region = "ap-southeast-1"
# Make it faster by skipping something
skip_get_ec2_platforms = true
skip_metadata_api_check = true
skip_region_validation = true
skip_credentials_validation = true
skip_requesting_account_id = true
}
module "eventbridge" {
source = "../../"
create_bus = false
rules = {
product_create = {
description = "product create rule",
event_pattern = jsonencode({ "source" : ["product.create"] })
}
}
targets = {
product_create = [
{
arn = aws_sqs_queue.products.arn
name = "send-product-to-sqs"
}
]
}
}
##################
# Extra resources
##################
resource "random_pet" "this" {
length = 2
}
resource "aws_sqs_queue" "products" {
name = random_pet.this.id
}

0
examples/cloudwatch-target/outputs.tf → examples/default-bus/outputs.tf
View file

0
examples/cloudwatch-target/variables.tf → examples/default-bus/variables.tf
View file

8
examples/default-bus/versions.tf Normal file
View file

@ -0,0 +1,8 @@
terraform {
required_version = ">= 0.13.1"
required_providers {
aws = ">= 3.19"
random = ">= 3"
}
}

53
examples/simple/README.md
View file

@ -1,53 +0,0 @@
# EventBridge Simple Example
Configuration in this directory creates EventBridge resource configuration.
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | |
## Resources
| Name | Type |
|------|------|
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
## Inputs
No inputs.
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_eventbridge_bus_arn"></a> [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

34
examples/simple/main.tf
View file

@ -1,34 +0,0 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
# Make it faster by skipping something
skip_get_ec2_platforms = true
skip_metadata_api_check = true
skip_region_validation = true
skip_credentials_validation = true
skip_requesting_account_id = true
}
resource "random_pet" "this" {
length = 2
}
module "eventbridge" {
source = "../../"
bus_name = "${random_pet.this.id}-bus"
tags = {
Name = "${random_pet.this.id}-bus"
}
}

5
examples/simple/outputs.tf
View file

@ -1,5 +0,0 @@
output "eventbridge_bus_arn" {
description = "The EventBridge Bus ARN"
value = module.eventbridge.this_eventbridge_bus_arn
}

0
examples/simple/variables.tf
View file

62
examples/sqs-target/README.md
View file

@ -1,62 +0,0 @@
# EventBridge SQS Example
Configuration in this directory creates EventBridge resource configuration.
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | |
## Resources
| Name | Type |
|------|------|
| [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [aws_sqs_queue.fifo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [aws_sqs_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [aws_iam_policy_document.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
No inputs.
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_eventbridge_bus_arn"></a> [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN |
| <a name="output_eventbridge_rule_arns"></a> [eventbridge\_rule\_arns](#output\_eventbridge\_rule\_arns) | The EventBridge Rule ARNs |
| <a name="output_eventbridge_rule_ids"></a> [eventbridge\_rule\_ids](#output\_eventbridge\_rule\_ids) | The EventBridge Rule IDs |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

115
examples/sqs-target/main.tf
View file

@ -1,115 +0,0 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
# Make it faster by skipping something
skip_get_ec2_platforms = true
skip_metadata_api_check = true
skip_region_validation = true
skip_credentials_validation = true
skip_requesting_account_id = true
}
module "eventbridge" {
source = "../../"
bus_name = "${random_pet.this.id}-bus"
attach_sqs_policy = true
sqs_target_arns = [
aws_sqs_queue.queue.arn,
aws_sqs_queue.fifo.arn,
aws_sqs_queue.dlq.arn
]
rules = {
orders = {
description = "Capture all created orders",
event_pattern = jsonencode({ "source" : ["orders.create"] })
}
}
targets = {
orders = [
{
name = "send-orders-to-sqs"
arn = aws_sqs_queue.queue.arn
},
{
name = "send-orders-to-sqs-wth-dead-letter"
arn = aws_sqs_queue.queue.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
},
{
name = "send-orders-to-sqs-with-retry-policy"
arn = aws_sqs_queue.queue.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
retry_policy = {
maximum_retry_attempts = 10
maximum_event_age_in_seconds = 300
}
},
{
name = "send-orders-to-fifo-sqs"
arn = aws_sqs_queue.fifo.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
message_group_id = "send-orders-to-fifo-sqs"
}
]
}
tags = {
Name = "${random_pet.this.id}-bus"
}
}
##################
# Extra resources
##################
resource "random_pet" "this" {
length = 2
}
resource "aws_sqs_queue" "queue" {
name = random_pet.this.id
}
resource "aws_sqs_queue" "fifo" {
name = "${random_pet.this.id}.fifo"
fifo_queue = true
content_based_deduplication = true
}
resource "aws_sqs_queue" "dlq" {
name = "${random_pet.this.id}-dlq"
}
resource "aws_sqs_queue_policy" "queue" {
queue_url = aws_sqs_queue.queue.id
policy = data.aws_iam_policy_document.queue.json
}
data "aws_iam_policy_document" "queue" {
statement {
sid = "events-policy"
actions = ["sqs:SendMessage"]
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
resources = [
aws_sqs_queue.queue.arn,
aws_sqs_queue.fifo.arn
]
}
}

