From ee4ece22655bbfd0a2b1a3854d26a6c64a1bd30e Mon Sep 17 00:00:00 2001 From: Tiago Vieira Date: Thu, 28 Aug 2025 22:50:46 +0100 Subject: [PATCH 1/5] feat: Add EventBridge bus logging configuration --- README.md | 13 +- examples/api-gateway-event-source/README.md | 4 +- examples/api-gateway-event-source/versions.tf | 2 +- examples/complete/README.md | 4 +- examples/complete/versions.tf | 2 +- examples/default-bus/README.md | 4 +- examples/default-bus/versions.tf | 2 +- examples/with-api-destination/README.md | 4 +- examples/with-api-destination/versions.tf | 2 +- examples/with-archive/README.md | 7 +- examples/with-archive/versions.tf | 2 +- examples/with-bus-logging/README.md | 54 +++++++ examples/with-bus-logging/main.tf | 137 ++++++++++++++++++ examples/with-bus-logging/outputs.tf | 0 examples/with-bus-logging/variables.tf | 0 examples/with-bus-logging/versions.tf | 14 ++ examples/with-ecs-scheduling/README.md | 4 +- examples/with-ecs-scheduling/versions.tf | 2 +- examples/with-lambda-scheduling/README.md | 2 +- examples/with-lambda-scheduling/versions.tf | 2 +- examples/with-permissions/README.md | 4 +- examples/with-permissions/versions.tf | 2 +- examples/with-pipes/README.md | 4 +- examples/with-pipes/versions.tf | 2 +- examples/with-schedules/README.md | 4 +- examples/with-schedules/versions.tf | 2 +- main.tf | 114 +++++++++++++++ outputs.tf | 5 + variables.tf | 24 +++ versions.tf | 2 +- 30 files changed, 392 insertions(+), 32 deletions(-) create mode 100644 examples/with-bus-logging/README.md create mode 100644 examples/with-bus-logging/main.tf create mode 100644 examples/with-bus-logging/outputs.tf create mode 100644 examples/with-bus-logging/variables.tf create mode 100644 examples/with-bus-logging/versions.tf diff --git a/README.md b/README.md index dd1e178..ffd5667 100644 --- a/README.md +++ b/README.md @@ -382,13 +382,13 @@ module "eventbridge" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | ## Modules @@ -405,6 +405,13 @@ No modules. | [aws_cloudwatch_event_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_permission) | resource | | [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [aws_cloudwatch_log_delivery.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | +| [aws_cloudwatch_log_delivery.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | +| [aws_cloudwatch_log_delivery.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | +| [aws_cloudwatch_log_delivery_destination.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | +| [aws_cloudwatch_log_delivery_destination.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | +| [aws_cloudwatch_log_delivery_destination.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | +| [aws_cloudwatch_log_delivery_source.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_source) | resource | | [aws_iam_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | @@ -488,6 +495,7 @@ No modules. | [attach\_sqs\_policy](#input\_attach\_sqs\_policy) | Controls whether the SQS policy should be added to IAM role for EventBridge Target | `bool` | `false` | no | | [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for EventBridge | `bool` | `false` | no | | [bus\_description](#input\_bus\_description) | Event bus description | `string` | `null` | no | +| [bus\_log\_config](#input\_bus\_log\_config) | The configuration block for the EventBridge bus logging | 
object({
    include_detail = optional(string)
    level          = optional(string)

    cloudwatch = optional(object({
      enabled       = optional(bool, false)
      log_group_arn = optional(string)
    }))

    s3 = optional(object({
      enabled    = optional(bool, false)
      bucket_arn = optional(string)
    }))

    firehose = optional(object({
      enabled             = optional(bool, false)
      delivery_stream_arn = optional(string)
    }))
  })
| `null` | no | | [bus\_name](#input\_bus\_name) | A unique name for your EventBridge Bus | `string` | `"default"` | no | | [cloudwatch\_target\_arns](#input\_cloudwatch\_target\_arns) | The Amazon Resource Name (ARN) of the Cloudwatch Log Streams you want to use as EventBridge targets | `list(string)` | `[]` | no | | [connections](#input\_connections) | A map of objects with EventBridge Connection definitions. | `any` | `{}` | no | @@ -558,6 +566,7 @@ No modules. | [eventbridge\_connection\_ids](#output\_eventbridge\_connection\_ids) | The EventBridge Connection IDs | | [eventbridge\_connections](#output\_eventbridge\_connections) | The EventBridge Connections created and their attributes | | [eventbridge\_iam\_roles](#output\_eventbridge\_iam\_roles) | The EventBridge IAM roles created and their attributes | +| [eventbridge\_log\_delivery\_source](#output\_eventbridge\_log\_delivery\_source) | The EventBridge Bus CloudWatch Log Delivery Source created and their attributes | | [eventbridge\_permission\_ids](#output\_eventbridge\_permission\_ids) | The EventBridge Permission IDs | | [eventbridge\_permissions](#output\_eventbridge\_permissions) | The EventBridge Permissions created and their attributes | | [eventbridge\_pipe\_arns](#output\_eventbridge\_pipe\_arns) | The EventBridge Pipes ARNs | diff --git a/examples/api-gateway-event-source/README.md b/examples/api-gateway-event-source/README.md index 0d788a9..9c0300f 100644 --- a/examples/api-gateway-event-source/README.md +++ b/examples/api-gateway-event-source/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/api-gateway-event-source/versions.tf b/examples/api-gateway-event-source/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/api-gateway-event-source/versions.tf +++ b/examples/api-gateway-event-source/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index 5995298..094db9a 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 3.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [null](#provider\_null) | >= 2.