Skip to content

JoelClemence/terraform-aws-eventbridge

This branch is 2 commits ahead of, 105 commits behind terraform-aws-modules/terraform-aws-eventbridge:master.

Folders and files

NameName
Last commit message
Last commit date
Mar 27, 2021
May 28, 2021
May 28, 2021
Mar 22, 2021
Mar 22, 2021
Apr 8, 2021
Sep 21, 2021
Mar 22, 2021
Mar 22, 2021
Jun 28, 2021
Aug 13, 2021
Sep 21, 2021
Aug 13, 2021
Jun 28, 2021
Jun 7, 2021

Repository files navigation

AWS EventBridge Terraform module

Terraform module to create EventBridge resources.

The following resources are currently supported:

Supported Features

  • Creates AWS EventBridge Resources (bus, rules, targets, permissions)
  • Attach resources to an existing EventBridge bus
  • Support AWS EventBridge Archives and Replays
  • Conditional creation for many types of resources
  • Support IAM policy attachments and various ways to create and attach additional policies

Feature Roadmap

  • Support monitoring usage with Cloudwatch Metrics

Usage

EventBridge Complete

Most common use-case which creates custom bus, rules and targets.

module "eventbridge" {
  source = "terraform-aws-modules/eventbridge/aws"

  bus_name = "my-bus"

  rules = {
    orders = {
      description   = "Capture all order data"
      event_pattern = jsonencode({ "source" : ["myapp.orders"] })
      enabled       = true
    }
  }

  targets = {
    orders = [
      {
        name            = "send-orders-to-sqs"
        arn             = aws_sqs_queue.queue.arn
        dead_letter_arn = aws_sqs_queue.dlq.arn
      },
      {
        name              = "send-orders-to-kinesis"
        arn               = aws_kinesis_stream.this.arn
        dead_letter_arn   = aws_sqs_queue.dlq.arn
        input_transformer = local.kinesis_input_transformer
      },
      {
        name = "log-orders-to-cloudwatch"
        arn  = aws_cloudwatch_log_group.this.arn
      }
    ]
  }
  
  tags = {
    Name = "my-bus"
  }
}

EventBridge Bus

module "eventbridge" {
  source = "terraform-aws-modules/eventbridge/aws"

  bus_name = "my-bus"

  tags = {
    Name = "my-bus"
  }
}

EventBridge Rule

module "eventbridge" {
  source = "terraform-aws-modules/eventbridge/aws"

  bus_name = "my-bus"

  create_targets = false
  
  rules = {
    logs = {
      description   = "Capture log data"
      event_pattern = jsonencode({ "source" : ["my.app.logs"] })
    }
  }
}

EventBridge Target

module "eventbridge" {
  source = "terraform-aws-modules/eventbridge/aws"

  bus_name = "my-bus"
  
  rules = {
    logs = {
      description   = "Capture log data"
      event_pattern = jsonencode({ "source" : ["my.app.logs"] })
    }
  }
  
  targets = {
    logs = [
      {
        name = "send-logs-to-sqs"
        arn  = aws_sqs_queue.queue.arn
      },
      {
        name = "send-logs-to-cloudwatch"
        arn  = aws_cloudwatch_log_stream.logs.arn
      }
    ]
  }
}

EventBridge Archive

module "eventbridge_with_archive" {
  source = "terraform-aws-modules/eventbridge/aws"

  bus_name = "my-bus"
  
  create_archives = true

  archives = {
    "my-bus-launch-archive" = {
      description    = "EC2 AutoScaling Event archive",
      retention_days = 1
      event_pattern  = <<PATTERN
      {
        "source": ["aws.autoscaling"],
        "detail-type": ["EC2 Instance Launch Successful"]
      }
      PATTERN
    }
  }

  tags = {
    Name = "my-bus"
  }
}

EventBridge Permission

module "eventbridge_with_permissions" {
  source = "terraform-aws-modules/eventbridge/aws"

  bus_name = "my-bus"

  create_permissions = true

  permissions = {
    "099720109477 DevAccess" = {}
    "099720109466 ProdAccess" = {}
  }


  tags = {
    Name = "my-bus"
  }
}

Additional IAM policies for Step Function

In addition to all supported AWS service integrations you may want to create and attach additional policies.