14
examples/sqs-target/outputs.tf
View file

@ -1,14 +0,0 @@
output "eventbridge_bus_arn" {
description = "The EventBridge Bus ARN"
value = module.eventbridge.this_eventbridge_bus_arn
}
output "eventbridge_rule_ids" {
description = "The EventBridge Rule IDs"
value = module.eventbridge.this_eventbridge_rule_ids
}
output "eventbridge_rule_arns" {
description = "The EventBridge Rule ARNs"
value = module.eventbridge.this_eventbridge_rule_arns
}

0
examples/sqs-target/variables.tf
View file

55
examples/step-function-target/README.md
View file

@ -1,55 +0,0 @@
# EventBridge StepFunction Example
Configuration in this directory creates EventBridge resource configuration.
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | |
| <a name="module_step_function"></a> [step\_function](#module\_step\_function) | terraform-aws-modules/step-functions/aws | 1.2.0 |
## Resources
| Name | Type |
|------|------|
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
## Inputs
No inputs.
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_eventbridge_bus_arn"></a> [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

79
examples/step-function-target/main.tf
View file

@ -1,79 +0,0 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
# Make it faster by skipping something
skip_get_ec2_platforms = true
skip_metadata_api_check = true
skip_region_validation = true
skip_credentials_validation = true
skip_requesting_account_id = true
}
module "eventbridge" {
source = "../../"
bus_name = "${random_pet.this.id}-bus"
attach_sfn_policy = true
sfn_target_arns = [module.step_function.this_state_machine_arn]
rules = {
orders = {
description = "Capture order data"
event_pattern = jsonencode({ "source" : ["orders.create"] })
}
}
targets = {
orders = [
{
name = "process-order-with-sfn"
arn = module.step_function.this_state_machine_arn
attach_role_arn = true
}
]
}
tags = {
Name = "${random_pet.this.id}-bus"
}
}
##################
# Extra resources
##################
resource "random_pet" "this" {
length = 2
}
module "step_function" {
source = "terraform-aws-modules/step-functions/aws"
version = "1.2.0"
name = random_pet.this.id
definition = jsonencode(yamldecode(templatefile("sfn.asl.yaml", {})))
trusted_entities = ["events.amazonaws.com"]
service_integrations = {
stepfunction = {
stepfunction = ["*"]
}
}
tags = {
Name = "${random_pet.this.id}-step-function"
}
}

5
examples/step-function-target/outputs.tf
View file

@ -1,5 +0,0 @@
output "eventbridge_bus_arn" {
description = "The EventBridge Bus ARN"
value = module.eventbridge.this_eventbridge_bus_arn
}

0
examples/step-function-target/variables.tf
View file

57
examples/transform-input/README.md
View file

@ -1,57 +0,0 @@
# EventBridge Input Transform Example
Configuration in this directory creates EventBridge resource configuration.
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_eventbridge"></a> [eventbridge](#module\_eventbridge) | ../../ | |
## Resources
| Name | Type |
|------|------|
| [aws_sqs_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [aws_iam_policy_document.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
No inputs.
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_eventbridge_bus_arn"></a> [eventbridge\_bus\_arn](#output\_eventbridge\_bus\_arn) | The EventBridge Bus ARN |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