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index b54c439..cb0c2fc 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/default-bus/README.md b/examples/default-bus/README.md index aa5dc0c..e2d397b 100644 --- a/examples/default-bus/README.md +++ b/examples/default-bus/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/default-bus/versions.tf b/examples/default-bus/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/default-bus/versions.tf +++ b/examples/default-bus/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-api-destination/README.md b/examples/with-api-destination/README.md index 28c0a9d..00cd3bf 100644 --- a/examples/with-api-destination/README.md +++ b/examples/with-api-destination/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/with-api-destination/versions.tf b/examples/with-api-destination/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/with-api-destination/versions.tf +++ b/examples/with-api-destination/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-archive/README.md b/examples/with-archive/README.md index 00840dd..7710410 100644 --- a/examples/with-archive/README.md +++ b/examples/with-archive/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules @@ -36,6 +36,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [eventbridge](#module\_eventbridge) | ../../ | n/a | | [eventbridge\_archive\_only](#module\_eventbridge\_archive\_only) | ../../ | n/a | +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 | ## Resources @@ -43,6 +44,8 @@ Note that this example may create resources which cost money. Run `terraform des |------|------| | [aws_cloudwatch_event_bus.existing_bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/examples/with-archive/versions.tf b/examples/with-archive/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/with-archive/versions.tf +++ b/examples/with-archive/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-bus-logging/README.md b/examples/with-bus-logging/README.md new file mode 100644 index 0000000..4091c88 --- /dev/null +++ b/examples/with-bus-logging/README.md @@ -0,0 +1,54 @@ +# EventBridge with Bus Logging Example + + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.6 | +| [random](#requirement\_random) | >= 3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 6.6 | +| [random](#provider\_random) | >= 3.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cloudwatch\_log\_group](#module\_cloudwatch\_log\_group) | terraform-aws-modules/cloudwatch/aws//modules/log-group | ~> 3.0 | +| [eventbridge](#module\_eventbridge) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | + +## Resources + +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | + +## Inputs + +No inputs. + +## Outputs + +No outputs. + diff --git a/examples/with-bus-logging/main.tf b/examples/with-bus-logging/main.tf new file mode 100644 index 0000000..79b73cf --- /dev/null +++ b/examples/with-bus-logging/main.tf @@ -0,0 +1,137 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true +} + +data "aws_caller_identity" "current" {} + +module "eventbridge" { + source = "../../" + + create_bus = true + + bus_name = "${random_pet.this.id}-bus" + bus_log_config = { + include_detail = "FULL" + level = "INFO" + cloudwatch = { + enabled = true + log_group_arn = module.cloudwatch_log_group.cloudwatch_log_group_arn + } + s3 = { + enabled = true + bucket_arn = module.s3_bucket.s3_bucket_arn + } + } +} + +################# +# Extra resources +################# + +resource "random_pet" "this" { + length = 2 +} + +###################### +# CloudWatch Log Group +###################### +module "cloudwatch_log_group" { + source = "terraform-aws-modules/cloudwatch/aws//modules/log-group" + version = "~> 3.0" + + name = "/aws/vendedlogs/events/event-bus/${random_pet.this.id}-bus" + retention_in_days = 14 +} + +data "aws_iam_policy_document" "cwlogs" { + statement { + effect = "Allow" + principals { + type = "Service" + identifiers = ["delivery.logs.amazonaws.com"] + } + actions = [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ] + resources = [ + "${module.cloudwatch_log_group.arn}:log-stream:*" + ] + condition { + test = "StringEquals" + variable = "aws:SourceAccount" + values = [data.aws_caller_identity.current.account_id] + } + condition { + test = "ArnLike" + variable = "aws:SourceArn" + values = [ + module.eventbridge.eventbridge_log_delivery_source.arn + ] + } + } +} + +#### +# S3 +#### +module "s3_bucket" { + source = "terraform-aws-modules/s3-bucket/aws" + version = "~> 5.0" + + bucket = "${random_pet.this.id}-eventbridge-bus-logs-bucket" + attach_policy = true + policy = data.aws_iam_policy_document.bucket_policy.json + + acl = "private" + + control_object_ownership = true + object_ownership = "ObjectWriter" + + versioning = { + enabled = true + } +} + +data "aws_iam_policy_document" "bucket_policy" { + statement { + effect = "Allow" + principals { + type = "Service" + identifiers = ["delivery.logs.amazonaws.com"] + } + actions = [ + "s3:PutObject" + ] + resources = [ + "${module.s3_bucket.s3_bucket_arn}/AWSLogs/${data.aws_caller_identity.current.account_id}/EventBusLogs/*" + ] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + values = ["bucket-owner-full-control"] + } + condition { + test = "StringEquals" + variable = "aws:SourceAccount" + values = [data.aws_caller_identity.current.account_id] + } + condition { + test = "ArnLike" + variable = "aws:SourceArn" + values = [ + module.eventbridge.eventbridge_log_delivery_source.arn + ] + } + } +} + +# +# Kinesis Fire +# + diff --git a/examples/with-bus-logging/outputs.tf b/examples/with-bus-logging/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/with-bus-logging/variables.tf b/examples/with-bus-logging/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/with-bus-logging/versions.tf b/examples/with-bus-logging/versions.tf new file mode 100644 index 0000000..a8d1901 --- /dev/null +++ b/examples/with-bus-logging/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.5.7" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.6" + } + random = { + source = "hashicorp/random" + version = ">= 3.0" + } + } +} diff --git a/examples/with-ecs-scheduling/README.md b/examples/with-ecs-scheduling/README.md index 6bfc101..b01cc6a 100644 --- a/examples/with-ecs-scheduling/README.md +++ b/examples/with-ecs-scheduling/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/with-ecs-scheduling/versions.tf b/examples/with-ecs-scheduling/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/with-ecs-scheduling/versions.tf +++ b/examples/with-ecs-scheduling/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-lambda-scheduling/README.md b/examples/with-lambda-scheduling/README.md index e1f70e4..1352eb2 100644 --- a/examples/with-lambda-scheduling/README.md +++ b/examples/with-lambda-scheduling/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 3.0 | diff --git a/examples/with-lambda-scheduling/versions.tf b/examples/with-lambda-scheduling/versions.tf index b54c439..cb0c2fc 100644 --- a/examples/with-lambda-scheduling/versions.tf +++ b/examples/with-lambda-scheduling/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-permissions/README.md b/examples/with-permissions/README.md index 3ceb3a0..ac2852a 100644 --- a/examples/with-permissions/README.md +++ b/examples/with-permissions/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/with-permissions/versions.tf b/examples/with-permissions/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/with-permissions/versions.tf +++ b/examples/with-permissions/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-pipes/README.md b/examples/with-pipes/README.md index b8c1b42..fdc1604 100644 --- a/examples/with-pipes/README.md +++ b/examples/with-pipes/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 3.