Skip to content

Partner Event Bus Logging Configuration Fails - CreateEventBus vs UpdateEventBus IssueΒ #184

New issue
New issue
Open
Open
Partner Event Bus Logging Configuration Fails - CreateEventBus vs UpdateEventBus Issue#184
@HarzSR

Description

@HarzSR
HarzSR
opened on Sep 24, 2025

Description

When attempting to enable logging on an existing Partner Event Bus integration, the terraform-aws-eventbridge module fails because it attempts CreateEventBus instead of UpdateEventBus. Partner Event Bus integrations are already created when the partner sends the integration request, so enabling logging should update the existing bus rather than create a new one.

Two Main Issues:

  1. Wrong API Call: Module uses CreateEventBus instead of UpdateEventBus for existing Partner Event Bus
  2. Validation Error: Dots (.) in partner bus names cause validation failures

Reproduction Configuration:

resource "aws_cloudwatch_event_bus" "logging_config" {
    count = var.enable_logging ? 1 : 0
    name = var.event_bus_name  # "aws.partner/salesforce.com/00D***************/**************"
    log_config {
      include_detail = "FULL"
      level         = "TRACE"
    }
    tags = var.tags
  }
  • βœ‹ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

  • Module version [Required]: Latest
  • Terraform version: 1.12.2
  • Provider version(s): hashicorp/aws 6.8.0

Reproduction Code [Required]

Steps to reproduce the behavior:

  1. Have an existing Partner Event Bus integration (e.g., Salesforce Platform Events)
  2. Attempt to enable logging on the existing partner bus using the module
  3. Run terraform init && terraform apply
Configuration:
  variable "enable_logging" {
    type    = bool
    default = true
  }

  variable "event_bus_name" {
    type    = string
    default = "aws.partner/salesforce.com/00D***************/**************"
  }

  variable "tags" {
    type = map(string)
    default = {
      environment = "test"
      project     = "eventbridge-logging"
    }
  }

  resource "aws_cloudwatch_event_bus" "logging_config" {
    count = var.enable_logging ? 1 : 0
    name = var.event_bus_name
    log_config {
      include_detail = "FULL"
      level         = "TRACE"
    }
    tags = var.tags
  }
  1. Cleared local .terraform directory
  2. Ran terraform init
  3. Ran terraform apply
  4. Received ValidationException error

Expected behavior

For Partner Event Bus integrations that already exist, enabling logging should use UpdateEventBus API to add logging configuration to the existing bus, not attempt to create a new one.

Actual behavior

Terraform attempts CreateEventBus on an existing Partner Event Bus and fails with ValidationException.

Error:
Error: creating EventBridge Custom Event Bus (aws.partner/salesforce.com/00D***************/**************): operation error EventBridge: CreateEventBus, https response error StatusCode: 400, RequestID: eeffdada-062f-4e74-ada2-bdae03a99c71, ValidationException: EventBus name starting with 'aws.' is not valid.

β”‚ Error: creating EventBridge Custom Event Bus (aws.partner/salesforce.com/00D***************/**************)
β”‚
β”‚ with aws_cloudwatch_event_bus.logging_config[0],
β”‚ on main.tf line XX, in resource "aws_cloudwatch_event_bus" "logging_config":
β”‚ XX: resource "aws_cloudwatch_event_bus" "logging_config" {
β”‚
β”‚ operation error EventBridge: CreateEventBus, https response error StatusCode: 400, RequestID: eeffdada-062f-4e74-ada2-bdae03a99c71, ValidationException: EventBus name starting with 'aws.' is not valid.

Actual context

Partner Event Bus integrations are automatically provisioned by AWS when partners (like Salesforce) send integration requests. These buses already exist in the customer's account and should only be updated, not created.

CloudTrail Event Details:

{
      "eventVersion": "1.11",
      "eventTime": "2025-09-12T15:11:07Z",
      "eventSource": "events.amazonaws.com",
      "eventName": "CreateEventBus",
      "awsRegion": "ap-southeast-2",
      "errorCode": "ValidationException",
      "errorMessage": "EventBus name starting with 'aws.' is not valid.",
      "requestParameters": {
          "name": "aws.partner/salesforce.com/00D***************/**************",
          "logConfig": {
              "includeDetail": "FULL",
              "level": "TRACE"
          }
      }
}

###AWS Documentation Reference:

According to https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus, partner event buses should reference existing event sources:

data "aws_cloudwatch_event_source" "examplepartner" {
    name_prefix = "aws.partner/examplepartner.com"
  }

resource "aws_cloudwatch_event_bus" "examplepartner" {
    name              = data.aws_cloudwatch_event_source.examplepartner.name
    description       = "Event bus for example partner events"
    event_source_name = data.aws_cloudwatch_event_source.examplepartner.name
  }

Environment Details:

  • Partner Integration: Salesforce Platform Events
  • Bus Name Pattern: aws.partner/salesforce.com/<org_id>/<integration_id>
  • Region: ap-southeast-2

Impact:
Cannot enable CloudWatch logging on existing Partner Event Bus integrations, blocking monitoring and debugging capabilities for partner event flows.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions