Skip to content

Latest commit

 

History

History
79 lines (65 loc) · 18.6 KB

File metadata and controls

79 lines (65 loc) · 18.6 KB

eventbridge-rule

This module creates following resources.

  • aws_cloudwatch_event_rule
  • aws_cloudwatch_event_target (optional)

Requirements

Name Version
terraform >= 1.6
aws >= 5.27

Providers

Name Version
aws 5.31.0

Modules

Name Source Version
resource_group tedilabs/misc/aws//modules/resource-group ~> 0.10.0
role tedilabs/account/aws//modules/iam-role ~> 0.28.0

Resources

Name Type
aws_cloudwatch_event_rule.this resource
aws_cloudwatch_event_target.api_destination resource
aws_cloudwatch_event_target.aws_service resource
aws_cloudwatch_event_target.event_bus resource
aws_caller_identity.this data source
aws_iam_policy_document.event_bus data source
aws_iam_policy_document.ssm_run_command data source
aws_iam_policy_document.ssm_run_commands data source
aws_partition.this data source
aws_region.this data source

Inputs

Name Description Type Default Required
name (Required) A name of the rule for the event bus. string n/a yes
api_destination_targets (Optional) The configuration to manage the specified EventBridge API destination targets for the rule. Each item of api_destination_targets as defined below.
(Required) id - The unique ID of the target within the specified rule. Use this ID to reference the target when updating the rule.
(Required) api_destination - The Amazon Resource Name (ARN) of the target API destination.

(Optional) input - The input to send to the target. input as defined below.
(Optional) type - Valid values are MATCHED_EVENT, CONSTANT, JSON_PATH, TRNASFORMER. Defaults to MATCHED_EVENT.
(Optional) value - The input value to send to the target. Not required if input.type is MATCHED_EVENT.
CONSTANT - Valid JSON text passed to the target.
JSON_PATH - A JSON path expression that selects a portion of the event data to pass to the target.
TRANSFORMER - The input transformer feature of EventBridge customizes the text from an event before it is passed to the target. You can define variables that use JSON path to reference values in the original event source.
(Optional) reference_variables - A map of key-value pairs specified in the form of JSONPath (for example, time = $.time). Define variables that use JSON path to reference values in the original event source. Can define up to 100 variables. Only required if input.type is TRANSFORMER.

(Optional) execution_role - The ARN (Amazon Resource Name) of the IAM role to be used for this target when the rule is triggered. Only required if default_execution_role.enabled is false.

(Optional) dead_letter_queue - The configuration for dead-letter queue of the rule target. Dead letter queues are used for collecting and storing events that were not successfully delivered to targets. dead_letter_queue as defined below.
(Optional) enabled - Whether to enable the dead letter queue. Defaults to false.
(Optional) sqs_queue - The Amazon Resource Name (ARN) of the SQS queue specified as the target for the dead letter queue.
(Optional) retry_policy - The configuration for retry policy of the rule target. Retry policies are used for specifying how many times to retry sending an event to a target after an error occurs. retry_policy as defined below.
(Optional) maximum_event_age - The maximum amount of time, in seconds, to continue to make retry attempts. Defaults to 86400 (1 hour).
(Optional) maximum_retry_attempts - The maximum number of times to retry sending an event to a target after an error occurs. Defaults to 185.
list(object({
id = string
api_destination = string

input = optional(object({
type = optional(string, "MATCHED_EVENT")
value = optional(string)
reference_variables = optional(map(string), {})
}), {})

execution_role = optional(string)