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [null](#provider\_null) | >= 2.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/with-pipes/versions.tf b/examples/with-pipes/versions.tf index b54c439..cb0c2fc 100644 --- a/examples/with-pipes/versions.tf +++ b/examples/with-pipes/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-schedules/README.md b/examples/with-schedules/README.md index de1cf6e..de0b349 100644 --- a/examples/with-schedules/README.md +++ b/examples/with-schedules/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 3.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [null](#provider\_null) | >= 2.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/with-schedules/versions.tf b/examples/with-schedules/versions.tf index b54c439..cb0c2fc 100644 --- a/examples/with-schedules/versions.tf +++ b/examples/with-schedules/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index 55634ed..c952ea8 100644 --- a/main.tf +++ b/main.tf @@ -53,6 +53,7 @@ locals { "Name" = var.append_pipe_postfix ? "${replace(index, "_", "-")}-pipe" : index }) ]) + enabled_bus_log_type = var.bus_log_config != null ? "${upper(var.bus_log_config.level)}_LOGS" : null } data "aws_cloudwatch_event_bus" "this" { @@ -78,9 +79,122 @@ resource "aws_cloudwatch_event_bus" "this" { } } + dynamic "log_config" { + for_each = var.bus_log_config != null ? [var.bus_log_config] : [] + content { + include_detail = log_config.value.include_detail + level = log_config.value.level + } + } + + tags = var.tags +} + +resource "aws_cloudwatch_log_delivery_source" "this" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null + ) ? 1 : 0 + + name = "EventBusSource-${var.bus_name}-${local.enabled_bus_log_type}" + log_type = local.enabled_bus_log_type + resource_arn = aws_cloudwatch_event_bus.this[0].arn +} + +resource "aws_cloudwatch_log_delivery_destination" "cwlogs" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.cloudwatch != null && + var.bus_log_config.cloudwatch.enabled + ) ? 1 : 0 + + name = "EventsDeliveryDestination-${var.bus_name}-CWLogs" + + delivery_destination_configuration { + destination_resource_arn = var.bus_log_config.cloudwatch.log_group_arn + } + + tags = var.tags +} + +resource "aws_cloudwatch_log_delivery" "cwlogs" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.cloudwatch != null && + var.bus_log_config.cloudwatch.enabled + ) ? 1 : 0 + + delivery_destination_arn = aws_cloudwatch_log_delivery_destination.cwlogs[0].arn + delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name +} + +resource "aws_cloudwatch_log_delivery_destination" "s3" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.s3 != null && + var.bus_log_config.s3.enabled + ) ? 1 : 0 + + name = "EventsDeliveryDestination-${var.bus_name}-S3" + + delivery_destination_configuration { + destination_resource_arn = var.bus_log_config.s3.bucket_arn + } + tags = var.tags } +resource "aws_cloudwatch_log_delivery" "s3" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.s3 != null && + var.bus_log_config.s3.enabled + ) ? 1 : 0 + + delivery_destination_arn = aws_cloudwatch_log_delivery_destination.s3[0].arn + delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name +} + +resource "aws_cloudwatch_log_delivery_destination" "firehose" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.firehose != null && + var.bus_log_config.firehose.enabled + ) ? 1 : 0 + + name = "EventsDeliveryDestination-${var.bus_name}-Firehose" + + delivery_destination_configuration { + destination_resource_arn = var.bus_log_config.firehose.delivery_stream_arn + } + + tags = var.tags +} + +resource "aws_cloudwatch_log_delivery" "firehose" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.firehose != null && + var.bus_log_config.firehose.enabled + ) ? 1 : 0 + + delivery_destination_arn = aws_cloudwatch_log_delivery_destination.firehose[0].arn + delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name +} + resource "aws_schemas_discoverer" "this" { count = var.create && var.create_schemas_discoverer ? 1 : 0 diff --git a/outputs.tf b/outputs.tf index 97e2b66..da9b687 100644 --- a/outputs.tf +++ b/outputs.tf @@ -161,6 +161,11 @@ output "eventbridge_pipes" { value = aws_pipes_pipe.this } +output "eventbridge_log_delivery_source" { + description = "The EventBridge Bus CloudWatch Log Delivery Source created and their attributes" + value = aws_cloudwatch_log_delivery_source.this +} + # IAM Roles output "eventbridge_pipes_iam_roles" { description = "The EventBridge Pipes IAM roles created and their attributes" diff --git a/variables.tf b/variables.tf index 445a993..0146c78 100644 --- a/variables.tf +++ b/variables.tf @@ -138,6 +138,30 @@ variable "bus_description" { default = null } +variable "bus_log_config" { + description = "The configuration block for the EventBridge bus logging" + type = object({ + include_detail = optional(string) + level = optional(string) + + cloudwatch = optional(object({ + enabled = optional(bool, false) + log_group_arn = optional(string) + })) + + s3 = optional(object({ + enabled = optional(bool, false) + bucket_arn = optional(string) + })) + + firehose = optional(object({ + enabled = optional(bool, false) + delivery_stream_arn = optional(string) + })) + }) + default = null +} + variable "event_source_name" { description = "The partner event source that the new event bus will be matched with. Must match name." type = string diff --git a/versions.tf b/versions.tf index 0d66b2d..36ee0bc 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.2" + version = ">= 6.6" } } } From e5e8a5c602d0aec4e5f99d915739f8a0c409809d Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 3 Oct 2025 11:49:52 +0200 Subject: [PATCH 2/5] Fixed code and examples to pass --- .pre-commit-config.yaml | 4 +- README.md | 29 +++++--- examples/with-bus-logging/README.md | 3 +- examples/with-bus-logging/main.tf | 55 ++++---------- main.tf | 108 +++++++--------------------- variables.tf | 41 ++++++++--- 6 files changed, 96 insertions(+), 144 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 776bc24..f065bdd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.99.4 + rev: v1.101.0 hooks: - id: terraform_fmt - id: terraform_docs @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_workspace_remote' - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index ffd5667..5d956be 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Terraform module to create EventBridge resources. ### EventBridge Complete -Most common use-case which creates custom bus, rules and targets. +Most common use-case which creates