There are 5 supported ways to attach additional IAM policies to IAM role used by Step Function:

  1. policy_json - JSON string or heredoc, when attach_policy_json = true.
  2. policy_jsons - List of JSON strings or heredoc, when attach_policy_jsons = true and number_of_policy_jsons > 0.
  3. policy - ARN of existing IAM policy, when attach_policy = true.
  4. policies - List of ARNs of existing IAM policies, when attach_policies = true and number_of_policies > 0.
  5. policy_statements - Map of maps to define IAM statements which will be generated as IAM policy. Requires attach_policy_statements = true. See examples/complete for more information.

Conditional creation

Sometimes you need to have a way to create resources conditionally but Terraform does not allow usage of count inside module block, so the solution is to specify create arguments.

module "eventbridge" {
  source = "terraform-aws-modules/eventbridge/aws"

  create = false # to disable all resources

  create_bus         = false  # to control creation of the EventBridge Bus and related resources
  create_rule        = false  # to control creation of EventBridge Rules and related resources
  create_targets     = false  # to control creation of EventBridge Targets and related resources
  create_archives    = false  # to control creation of EventBridge Archives
  create_permissions = false  # to control creation of EventBridge Permissions
  create_role        = false  # to control creation of the IAM role and policies required for EventBridge

  attach_cloudwatch_policy       = false
  attach_ecs_policy              = false
  attach_kinesis_policy          = false
  attach_kinesis_firehose_policy = false
  attach_lambda_policy           = false
  attach_sfn_policy              = false
  attach_sqs_policy              = false
  attach_tracing_policy          = false

  # ... omitted
}

Examples

  • Complete - Creates EventBridge resources (bus, rules and targets) and connect with SQS queues, Kinesis Stream, Step Function, CloudWatch Logs, and more.
  • HTTP API Gateway - Creates an integration with HTTP API Gateway as event source.
  • Using Default Bus - Creates resources in the default bus.
  • Archive - EventBridge Archives resources in various configurations.
  • Permissions - Controls permissions to EventBridge.

Requirements

Name Version
terraform >= 0.13.1
aws >= 3.40

Providers

Name Version
aws >= 3.40

Modules

No modules.

Resources

Name Type
aws_cloudwatch_event_archive.this resource
aws_cloudwatch_event_bus.this resource
aws_cloudwatch_event_permission.this resource
aws_cloudwatch_event_rule.this resource
aws_cloudwatch_event_target.this resource
aws_iam_policy.additional_inline resource
aws_iam_policy.additional_json resource
aws_iam_policy.additional_jsons resource
aws_iam_policy.cloudwatch resource
aws_iam_policy.ecs resource
aws_iam_policy.kinesis resource
aws_iam_policy.kinesis_firehose resource
aws_iam_policy.lambda resource
aws_iam_policy.sfn resource
aws_iam_policy.sqs resource
aws_iam_policy.tracing resource
aws_iam_policy_attachment.additional_inline resource
aws_iam_policy_attachment.additional_json resource
aws_iam_policy_attachment.additional_jsons resource
aws_iam_policy_attachment.cloudwatch resource
aws_iam_policy_attachment.ecs resource
aws_iam_policy_attachment.kinesis resource
aws_iam_policy_attachment.kinesis_firehose resource
aws_iam_policy_attachment.lambda resource
aws_iam_policy_attachment.sfn resource
aws_iam_policy_attachment.sqs resource
aws_iam_policy_attachment.tracing resource
aws_iam_role.eventbridge resource
aws_iam_role_policy_attachment.additional_many resource
aws_iam_role_policy_attachment.additional_one resource
aws_iam_policy.tracing data source
aws_iam_policy_document.additional_inline data source
aws_iam_policy_document.assume_role data source
aws_iam_policy_document.cloudwatch data source
aws_iam_policy_document.ecs data source
aws_iam_policy_document.kinesis data source
aws_iam_policy_document.kinesis_firehose data source
aws_iam_policy_document.lambda data source
aws_iam_policy_document.sfn data source
aws_iam_policy_document.sqs data source

Inputs

Name Description Type Default Required
archives A map of objects with the EventBridge Archive definitions. map(any) {} no
attach_cloudwatch_policy Controls whether the Cloudwatch policy should be added to IAM role for EventBridge Target bool false no
attach_ecs_policy Controls whether the ECS policy should be added to IAM role for EventBridge Target bool false no
attach_kinesis_firehose_policy Controls whether the Kinesis Firehose policy should be added to IAM role for EventBridge Target bool false no
attach_kinesis_policy Controls whether the Kinesis policy should be added to IAM role for EventBridge Target bool false no
attach_lambda_policy Controls whether the Lambda Function policy should be added to IAM role for EventBridge Target bool false no
attach_policies Controls whether list of policies should be added to IAM role bool false no
attach_policy Controls whether policy should be added to IAM role bool false no
attach_policy_json Controls whether policy_json should be added to IAM role bool false no
attach_policy_jsons Controls whether policy_jsons should be added to IAM role bool false no
attach_policy_statements Controls whether policy_statements should be added to IAM role bool false no
attach_sfn_policy Controls whether the StepFunction policy should be added to IAM role for EventBridge Target bool false no
attach_sqs_policy Controls whether the SQS policy should be added to IAM role for EventBridge Target bool false no
attach_tracing_policy Controls whether X-Ray tracing policy should be added to IAM role for EventBridge bool false no
bus_name A unique name for your EventBridge Bus string "default" no
cloudwatch_target_arns The Amazon Resource Name (ARN) of the Cloudwatch Log Streams you want to use as EventBridge targets list(string) [] no
create Controls whether resources should be created bool true no
create_archives Controls whether EventBridge Archive resources should be created bool false no
create_bus Controls whether EventBridge Bus resource should be created bool true no
create_permissions Controls whether EventBridge Permission resources should be created bool true no
create_role Controls whether IAM roles should be created bool true no
create_rules Controls whether EventBridge Rule resources should be created bool true no
create_targets Controls whether EventBridge Target resources should be created bool true no
ecs_target_arns The Amazon Resource Name (ARN) of the AWS ECS Tasks you want to use as EventBridge targets list(string) [] no
kinesis_firehose_target_arns The Amazon Resource Name (ARN) of the Kinesis Firehose Delivery Streams you want to use as EventBridge targets list(string) [] no
kinesis_target_arns The Amazon Resource Name (ARN) of the Kinesis Streams you want to use as EventBridge targets list(string) [] no
lambda_target_arns The Amazon Resource Name (ARN) of the Lambda Functions you want to use as EventBridge targets list(string) [] no
number_of_policies Number of policies to attach to IAM role number 0 no
number_of_policy_jsons Number of policies JSON to attach to IAM role number 0 no
permissions A map of objects with EventBridge Permission definitions. map(any) {} no
policies List of policy statements ARN to attach to IAM role list(string) [] no
policy An additional policy document ARN to attach to IAM role string null no
policy_json An additional policy document as JSON to attach to IAM role string null no
policy_jsons List of additional policy documents as JSON to attach to IAM role list(string) [] no
policy_statements Map of dynamic policy statements to attach to IAM role any {} no
role_description Description of IAM role to use for Lambda Function string null no
role_force_detach_policies Specifies to force detaching any policies the IAM role has before destroying it. bool true no
role_name Name of IAM role to use for Lambda Function string null no
role_path Path of IAM role to use for Lambda Function string null no
role_permissions_boundary The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function string null no
role_tags A map of tags to assign to IAM role map(string) {} no
rules A map of objects with EventBridge Rule definitions. map(any) {} no
sfn_target_arns The Amazon Resource Name (ARN) of the StepFunctions you want to use as EventBridge targets list(string) [] no
sqs_target_arns The Amazon Resource Name (ARN) of the AWS SQS Queues you want to use as EventBridge targets list(string) [] no
tags A map of tags to assign to resources. map(string) {} no
targets A map of objects with EventBridge Target definitions. any {} no
trusted_entities Step Function additional trusted entities for assuming roles (trust relationship) list(string) [] no

Outputs

Name Description
eventbridge_archive_arns The EventBridge Archive Arns created
eventbridge_bus_arn The EventBridge Bus Arn
eventbridge_bus_name The EventBridge Bus Name
eventbridge_permission_ids The EventBridge Permission Arns created
eventbridge_role_arn The ARN of the IAM role created for EventBridge
eventbridge_role_name The name of the IAM role created for EventBridge
eventbridge_rule_arns The EventBridge Rule ARNs created
eventbridge_rule_ids The EventBridge Rule IDs created

Authors

Module managed by Sven Lito. Check out serverless.tf to learn more about doing serverless with Terraform.

License

Apache 2 Licensed. See LICENSE for full details.

About

Terraform module which creates EventBridge resources on AWS

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 99.5%
  • Makefile 0.5%