dead_letter_queue = optional(object({
enabled = optional(bool, false)
sqs_queue = optional(string)
}), {})
retry_policy = optional(object({
maximum_event_age = optional(number, 86400)
maximum_retry_attempts = optional(number, 185)
}), {})
}))
[] no
aws_service_targets (Optional) The configuration to manage the specified AWS service targets for the rule. Targets are the resources that are invoked when a rule is triggered. Each item of aws_service_targets as defined below.
(Required) id - The unique ID of the target within the specified rule. Use this ID to reference the target when updating the rule.
(Required) type - The AWS resource type of the target. Valid values are
CLOUDWATCH_LOG_GROUP, SNS_TOPIC, SQS_QUEUE, SSM_RUN_COMMAND.
(Optional) cloudwatch_log_group - The configuration for CloudWatch log group target. cloudwatch_log_group as defined below.
(Required) arn - The Amazon Resource Name (ARN) of the CloudWatch log group.
(Optional) sns_topic - The configuration for SNS topic target. sns_topic as defined below.
(Required) arn - The Amazon Resource Name (ARN) of the SNS topic.
(Optional) sqs_queue - The configuration for SQS queue target. sqs_queue as defined below.
(Required) arn - The Amazon Resource Name (ARN) of the SQS queue.
(Optional) message_group_id - The FIFO message group ID to use as the target.
(Optional) ssm_run_command - The configuration for SSM run command target. ssm_run_command as defined below.
(Required) document - The Amazon Resource Name (ARN) of the SSM document to run on the target.
(Required) target_selector - The target selector as a Map of key-value pairs. Valid keys are InstanceIds or tag:${tag-name}.

(Optional) input - The input to send to the target. input as defined below.
(Optional) type - Valid values are MATCHED_EVENT, CONSTANT, JSON_PATH, TRNASFORMER, CHATBOT_CUSTOM_NOTIFICATION. Defaults to MATCHED_EVENT.
(Optional) value - The input value to send to the target. Not required if input.type is MATCHED_EVENT.
CONSTANT - Valid JSON text passed to the target.
JSON_PATH - A JSON path expression that selects a portion of the event data to pass to the target.
TRANSFORMER - The input transformer feature of EventBridge customizes the text from an event before it is passed to the target. You can define variables that use JSON path to reference values in the original event source.
CHATBOT_CUSTOM_NOTIFICATION - The extended version of TRANSFORMER input type.
(Optional) reference_variables - A map of key-value pairs specified in the form of JSONPath (for example, time = $.time). Define variables that use JSON path to reference values in the original event source. Can define up to 100 variables. Only required if input.type is TRANSFORMER or CHATBOT_CUSTOM_NOTIFICATION.

(Optional) execution_role - The ARN (Amazon Resource Name) of the IAM role to be used for this target when the rule is triggered. Only required if default_execution_role.enabled is false.

(Optional) dead_letter_queue - The configuration for dead-letter queue of the rule target. Dead letter queues are used for collecting and storing events that were not successfully delivered to targets. dead_letter_queue as defined below.
(Optional) enabled - Whether to enable the dead letter queue. Defaults to false.
(Optional) sqs_queue - The Amazon Resource Name (ARN) of the SQS queue specified as the target for the dead letter queue.
(Optional) retry_policy - The configuration for retry policy of the rule target. Retry policies are used for specifying how many times to retry sending an event to a target after an error occurs. retry_policy as defined below.
(Optional) maximum_event_age - The maximum amount of time, in seconds, to continue to make retry attempts. Defaults to 86400 (1 hour).
(Optional) maximum_retry_attempts - The maximum number of times to retry sending an event to a target after an error occurs. Defaults to 185.
list(object({
id = string
type = string
cloudwatch_log_group = optional(object({
arn = string
}))
sns_topic = optional(object({
arn = string
}))
sqs_queue = optional(object({
arn = string
message_group_id = optional(string)
}))
ssm_run_command = optional(object({
document = string
target_selector = map(list(string))
}))

input = optional(object({
type = optional(string, "MATCHED_EVENT")
value = optional(string)
reference_variables = optional(map(string), {})
}), {})

execution_role = optional(string)

dead_letter_queue = optional(object({
enabled = optional(bool, false)
sqs_queue = optional(string)
}), {})
retry_policy = optional(object({
maximum_event_age = optional(number, 86400)
maximum_retry_attempts = optional(number, 185)
}), {})
}))
[] no
default_execution_role (Optional) A configuration for the default execution role to use for the rule that is used for target invocation. Use execution_role if default_execution_role.enabled is false. default_execution_role as defined below.
(Optional) enabled - Whether to create the default execution role. Defaults to true.
(Optional) name - The name of the default execution role. Defaults to aws-eventbridge-${var.event_bus}-rule-${var.name}.
(Optional) path - The path of the default execution role. Defaults to /.
(Optional) description - The description of the default execution role.
(Optional) policies - A list of IAM policy ARNs to attach to the default execution role. Defaults to [].
(Optional) inline_policies - A Map of inline IAM policies to attach to the default execution role. (name => policy).
object({
enabled = optional(bool, true)
name = optional(string)
path = optional(string, "/")
description = optional(string, "Managed by Terraform.")