84
examples/transform-input/main.tf
View file

@ -1,84 +0,0 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
# Make it faster by skipping something
skip_get_ec2_platforms = true
skip_metadata_api_check = true
skip_region_validation = true
skip_credentials_validation = true
skip_requesting_account_id = true
}
module "eventbridge" {
source = "../../"
bus_name = "${random_pet.this.id}-bus"
rules = {
orders = {
description = "Capture all order data"
event_pattern = jsonencode({ "source" : ["orders.create"] })
}
}
targets = {
orders = [
{
name = "send-orders-to-sqs"
arn = aws_sqs_queue.queue.arn
input_transformer = {
input_paths = {
order_id = "$.detail.order_id"
}
input_template = <<EOF
{
"id": <order_id>
}
EOF
}
}
]
}
tags = {
Name = "${random_pet.this.id}-bus"
}
}
##################
# Extra resources
##################
resource "random_pet" "this" {
length = 2
}
resource "aws_sqs_queue" "queue" {
name = "${random_pet.this.id}-queue"
}
resource "aws_sqs_queue_policy" "queue" {
queue_url = aws_sqs_queue.queue.id
policy = data.aws_iam_policy_document.queue.json
}
data "aws_iam_policy_document" "queue" {
statement {
sid = "events-policy"
actions = ["sqs:SendMessage"]
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
resources = [aws_sqs_queue.queue.arn]
}
}

5
examples/transform-input/outputs.tf
View file

@ -1,5 +0,0 @@
output "eventbridge_bus_arn" {
description = "The EventBridge Bus ARN"
value = module.eventbridge.this_eventbridge_bus_arn
}

0
examples/transform-input/variables.tf
View file

10
examples/with-archive/README.md
View file

@ -1,6 +1,6 @@
# EventBridge Archive Example
Configuration in this directory creates EventBridge resource configuration.
Configuration in this directory creates EventBridge Archives resources in various configurations.
## Usage
@ -19,16 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3 |
## Modules
@ -41,7 +41,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Type |
|------|------|
| [aws_cloudwatch_event_bus.pre_existing_bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource |
| [aws_cloudwatch_event_bus.existing_bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
## Inputs

102
examples/with-archive/main.tf
View file

@ -1,12 +1,3 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
@ -18,83 +9,76 @@ provider "aws" {
skip_requesting_account_id = true
}
resource "random_pet" "this" {
length = 2
}
module "eventbridge" {
source = "../../"
create_bus = true
create_archives = true
archive_config = [
{
name = "${random_pet.this.id}-launch-archive",
description = "${random_pet.this.id}-launch-archive",
retention_days = 1
event_pattern = <<PATTERN
{
"source": ["aws.autoscaling"],
"detail-type": ["EC2 Instance Launch Successful"]
}
PATTERN
},
{
name = "${random_pet.this.id}-termination-archive",
description = "${random_pet.this.id}-termination-archive",
retention_days = 1
event_pattern = <<PATTERN
{
"source": ["aws.ec2"],
"detail-type": ["EC2 Instance State-change Notification"],
"detail": {
"state": ["terminated"]
}
}
PATTERN
}
]
bus_name = "${random_pet.this.id}-bus"
tags = {
Name = "${random_pet.this.id}-bus"
archives = {
"launch-archive" = {
description = "${random_pet.this.id}-launch-archive",
retention_days = 1
event_pattern = jsonencode(
{
"source" : ["aws.autoscaling"],
"detail-type" : ["EC2 Instance Launch Successful"]
}
)
}
"termination-archive" = {
name = "${random_pet.this.id}-termination-archive",
description = "${random_pet.this.id}-termination-archive",
retention_days = 1
event_pattern = jsonencode(
{
"source" : ["aws.ec2"],
"detail-type" : ["EC2 Instance State-change Notification"],
"detail" : {
"state" : ["terminated"]
}
}
)
}
}
}
module "eventbridge_archive_only" {
source = "../../"
create_bus = false
create_rules = false
create_targets = false
create_archives = true
archive_config = [
{
event_source_arn = aws_cloudwatch_event_bus.pre_existing_bus.arn
name = "${random_pet.this.id}-launch-archive",
archives = {
"launch-archive-existing-bus" = {
event_source_arn = aws_cloudwatch_event_bus.existing_bus.arn
description = "${random_pet.this.id}-launch-archive",
retention_days = 1
event_pattern = <<PATTERN
event_pattern = jsonencode(
{
"source": ["aws.autoscaling"],
"detail-type": ["EC2 Instance Launch Successful"]
"source" : ["aws.autoscaling"],
"detail-type" : ["EC2 Instance Launch Successful"]
}
)
}
PATTERN
}
]
tags = {
Name = "${random_pet.this.id}-bus"
}
depends_on = [aws_cloudwatch_event_bus.existing_bus]
}
##################
# Extra resources
##################
resource "aws_cloudwatch_event_bus" "pre_existing_bus" {
name = "${random_pet.this.id}-bus"
resource "random_pet" "this" {
length = 2
}
resource "aws_cloudwatch_event_bus" "existing_bus" {
name = "${random_pet.this.id}-existing-bus"
}

