Skip to content

Audit log sink management terraform #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Audit log sink management terraform #380

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cae6fab
Audit log sink management terraform
david049 Nov 3, 2025
72a6ece
go generate
david049 Nov 3, 2025
5c06226
run tests sequentially
david049 Nov 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
95 changes: 95 additions & 0 deletions docs/resources/account_audit_log_sink.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "temporalcloud_account_audit_log_sink Resource - terraform-provider-temporalcloud"
subcategory: ""
description: |-
Provisions an account audit log sink.
---

# temporalcloud_account_audit_log_sink (Resource)

Provisions an account audit log sink.

## Example Usage

```terraform
terraform {
required_providers {
temporalcloud = {
source = "temporalio/temporalcloud"
}
}
}

provider "temporalcloud" {

}

# Example with Kinesis
resource "temporalcloud_account_audit_log_sink" "kinesis_sink" {
sink_name = "my-kinesis-sink"
enabled = true
kinesis = {
role_name = "arn:aws:iam::123456789012:role/TemporalCloudKinesisRole"
destination_uri = "arn:aws:kinesis:us-east-1:123456789012:stream/my-audit-stream"
region = "us-east-1"
}
}

# Example with PubSub
resource "temporalcloud_account_audit_log_sink" "pubsub_sink" {
sink_name = "my-pubsub-sink"
enabled = true
pubsub = {
service_account_id = "my-service-account-id"
topic_name = "temporal-audit-logs"
gcp_project_id = "my-gcp-project"
}
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `sink_name` (String) The unique name of the audit log sink, it can't be changed once set.

### Optional

- `enabled` (Boolean) A flag indicating whether the audit log sink is enabled or not.
- `kinesis` (Attributes) The Kinesis configuration details when destination_type is Kinesis. (see [below for nested schema](#nestedatt--kinesis))
- `pubsub` (Attributes) The PubSub configuration details when destination_type is PubSub. (see [below for nested schema](#nestedatt--pubsub))
- `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))

### Read-Only

- `id` (String) The unique identifier of the account audit log sink.

<a id="nestedatt--kinesis"></a>
### Nested Schema for `kinesis`

Required:

- `destination_uri` (String) The destination URI of the Kinesis stream where Temporal will send data.
- `region` (String) The region of the Kinesis stream.
- `role_name` (String) The IAM role that Temporal Cloud assumes for writing records to the customer's Kinesis stream.


<a id="nestedatt--pubsub"></a>
### Nested Schema for `pubsub`

Required:

- `gcp_project_id` (String) The GCP project ID of the PubSub topic and service account.
- `service_account_id` (String) The customer service account ID that Temporal Cloud impersonates for writing records to the customer's PubSub topic.
- `topic_name` (String) The destination PubSub topic name for Temporal.


<a id="nestedblock--timeouts"></a>
### Nested Schema for `timeouts`

Optional:

- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
33 changes: 33 additions & 0 deletions examples/resources/temporalcloud_account_audit_log_sink/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
terraform {
required_providers {
temporalcloud = {
source = "temporalio/temporalcloud"
}
}
}

provider "temporalcloud" {

}

# Example with Kinesis
resource "temporalcloud_account_audit_log_sink" "kinesis_sink" {
sink_name = "my-kinesis-sink"
enabled = true
kinesis = {
role_name = "arn:aws:iam::123456789012:role/TemporalCloudKinesisRole"
destination_uri = "arn:aws:kinesis:us-east-1:123456789012:stream/my-audit-stream"
region = "us-east-1"
}
}

# Example with PubSub
resource "temporalcloud_account_audit_log_sink" "pubsub_sink" {
sink_name = "my-pubsub-sink"
enabled = true
pubsub = {
service_account_id = "my-service-account-id"
topic_name = "temporal-audit-logs"
gcp_project_id = "my-gcp-project"
}
}
2 changes: 2 additions & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,3 +95,5 @@ require (
gopkg.in/yaml.v2 v2.3.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

replace go.temporal.io/cloud-sdk => github.com/temporalio/cloud-sdk-go v0.6.1-0.20251031194819-5117604c8a4f
Copy link
Author

@david049 david049 Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: remove this after API update

4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,8 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/temporalio/cloud-sdk-go v0.6.1-0.20251031194819-5117604c8a4f h1:i8w+OmC4ocK72/LdwKXnXawHC6CCMHrtzVNYI4+6tGk=
github.com/temporalio/cloud-sdk-go v0.6.1-0.20251031194819-5117604c8a4f/go.mod h1:AueDDyuayosk+zalfrnuftRqnRQTHwD0HYwNgEQc0YE=
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
Expand Down Expand Up @@ -238,8 +240,6 @@ go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mx
go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
go.temporal.io/api v1.53.0 h1:6vAFpXaC584AIELa6pONV56MTpkm4Ha7gPWL2acNAjo=
go.temporal.io/api v1.53.0/go.mod h1:iaxoP/9OXMJcQkETTECfwYq4cw/bj4nwov8b3ZLVnXM=
go.temporal.io/cloud-sdk v0.5.0 h1:6PdA6D8I/PiFLLpYwinre7ffPTct49zhapMAN5rJjmw=
go.temporal.io/cloud-sdk v0.5.0/go.mod h1:AueDDyuayosk+zalfrnuftRqnRQTHwD0HYwNgEQc0YE=
go.temporal.io/sdk v1.36.0 h1:WO9zetpybBNK7xsQth4Z+3Zzw1zSaM9MOUGrnnUjZMo=
go.temporal.io/sdk v1.36.0/go.mod h1:8BxGRF0LcQlfQrLLGkgVajbsKUp/PY7280XTdcKc18Y=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
Expand Down
Loading
Loading