custom bus, logging, rules and targets. ```hcl module "eventbridge" { @@ -22,6 +22,19 @@ module "eventbridge" { bus_name = "my-bus" + logging = { + include_detail = "FULL" + level = "INFO" + cloudwatch_logs = { + enabled = true + arn = "arn:aws:logs:us-east-1:123456789012:log-group:my-log-group" + } + s3 = { + enabled = true + arn = "arn:aws:s3:::my-log-bucket" + } + } + rules = { orders = { description = "Capture all order data" @@ -347,6 +360,7 @@ module "eventbridge" { create_schedule_groups = false # to control creation of EventBridge Schedule Group resources create_schedules = false # to control creation of EventBridge Schedule resources create_pipes = false # to control creation of EventBridge Pipes resources + create_logging = false # to control creation of EventBridge Logging resources attach_cloudwatch_policy = false attach_ecs_policy = false @@ -368,6 +382,7 @@ module "eventbridge" { * [HTTP API Gateway](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/api-gateway-event-source) - Creates an integration with HTTP API Gateway as event source. * [Using Default Bus](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/default-bus) - Creates resources in the `default` bus. * [Archive](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/with-archive) - EventBridge Archives resources in various configurations. +* [Logging](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/with-bus-logging) - EventBridge Logging resources in various configurations. * [Permissions](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/with-permissions) - Controls permissions to EventBridge. * [Scheduler](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/with-schedules) - EventBridge Scheduler which works with any bus (recommended way). * [ECS Scheduling Events](https://github.com/terraform-aws-modules/terraform-aws-eventbridge/tree/master/examples/with-ecs-scheduling) - Use default bus to schedule events on ECS. @@ -405,12 +420,8 @@ No modules. | [aws_cloudwatch_event_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_permission) | resource | | [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | -| [aws_cloudwatch_log_delivery.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | -| [aws_cloudwatch_log_delivery.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | -| [aws_cloudwatch_log_delivery.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | -| [aws_cloudwatch_log_delivery_destination.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | -| [aws_cloudwatch_log_delivery_destination.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | -| [aws_cloudwatch_log_delivery_destination.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | +| [aws_cloudwatch_log_delivery.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | +| [aws_cloudwatch_log_delivery_destination.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | | [aws_cloudwatch_log_delivery_source.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_source) | resource | | [aws_iam_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | @@ -495,7 +506,6 @@ No modules. | [attach\_sqs\_policy](#input\_attach\_sqs\_policy) | Controls whether the SQS policy should be added to IAM role for EventBridge Target | `bool` | `false` | no | | [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for EventBridge | `bool` | `false` | no | | [bus\_description](#input\_bus\_description) | Event bus description | `string` | `null` | no | -| [bus\_log\_config](#input\_bus\_log\_config) | The configuration block for the EventBridge bus logging | 
object({
    include_detail = optional(string)
    level          = optional(string)

    cloudwatch = optional(object({
      enabled       = optional(bool, false)
      log_group_arn = optional(string)
    }))

    s3 = optional(object({
      enabled    = optional(bool, false)
      bucket_arn = optional(string)
    }))

    firehose = optional(object({
      enabled             = optional(bool, false)
      delivery_stream_arn = optional(string)
    }))
  })
| `null` | no | | [bus\_name](#input\_bus\_name) | A unique name for your EventBridge Bus | `string` | `"default"` | no | | [cloudwatch\_target\_arns](#input\_cloudwatch\_target\_arns) | The Amazon Resource Name (ARN) of the Cloudwatch Log Streams you want to use as EventBridge targets | `list(string)` | `[]` | no | | [connections](#input\_connections) | A map of objects with EventBridge Connection definitions. | `any` | `{}` | no | @@ -504,6 +514,7 @@ No modules. | [create\_archives](#input\_create\_archives) | Controls whether EventBridge Archive resources should be created | `bool` | `false` | no | | [create\_bus](#input\_create\_bus) | Controls whether EventBridge Bus resource should be created | `bool` | `true` | no | | [create\_connections](#input\_create\_connections) | Controls whether EventBridge Connection resources should be created | `bool` | `false` | no | +| [create\_logging](#input\_create\_logging) | Controls whether EventBridge Logging resources should be created | `bool` | `true` | no | | [create\_permissions](#input\_create\_permissions) | Controls whether EventBridge Permission resources should be created | `bool` | `true` | no | | [create\_pipe\_role\_only](#input\_create\_pipe\_role\_only) | Controls whether an IAM role should be created for the pipes only | `bool` | `false` | no | | [create\_pipes](#input\_create\_pipes) | Controls whether EventBridge Pipes resources should be created | `bool` | `true` | no | @@ -521,6 +532,8 @@ No modules. | [kinesis\_target\_arns](#input\_kinesis\_target\_arns) | The Amazon Resource Name (ARN) of the Kinesis Streams you want to use as EventBridge targets | `list(string)` | `[]` | no | | [kms\_key\_identifier](#input\_kms\_key\_identifier) | The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. | `string` | `null` | no | | [lambda\_target\_arns](#input\_lambda\_target\_arns) | The Amazon Resource Name (ARN) of the Lambda Functions you want to use as EventBridge targets | `list(string)` | `[]` | no | +| [log\_delivery\_source\_name](#input\_log\_delivery\_source\_name) | Name of log delivery source | `string` | `null` | no | +| [logging](#input\_logging) | The configuration block for the EventBridge bus logging | 
object({
    include_detail = optional(string)
    level          = optional(string)

    cloudwatch_logs = optional(object({
      enabled         = optional(bool, false)
      name            = optional(string)
      arn             = string
      field_delimiter = optional(string)
      record_fields   = optional(list(string))
    }))

    s3 = optional(object({
      enabled         = optional(bool, false)
      name            = optional(string)
      arn             = string