8
examples/with-archive/versions.tf Normal file
View file

@ -0,0 +1,8 @@
terraform {
required_version = ">= 0.13.1"
required_providers {
aws = ">= 3.19"
random = ">= 3"
}
}

10
examples/with-permissions/README.md
View file

@ -1,6 +1,6 @@
# EventBridge Permission Example
Configuration in this directory creates EventBridge resource configuration.
Configuration in this directory creates resources to control access to EventBridge.
## Usage
@ -19,15 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_random"></a> [random](#provider\_random) | >= 0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3 |
## Modules
@ -39,6 +40,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Type |
|------|------|
| [aws_cloudwatch_event_bus.external](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
## Inputs

36
examples/with-permissions/main.tf
View file

@ -1,12 +1,3 @@
terraform {
required_version = ">= 0.14.0"
required_providers {
aws = ">= 3.19"
random = ">= 0"
}
}
provider "aws" {
region = "ap-southeast-1"
@ -21,20 +12,21 @@ provider "aws" {
module "eventbridge" {
source = "../../"
bus_name = "${random_pet.this.id}-bus"
create_permissions = true
permission_config = [
{
account_id = "099720109477",
statement_id = "canonical"
},
{
account_id = "099720109466",
statement_id = "canonical_two"
}
]
permissions = {
"099720109477 DevAccess" = {}
bus_name = "${random_pet.this.id}-bus"
"099720109466 ProdAccess" = {
action = "events:PutEvents"
}
"* PublicAccessToExternalBus" = {
event_bus_name = aws_cloudwatch_event_bus.external.name
}
}
tags = {
Name = "${random_pet.this.id}-bus"
@ -48,3 +40,7 @@ module "eventbridge" {
resource "random_pet" "this" {
length = 2
}
resource "aws_cloudwatch_event_bus" "external" {
name = "${random_pet.this.id}-external"
}

8
examples/with-permissions/versions.tf Normal file
View file

@ -0,0 +1,8 @@
terraform {
required_version = ">= 0.13.1"
required_providers {
aws = ">= 3.19"
random = ">= 3"
}
}

5
iam.tf
View file

@ -1,5 +1,10 @@
locals {
create_role = var.create && var.create_bus && var.create_role
# Defaulting to "*" (an invalid character for an IAM Role name) will cause an error when
# attempting to plan if the role_name and bus_name are not set. This is a workaround
# that will allow one to import resources without receiving an error from coalesce.
# @see https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/83
role_name = local.create_role ? coalesce(var.role_name, var.bus_name, "*") : null
}

49
main.tf
View file

@ -1,12 +1,18 @@
locals {
eventbridge_rules = flatten([
for index, rule in var.rules :
merge(rule, { "name" = index })
merge(rule, {
"name" = index
"Name" = "${replace(index, "_", "-")}-rule"
})
])
eventbridge_targets = flatten([
for index, rule in var.rules : [
for target in var.targets[index] :
merge(target, { "rule" = index })
merge(target, {
"rule" = index
"Name" = "${replace(index, "_", "-")}-rule"
})
] if length(var.targets) != 0
])
}
@ -23,19 +29,19 @@ resource "aws_cloudwatch_event_rule" "this" {
for rule in local.eventbridge_rules : rule.name => rule
} : {}
name = "${replace(each.value.name, "_", "-")}-rule"
name = each.value.Name
name_prefix = lookup(each.value, "name_prefix", null)
event_bus_name = aws_cloudwatch_event_bus.this[0].name
event_bus_name = var.create_bus ? aws_cloudwatch_event_bus.this[0].name : "default"
description = lookup(each.value, "description", null)
name_prefix = lookup(each.value, "name_prefix", null)
is_enabled = lookup(each.value, "enabled", true)
event_pattern = lookup(each.value, "event_pattern", null)
schedule_expression = lookup(each.value, "schedule_expression", null)
role_arn = aws_iam_role.eventbridge[0].arn
role_arn = lookup(each.value, "role_arn", false) ? aws_iam_role.eventbridge[0].arn : null
tags = merge(var.tags, {
Name = "${replace(each.value.name, "_", "-")}-rule"
Name = each.value.Name
})
}
@ -44,12 +50,12 @@ resource "aws_cloudwatch_event_target" "this" {
for target in local.eventbridge_targets : target.name => target
} : tomap({})
event_bus_name = aws_cloudwatch_event_bus.this[0].name
event_bus_name = var.create_bus ? aws_cloudwatch_event_bus.this[0].name : "default"
rule = "${replace(each.value.rule, "_", "-")}-rule"
rule = each.value.Name
arn = each.value.arn
role_arn = lookup(each.value, "attach_role_arn", null) != null ? aws_iam_role.eventbridge[0].arn : null
role_arn = lookup(each.value, "attach_role_arn", null) != null ? try(aws_iam_role.eventbridge[0].arn, "") : null
target_id = lookup(each.value, "target_id", null)
input = lookup(each.value, "input", null)
input_path = lookup(each.value, "input_path", null)
@ -141,26 +147,27 @@ resource "aws_cloudwatch_event_target" "this" {
maximum_retry_attempts = retry_policy.value.maximum_retry_attempts
}
}
depends_on = [aws_cloudwatch_event_rule.this]
}
resource "aws_cloudwatch_event_archive" "this" {
for_each = var.create && var.create_archives ? {
for k, v in var.archive_config : k => v
} : {}
for_each = var.create && var.create_archives ? var.archives : {}
name = each.key
event_source_arn = try(each.value["event_source_arn"], aws_cloudwatch_event_bus.this[0].arn)
name = each.value.name
event_source_arn = lookup(each.value, "event_source_arn", null) == null ? aws_cloudwatch_event_bus.this[0].arn : null
description = lookup(each.value, "description", null)
event_pattern = lookup(each.value, "event_pattern", null)
retention_days = lookup(each.value, "retention_days", null)
}
resource "aws_cloudwatch_event_permission" "this" {
for_each = var.create && var.create_permissions ? {
for permission in var.permission_config : permission.statement_id => permission
} : {}
for_each = var.create && var.create_permissions ? var.permissions : {}
principal = each.value.account_id
statement_id = each.value.statement_id
event_bus_name = lookup(each.value, aws_cloudwatch_event_bus.this[0].name, null) == null ? aws_cloudwatch_event_bus.this[0].name : null
principal = compact(split(" ", each.key))[0]
statement_id = compact(split(" ", each.key))[1]
action = lookup(each.value, "action", null)
event_bus_name = try(each.value["event_bus_name"], aws_cloudwatch_event_bus.this[0].name, null)
}

74
variables.tf
View file

@ -1,39 +1,3 @@
variable "bus_name" {
description = "A unique name for your EventBridge Bus"
type = string
default = ""
}
variable "rules" {
description = "A map of objects with EventBridge Rule definitions."
type = map(any)
default = {}
}
variable "targets" {
description = "A Map of objects with EventBridge Target definitions."
type = any
default = {}
}
variable "archive_config" {
description = "A list of objects with the EventBridge Archive definitions."
type = list(any)
default = []
}
variable "permission_config" {
description = "A list of objects with EventBridge Permission definitions."
type = list(any)
default = []
}
variable "tags" {
description = "A map of tags to assign to resources."
type = map(string)
default = {}
}
variable "create" {
description = "Controls whether resources should be created"
type = bool
@ -76,6 +40,44 @@ variable "create_archives" {
default = false
}
#######################
variable "bus_name" {
description = "A unique name for your EventBridge Bus"
type = string
default = "default"
}
variable "rules" {
description = "A map of objects with EventBridge Rule definitions."
type = map(any)
default = {}
}
variable "targets" {
description = "A map of objects with EventBridge Target definitions."
type = any
default = {}
}
variable "archives" {
description = "A map of objects with the EventBridge Archive definitions."
type = map(any)
default = {}
}
variable "permissions" {
description = "A map of objects with EventBridge Permission definitions."
type = map(any)
default = {}
}
variable "tags" {
description = "A map of tags to assign to resources."
type = map(string)
default = {}
}
######
# IAM
######

2
versions.tf
View file

@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.12.26"
required_version = ">= 0.13.1"
required_providers {
aws = ">= 3.19"