policies = optional(list(string), [])
inline_policies = optional(map(string), {})
})
{} no
description (Optional) The description of the rule. string "Managed by Terraform." no
event_bus (Optional) The name or ARN of the event bus to associate with this rule. If you omit this, the default event bus is used. string "default" no
event_bus_targets (Optional) The configuration to manage the specified EventBridge event bus targets for the rule. Each item of event_bus_targets as defined below.
(Required) id - The unique ID of the target within the specified rule. Use this ID to reference the target when updating the rule.
(Required) event_bus - The Amazon Resource Name (ARN) of the target event bus.

(Optional) execution_role - The ARN (Amazon Resource Name) of the IAM role to be used for this target when the rule is triggered. Only required if default_execution_role.enabled is false.

(Optional) dead_letter_queue - The configuration for dead-letter queue of the rule target. Dead letter queues are used for collecting and storing events that were not successfully delivered to targets. dead_letter_queue as defined below.
(Optional) enabled - Whether to enable the dead letter queue. Defaults to false.
(Optional) sqs_queue - The Amazon Resource Name (ARN) of the SQS queue specified as the target for the dead letter queue.
list(object({
id = string
event_bus = string

execution_role = optional(string)

dead_letter_queue = optional(object({
enabled = optional(bool, false)
sqs_queue = optional(string)
}), {})
}))
[] no
execution_role (Optional) The ARN (Amazon Resource Name) of the IAM role associated with the rule that is used for target invocation. Only required if default_execution_role.enabled is false. string null no
module_tags_enabled (Optional) Whether to create AWS Resource Tags for the module informations. bool true no
resource_group_description (Optional) The description of Resource Group. string "Managed by Terraform." no
resource_group_enabled (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. bool true no
resource_group_name (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. string "" no
state (Optional) The state of the rule. Valid values are DISABLED, ENABLED, and ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS. Defaults to ENABLED.
DISABLED - The rule is disabled. EventBridge does not match any events against the rule.
ENABLED - The rule is enabled. EventBridge matches events against the rule, except for Amazon Web Services management events delivered through CloudTrail.
ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS - The rule is enabled for all events, including Amazon Web Services management events delivered through CloudTrail. Management events provide visibility into management operations that are performed on resources in your Amazon Web Services account. These are also known as control plane operations. This value is only valid for rules on the default event bus or custom event buses. It does not apply to partner event buses.
string "ENABLED" no
tags (Optional) A map of tags to add to all resources. map(string) {} no
trigger (Required) The configuration for the rule trigger. At least one of schedule_expression or event_pattern is required. trigger as defined below.
(Optional) event_pattern - The event pattern to trigger when an event matching the pattern occurs. This is described in a JSON object. The event_pattern size is 2048 by default but it is adjustable up to 4096 characters by submitting a service quota increase request.
(Optional) schedule_expression - The scheduling expression. For example, cron(0 20 * * ? *) or rate(5 minutes). Can only be used on the default event bus.
object({
event_pattern = optional(string)
schedule_expression = optional(string)
})
{} no

Outputs

Name Description
api_destination_targets The configuration for EventBridge API destination targets of the rule.
arn The Amazon Resource Name (ARN) of the rule.
aws_service_targets The configuration for AWS service targets of the rule.
description The description of the rule.
event_bus The name of the event bus.
event_bus_targets The configuration for EventBridge event bus targets of the rule.
execution_role The ARN (Amazon Resource Name) of the IAM role associated with the rule that is used for target invocation.
id The unique identifier for the rule.
name The name of the rule.
state The state of the rule.
trigger The configuration for the rule trriger.