      field_delimiter = optional(string)
      record_fields   = optional(list(string))
      s3_delivery_configuration = optional(object({
        enable_hive_compatible_path = optional(bool)
        suffix_path                 = optional(string)
      }))
    }))

    firehose = optional(object({
      enabled         = optional(bool, false)
      name            = optional(string)
      arn             = string
      field_delimiter = optional(string)
      record_fields   = optional(list(string))
    }))
  })
| `null` | no | | [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role | `number` | `0` | no | | [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role | `number` | `0` | no | | [permissions](#input\_permissions) | A map of objects with EventBridge Permission definitions. | `map(any)` | `{}` | no | diff --git a/examples/with-bus-logging/README.md b/examples/with-bus-logging/README.md index 4091c88..2803c71 100644 --- a/examples/with-bus-logging/README.md +++ b/examples/with-bus-logging/README.md @@ -31,7 +31,7 @@ $ terraform apply | Name | Source | Version | |------|--------|---------| -| [cloudwatch\_log\_group](#module\_cloudwatch\_log\_group) | terraform-aws-modules/cloudwatch/aws//modules/log-group | ~> 3.0 | +| [cloudwatch\_log\_group](#module\_cloudwatch\_log\_group) | terraform-aws-modules/cloudwatch/aws//modules/log-group | ~> 5.0 | | [eventbridge](#module\_eventbridge) | ../../ | n/a | | [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | @@ -42,7 +42,6 @@ $ terraform apply | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs diff --git a/examples/with-bus-logging/main.tf b/examples/with-bus-logging/main.tf index 79b73cf..8bfc8df 100644 --- a/examples/with-bus-logging/main.tf +++ b/examples/with-bus-logging/main.tf @@ -14,17 +14,18 @@ module "eventbridge" { create_bus = true - bus_name = "${random_pet.this.id}-bus" - bus_log_config = { + bus_name = random_pet.this.id + + logging = { include_detail = "FULL" level = "INFO" - cloudwatch = { - enabled = true - log_group_arn = module.cloudwatch_log_group.cloudwatch_log_group_arn + cloudwatch_logs = { + enabled = true + arn = module.cloudwatch_log_group.cloudwatch_log_group_arn } s3 = { - enabled = true - bucket_arn = module.s3_bucket.s3_bucket_arn + enabled = true + arn = module.s3_bucket.s3_bucket_arn } } } @@ -42,41 +43,12 @@ resource "random_pet" "this" { ###################### module "cloudwatch_log_group" { source = "terraform-aws-modules/cloudwatch/aws//modules/log-group" - version = "~> 3.0" + version = "~> 5.0" name = "/aws/vendedlogs/events/event-bus/${random_pet.this.id}-bus" retention_in_days = 14 } -data "aws_iam_policy_document" "cwlogs" { - statement { - effect = "Allow" - principals { - type = "Service" - identifiers = ["delivery.logs.amazonaws.com"] - } - actions = [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ] - resources = [ - "${module.cloudwatch_log_group.arn}:log-stream:*" - ] - condition { - test = "StringEquals" - variable = "aws:SourceAccount" - values = [data.aws_caller_identity.current.account_id] - } - condition { - test = "ArnLike" - variable = "aws:SourceArn" - values = [ - module.eventbridge.eventbridge_log_delivery_source.arn - ] - } - } -} - #### # S3 #### @@ -85,6 +57,8 @@ module "s3_bucket" { version = "~> 5.0" bucket = "${random_pet.this.id}-eventbridge-bus-logs-bucket" + force_destroy = true + attach_policy = true policy = data.aws_iam_policy_document.bucket_policy.json @@ -125,13 +99,8 @@ data "aws_iam_policy_document" "bucket_policy" { test = "ArnLike" variable = "aws:SourceArn" values = [ - module.eventbridge.eventbridge_log_delivery_source.arn + module.eventbridge.eventbridge_log_delivery_source[0].arn ] } } } - -# -# Kinesis Fire -# - diff --git a/main.tf b/main.tf index c952ea8..f1899f5 100644 --- a/main.tf +++ b/main.tf @@ -53,7 +53,8 @@ locals { "Name" = var.append_pipe_postfix ? "${replace(index, "_", "-")}-pipe" : index }) ]) - enabled_bus_log_type = var.bus_log_config != null ? "${upper(var.bus_log_config.level)}_LOGS" : null + + create_logging = var.create && var.create_bus && var.create_logging && var.logging != null } data "aws_cloudwatch_event_bus" "this" { @@ -80,7 +81,7 @@ resource "aws_cloudwatch_event_bus" "this" { } dynamic "log_config" { - for_each = var.bus_log_config != null ? [var.bus_log_config] : [] + for_each = var.logging != null ? [var.logging] : [] content { include_detail = log_config.value.include_detail level = log_config.value.level @@ -91,110 +92,55 @@ resource "aws_cloudwatch_event_bus" "this" { } resource "aws_cloudwatch_log_delivery_source" "this" { - count = ( - var.create && - var.create_bus && - var.bus_log_config != null - ) ? 1 : 0 - - name = "EventBusSource-${var.bus_name}-${local.enabled_bus_log_type}" - log_type = local.enabled_bus_log_type - resource_arn = aws_cloudwatch_event_bus.this[0].arn -} + count = local.create_logging ? 1 : 0 -resource "aws_cloudwatch_log_delivery_destination" "cwlogs" { - count = ( - var.create && - var.create_bus && - var.bus_log_config != null && - var.bus_log_config.cloudwatch != null && - var.bus_log_config.cloudwatch.enabled - ) ? 1 : 0 - - name = "EventsDeliveryDestination-${var.bus_name}-CWLogs" + region = var.region - delivery_destination_configuration { - destination_resource_arn = var.bus_log_config.cloudwatch.log_group_arn - } + name = coalesce(var.log_delivery_source_name, var.bus_name) + log_type = "${upper(var.logging.level)}_LOGS" + resource_arn = aws_cloudwatch_event_bus.this[0].arn tags = var.tags } -resource "aws_cloudwatch_log_delivery" "cwlogs" { - count = ( - var.create && - var.create_bus && - var.bus_log_config != null && - var.bus_log_config.cloudwatch != null && - var.bus_log_config.cloudwatch.enabled - ) ? 1 : 0 - - delivery_destination_arn = aws_cloudwatch_log_delivery_destination.cwlogs[0].arn - delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name -} +resource "aws_cloudwatch_log_delivery_destination" "this" { + for_each = { for k, v in var.logging : k => v if(local.create_logging && contains(["s3", "cloudwatch_logs", "firehose"], k) && try(v.enabled, true) && v != null) } -resource "aws_cloudwatch_log_delivery_destination" "s3" { - count = ( - var.create && - var.create_bus && - var.bus_log_config != null && - var.bus_log_config.s3 != null && - var.bus_log_config.s3.enabled - ) ? 1 : 0 + region = var.region - name = "EventsDeliveryDestination-${var.bus_name}-S3" + name = coalesce(each.value.name, "${var.bus_name}-${each.key}") + output_format = try(each.value.output_format, null) delivery_destination_configuration { - destination_resource_arn = var.bus_log_config.s3.bucket_arn + destination_resource_arn = each.value.arn } tags = var.tags } -resource "aws_cloudwatch_log_delivery" "s3" { - count = ( - var.create && - var.create_bus && - var.bus_log_config != null && - var.bus_log_config.s3 != null && - var.bus_log_config.s3.enabled - ) ? 1 : 0 +resource "aws_cloudwatch_log_delivery" "this" { + for_each = { for k, v in var.logging : k => v if(local.create_logging && contains(["s3", "cloudwatch_logs", "firehose"], k) && try(v.enabled, true) && v != null) } + + region = var.region - delivery_destination_arn = aws_cloudwatch_log_delivery_destination.s3[0].arn delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name -} + delivery_destination_arn = aws_cloudwatch_log_delivery_destination.this[each.key].arn -resource "aws_cloudwatch_log_delivery_destination" "firehose" { - count = ( - var.create && - var.create_bus && - var.bus_log_config != null && - var.bus_log_config.firehose != null && - var.bus_log_config.firehose.enabled - ) ? 1 : 0 + field_delimiter = each.value.field_delimiter + record_fields = each.value.record_fields - name = "EventsDeliveryDestination-${var.bus_name}-Firehose" + dynamic "s3_delivery_configuration" { + for_each = try(each.value.s3_delivery_configuration, null) != null ? [true] : [] - delivery_destination_configuration { - destination_resource_arn = var.bus_log_config.firehose.delivery_stream_arn + content { + enable_hive_compatible_path = each.value.s3_delivery_configuration.enable_hive_compatible_path + suffix_path = each.value.s3_delivery_configuration.suffix_path + } } tags = var.tags } -resource "aws_cloudwatch_log_delivery" "firehose" { - count = ( - var.create && - var.create_bus && - var.bus_log_config != null && - var.bus_log_config.firehose != null && - var.bus_log_config.firehose.enabled - ) ? 1 : 0 - - delivery_destination_arn = aws_cloudwatch_log_delivery_destination.firehose[0].arn - delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name -} - resource "aws_schemas_discoverer" "this" { count = var.create && var.create_schemas_discoverer ? 1 : 0 diff --git a/variables.tf b/variables.tf index 0146c78..e986b2e 100644 --- a/variables.tf +++ b/variables.tf @@ -118,6 +118,12 @@ variable "create_pipes" { default = true } +variable "create_logging" { + description = "Controls whether EventBridge Logging resources should be created" + type = bool + default = true +} + ####################### variable "region" { @@ -138,30 +144,49 @@ variable "bus_description" { default = null } -variable "bus_log_config" { +variable "logging" { description = "The configuration block for the EventBridge bus logging" type = object({ include_detail = optional(string) level = optional(string) - cloudwatch = optional(object({ - enabled = optional(bool, false) - log_group_arn = optional(string) + cloudwatch_logs = optional(object({ + enabled = optional(bool, false) + name = optional(string) + arn = string + field_delimiter = optional(string) + record_fields = optional(list(string)) })) s3 = optional(object({ - enabled = optional(bool, false) - bucket_arn = optional(string) + enabled = optional(bool, false) + name = optional(string) + arn = string + field_delimiter = optional(string) + record_fields = optional(list(string)) + s3_delivery_configuration = optional(object({ + enable_hive_compatible_path = optional(bool) + suffix_path = optional(string) + })) })) firehose = optional(object({ - enabled = optional(bool, false) - delivery_stream_arn = optional(string) + enabled = optional(bool, false) + name = optional(string) + arn = string + field_delimiter = optional(string) + record_fields = optional(list(string)) })) }) default = null } +variable "log_delivery_source_name" { + description = "Name of log delivery source" + type = string + default = null +} + variable "event_source_name" { description = "The partner event source that the new event bus will be matched with. Must match name." type = string From ca4ccdbe4bc65bf509370ff0894330f3bfc68793 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 4 Oct 2025 13:02:52 +0200 Subject: [PATCH 3/5] Split log_config and log_delivery --- README.md | 9 ++-- examples/with-bus-logging/README.md | 2 + examples/with-bus-logging/main.tf | 52 ++++++++++++++++++++--- main.tf | 32 ++++++++------- outputs.tf | 12 ++++-- variables.tf | 64 ++++++++++++++--------------- 6 files changed, 110 insertions(+), 61 deletions(-) diff --git a/README.md b/README.md index 5d956be..905aa43 100644 --- a/README.md +++ b/README.md @@ -514,7 +514,8 @@ No modules. | [create\_archives](#input\_create\_archives) | Controls whether EventBridge Archive resources should be created | `bool` | `false` | no | | [create\_bus](#input\_create\_bus) | Controls whether EventBridge Bus resource should be created | `bool` | `true` | no | | [create\_connections](#input\_create\_connections) | Controls whether EventBridge Connection resources should be created | `bool` | `false` | no | -| [create\_logging](#input\_create\_logging) | Controls whether EventBridge Logging resources should be created | `bool` | `true` | no | +| [create\_log\_delivery](#input\_create\_log\_delivery) | Controls whether EventBridge log delivery resources should be created | `bool` | `true` | no | +| [create\_log\_delivery\_source](#input\_create\_log\_delivery\_source) | Controls whether EventBridge log delivery source resource should be created | `bool` | `true` | no | | [create\_permissions](#input\_create\_permissions) | Controls whether EventBridge Permission resources should be created | `bool` | `true` | no | | [create\_pipe\_role\_only](#input\_create\_pipe\_role\_only) | Controls whether an IAM role should be created for the pipes only | `bool` | `false` | no | | [create\_pipes](#input\_create\_pipes) | Controls whether EventBridge Pipes resources should be created | `bool` | `true` | no | @@ -532,8 +533,9 @@ No modules. | [kinesis\_target\_arns](#input\_kinesis\_target\_arns) | The Amazon Resource Name (ARN) of the Kinesis Streams you want to use as EventBridge targets | `list(string)` | `[]` | no | | [kms\_key\_identifier](#input\_kms\_key\_identifier) | The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. | `string` | `null` | no | | [lambda\_target\_arns](#input\_lambda\_target\_arns) | The Amazon Resource Name (ARN) of the Lambda Functions you want to use as EventBridge targets | `list(string)` | `[]` | no | +| [log\_config](#input\_log\_config) | The configuration block for the EventBridge bus log config settings | 
object({
    include_detail = string
    level          = string
  })
| `null` | no | +| [log\_delivery](#input\_log\_delivery) | Map of the configuration block for the EventBridge bus log delivery settings (key is the type of log delivery: cloudwatch\_logs, s3, firehose) | 
map(object({
    enabled         = optional(bool, true)
    destination_arn = string
