Skip to content

Initial module setup
Compare
Choose a tag to compare
@benjaminlukeclark benjaminlukeclark released this 13 Sep 15:50
· 4 commits to main since this release
1.0.0
0054cde
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Description

The initial release of the event bridge rules module.

Changelog available here.

TL; DR

A new terraform module to allow creation of n event bridge rules with dynamic targets, defined iam policies for an associated iam role, and automatic lambda permission creation.

NEW

  • For each dictionary provided, this module:
    • Creates a new event bridge rule
    • Creates a new IAM role which the event bridge rule utilises when interacting with targets
    • For each dictionary in targets:
      • Associates the target with the event bridge rule
      • If the target is a lambda, automatically allows event bridge to execute the lambda.
    • For each dictionary in iam_policy_statements:
      • Creates a new policy and attaches to the automatically created iam_role

Note: state machine and lambda targets are tested. Others will probably work - as the target is just an ARN and iam_policy_statements should allow you to define appropriate iam permissions - but are untested.

SUPPORTED MODULE DATA STRUCTURE

Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:

REQUIRED
---------
- suffix                : Friendly name for the rule in Event Bridge
- description           : A friendly description of what the Event Bridge rule does
- targets               : A list of dictionaries with the following attributes, defining what target this event triggers:
-- name                 : A friendly name for the target, if lambda this should be the lambda name
-- arn                  : The ARN of the resource being targeted
MUTUALLY EXCLUSIVE TARGETS INPUTS:
-- input                : OPTIONAL JSON string of input to pass to target, defaults to null
-- input_path           : OPTIONAL value of the JSONPath that is used for extracting part of the matched event when passing it to the target, defaults to null.
-- input_transformer    : OPTIONAL parameters used when you are providing a custom input to a target based on certain event data, defaults to null.

One of the following, but not both:
- schedule              : The scheduling expression. For example, cron(0 20 * * ? *) or rate(5 minutes)
- pattern               : Pattern for the event to match on, should be jsonencoded dictionary

OPTIONAL
---------
By default we deploy event bridge rules as disabled, and ignore state on apply, such that
enabling/disabling event bridge rules is always a manual affair rather than doing via Terraform. But via the below
optional values this may be changed on a per-rule basis.

- state                 : By default DISABLED, can set to ENABLED or ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
- ignore_state          : By default true, can set to false.


IAM role  Statement and Role Suffix to be used for this target when the rule is triggered.
Required if ecs_target is used or target in arn is EC2 instance, Kinesis data stream, Step Functions state machine,
or Event Bus in different account or region.
- iam_role_suffix       : IAM role suffix for the event bridge Role having permission to invoke target AWS Service
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining Event Bridge permissions
-- conditions    : An OPTIONAL list of dictionaries, which each defines:
--- test         : Test condition for limiting the action
--- variable     : Value to test
--- values       : A list of strings, denoting what to test for

FEEDBACK

Submit suggestions for improvements to [email protected].

Assets 2
Loading