    source_name     = optional(string)
    name            = optional(string)
    output_format   = optional(string)
    field_delimiter = optional(string)
    record_fields   = optional(list(string))
    s3_delivery_configuration = optional(object({
      enable_hive_compatible_path = optional(bool)
      suffix_path                 = optional(string)
    }))
  }))
| `{}` | no | | [log\_delivery\_source\_name](#input\_log\_delivery\_source\_name) | Name of log delivery source | `string` | `null` | no | -| [logging](#input\_logging) | The configuration block for the EventBridge bus logging | 
object({
    include_detail = optional(string)
    level          = optional(string)

    cloudwatch_logs = optional(object({
      enabled         = optional(bool, false)
      name            = optional(string)
      arn             = string
      field_delimiter = optional(string)
      record_fields   = optional(list(string))
    }))

    s3 = optional(object({
      enabled         = optional(bool, false)
      name            = optional(string)
      arn             = string
      field_delimiter = optional(string)
      record_fields   = optional(list(string))
      s3_delivery_configuration = optional(object({
        enable_hive_compatible_path = optional(bool)
        suffix_path                 = optional(string)
      }))
    }))

    firehose = optional(object({
      enabled         = optional(bool, false)
      name            = optional(string)
      arn             = string
      field_delimiter = optional(string)
      record_fields   = optional(list(string))
    }))
  })
| `null` | no | | [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role | `number` | `0` | no | | [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role | `number` | `0` | no | | [permissions](#input\_permissions) | A map of objects with EventBridge Permission definitions. | `map(any)` | `{}` | no | @@ -579,7 +581,8 @@ No modules. | [eventbridge\_connection\_ids](#output\_eventbridge\_connection\_ids) | The EventBridge Connection IDs | | [eventbridge\_connections](#output\_eventbridge\_connections) | The EventBridge Connections created and their attributes | | [eventbridge\_iam\_roles](#output\_eventbridge\_iam\_roles) | The EventBridge IAM roles created and their attributes | -| [eventbridge\_log\_delivery\_source](#output\_eventbridge\_log\_delivery\_source) | The EventBridge Bus CloudWatch Log Delivery Source created and their attributes | +| [eventbridge\_log\_delivery\_source\_arn](#output\_eventbridge\_log\_delivery\_source\_arn) | The EventBridge Bus CloudWatch Log Delivery Source ARN | +| [eventbridge\_log\_delivery\_source\_name](#output\_eventbridge\_log\_delivery\_source\_name) | The EventBridge Bus CloudWatch Log Delivery Source Name | | [eventbridge\_permission\_ids](#output\_eventbridge\_permission\_ids) | The EventBridge Permission IDs | | [eventbridge\_permissions](#output\_eventbridge\_permissions) | The EventBridge Permissions created and their attributes | | [eventbridge\_pipe\_arns](#output\_eventbridge\_pipe\_arns) | The EventBridge Pipes ARNs | diff --git a/examples/with-bus-logging/README.md b/examples/with-bus-logging/README.md index 2803c71..b79e0b5 100644 --- a/examples/with-bus-logging/README.md +++ b/examples/with-bus-logging/README.md @@ -33,6 +33,8 @@ $ terraform apply |------|--------|---------| | [cloudwatch\_log\_group](#module\_cloudwatch\_log\_group) | terraform-aws-modules/cloudwatch/aws//modules/log-group | ~> 5.0 | | [eventbridge](#module\_eventbridge) | ../../ | n/a | +| [eventbridge\_external](#module\_eventbridge\_external) | ../../ | n/a | +| [eventbridge\_log\_delivery\_only](#module\_eventbridge\_log\_delivery\_only) | ../../ | n/a | | [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | ## Resources diff --git a/examples/with-bus-logging/main.tf b/examples/with-bus-logging/main.tf index 8bfc8df..4643cc8 100644 --- a/examples/with-bus-logging/main.tf +++ b/examples/with-bus-logging/main.tf @@ -16,18 +16,57 @@ module "eventbridge" { bus_name = random_pet.this.id - logging = { + log_config = { include_detail = "FULL" level = "INFO" + } + + log_delivery = { + cloudwatch_logs = { + destination_arn = module.cloudwatch_log_group.cloudwatch_log_group_arn + } + s3 = { + destination_arn = module.s3_bucket.s3_bucket_arn + } + } +} + +# External EventBridge bus with log delivery attached to the bus +module "eventbridge_external" { + source = "../../" + + create_bus = true + + bus_name = "${random_pet.this.id}-external-bus" + + log_config = { + include_detail = "FULL" + level = "TRACE" + } +} + +module "eventbridge_log_delivery_only" { + source = "../../" + + create_bus = false + create_role = false + + bus_name = module.eventbridge_external.eventbridge_bus_name + + create_log_delivery_source = false + + log_delivery = { cloudwatch_logs = { - enabled = true - arn = module.cloudwatch_log_group.cloudwatch_log_group_arn + destination_arn = module.cloudwatch_log_group.cloudwatch_log_group_arn + source_name = module.eventbridge_external.eventbridge_log_delivery_source_name } s3 = { - enabled = true - arn = module.s3_bucket.s3_bucket_arn + destination_arn = module.s3_bucket.s3_bucket_arn + source_name = module.eventbridge_external.eventbridge_log_delivery_source_name } } + + depends_on = [module.eventbridge_external] } ################# @@ -99,7 +138,8 @@ data "aws_iam_policy_document" "bucket_policy" { test = "ArnLike" variable = "aws:SourceArn" values = [ - module.eventbridge.eventbridge_log_delivery_source[0].arn + module.eventbridge.eventbridge_log_delivery_source_arn, + module.eventbridge_external.eventbridge_log_delivery_source_arn ] } } diff --git a/main.tf b/main.tf index f1899f5..557a31b 100644 --- a/main.tf +++ b/main.tf @@ -54,7 +54,7 @@ locals { }) ]) - create_logging = var.create && var.create_bus && var.create_logging && var.logging != null + create_log_delivery = var.create && var.create_log_delivery } data "aws_cloudwatch_event_bus" "this" { @@ -75,16 +75,18 @@ resource "aws_cloudwatch_event_bus" "this" { dynamic "dead_letter_config" { for_each = length(var.dead_letter_config) > 0 ? [var.dead_letter_config] : [] + content { arn = try(dead_letter_config.value.arn, null) } } dynamic "log_config" { - for_each = var.logging != null ? [var.logging] : [] + for_each = var.log_config != null ? [var.log_config] : [] + content { - include_detail = log_config.value.include_detail - level = log_config.value.level + include_detail = try(log_config.value.include_detail, null) + level = try(upper(log_config.value.level), null) } } @@ -92,49 +94,49 @@ resource "aws_cloudwatch_event_bus" "this" { } resource "aws_cloudwatch_log_delivery_source" "this" { - count = local.create_logging ? 1 : 0 + count = local.create_log_delivery && var.create_log_delivery_source ? 1 : 0 region = var.region name = coalesce(var.log_delivery_source_name, var.bus_name) - log_type = "${upper(var.logging.level)}_LOGS" - resource_arn = aws_cloudwatch_event_bus.this[0].arn + log_type = format("%s_LOGS", try(contains(["INFO", "ERROR", "TRACE"], upper(var.log_config.level)), false) ? upper(var.log_config.level) : "ERROR") + resource_arn = var.create_bus ? aws_cloudwatch_event_bus.this[0].arn : data.aws_cloudwatch_event_bus.this[0].arn tags = var.tags } resource "aws_cloudwatch_log_delivery_destination" "this" { - for_each = { for k, v in var.logging : k => v if(local.create_logging && contains(["s3", "cloudwatch_logs", "firehose"], k) && try(v.enabled, true) && v != null) } + for_each = { for k, v in var.log_delivery : k => v if(local.create_log_delivery && try(v.enabled, true)) } region = var.region name = coalesce(each.value.name, "${var.bus_name}-${each.key}") - output_format = try(each.value.output_format, null) + output_format = each.value.output_format delivery_destination_configuration { - destination_resource_arn = each.value.arn + destination_resource_arn = each.value.destination_arn } tags = var.tags } resource "aws_cloudwatch_log_delivery" "this" { - for_each = { for k, v in var.logging : k => v if(local.create_logging && contains(["s3", "cloudwatch_logs", "firehose"], k) && try(v.enabled, true) && v != null) } + for_each = { for k, v in var.log_delivery : k => v if(local.create_log_delivery && try(v.enabled, true)) } region = var.region - delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name + delivery_source_name = var.create_log_delivery_source ? aws_cloudwatch_log_delivery_source.this[0].name : each.value.source_name delivery_destination_arn = aws_cloudwatch_log_delivery_destination.this[each.key].arn field_delimiter = each.value.field_delimiter record_fields = each.value.record_fields dynamic "s3_delivery_configuration" { - for_each = try(each.value.s3_delivery_configuration, null) != null ? [true] : [] + for_each = each.value.s3_delivery_configuration != null ? [each.value.s3_delivery_configuration] : [] content { - enable_hive_compatible_path = each.value.s3_delivery_configuration.enable_hive_compatible_path - suffix_path = each.value.s3_delivery_configuration.suffix_path + enable_hive_compatible_path = s3_delivery_configuration.value.enable_hive_compatible_path + suffix_path = s3_delivery_configuration.value.suffix_path } } diff --git a/outputs.tf b/outputs.tf index da9b687..0246b0b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -161,9 +161,15 @@ output "eventbridge_pipes" { value = aws_pipes_pipe.this } -output "eventbridge_log_delivery_source" { - description = "The EventBridge Bus CloudWatch Log Delivery Source created and their attributes" - value = aws_cloudwatch_log_delivery_source.this +# EventBridge Log Delivery Source +output "eventbridge_log_delivery_source_arn" { + description = "The EventBridge Bus CloudWatch Log Delivery Source ARN" + value = try(aws_cloudwatch_log_delivery_source.this[0].arn, "") +} + +output "eventbridge_log_delivery_source_name" { + description = "The EventBridge Bus CloudWatch Log Delivery Source Name" + value = try(aws_cloudwatch_log_delivery_source.this[0].name, "") } # IAM Roles diff --git a/variables.tf b/variables.tf index e986b2e..fa86a99 100644 --- a/variables.tf +++ b/variables.tf @@ -118,8 +118,14 @@ variable "create_pipes" { default = true } -variable "create_logging" { - description = "Controls whether EventBridge Logging resources should be created" +variable "create_log_delivery_source" { + description = "Controls whether EventBridge log delivery source resource should be created" + type = bool + default = true +} + +variable "create_log_delivery" { + description = "Controls whether EventBridge log delivery resources should be created" type = bool default = true } @@ -144,43 +150,33 @@ variable "bus_description" { default = null } -variable "logging" { - description = "The configuration block for the EventBridge bus logging" +variable "log_config" { + description = "The configuration block for the EventBridge bus log config settings" type = object({ - include_detail = optional(string) - level = optional(string) - - cloudwatch_logs = optional(object({ - enabled = optional(bool, false) - name = optional(string) - arn = string - field_delimiter = optional(string) - record_fields = optional(list(string)) - })) - - s3 = optional(object({ - enabled = optional(bool, false) - name = optional(string) - arn = string - field_delimiter = optional(string) - record_fields = optional(list(string)) - s3_delivery_configuration = optional(object({ - enable_hive_compatible_path = optional(bool) - suffix_path = optional(string) - })) - })) - - firehose = optional(object({ - enabled = optional(bool, false) - name = optional(string) - arn = string - field_delimiter = optional(string) - record_fields = optional(list(string)) - })) + include_detail = string + level = string }) default = null } +variable "log_delivery" { + description = "Map of the configuration block for the EventBridge bus log delivery settings (key is the type of log delivery: cloudwatch_logs, s3, firehose)" + type = map(object({ + enabled = optional(bool, true) + destination_arn = string + source_name = optional(string) + name = optional(string) + output_format = optional(string) + field_delimiter = optional(string) + record_fields = optional(list(string)) + s3_delivery_configuration = optional(object({ + enable_hive_compatible_path = optional(bool) + suffix_path = optional(string) + })) + })) + default = {} +} + variable "log_delivery_source_name" { description = "Name of log delivery source" type = string From 8c46e20d8cf04dd05233620f2c9f296b72350c6e Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 4 Oct 2025 13:19:04 +0200 Subject: [PATCH 4/5] Fixed docs and log_config (required) --- README.md | 14 ++++++++------ examples/with-bus-logging/main.tf | 2 +- main.tf | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 905aa43..080e2c6 100644 --- a/README.md +++ b/README.md @@ -22,16 +22,17 @@ module "eventbridge" { bus_name = "my-bus" - logging = { + log_config = { include_detail = "FULL" level = "INFO" + } + + log_delivery = { cloudwatch_logs = { - enabled = true - arn = "arn:aws:logs:us-east-1:123456789012:log-group:my-log-group" + destination_arn = "arn:aws:logs:us-east-1:123456789012:log-group:my-log-group" } s3 = { - enabled = true - arn = "arn:aws:s3:::my-log-bucket" + destination_arn = "arn:aws:s3:::my-log-bucket" } } @@ -360,7 +361,8 @@ module "eventbridge" { create_schedule_groups = false # to control creation of EventBridge Schedule Group resources create_schedules = false # to control creation of EventBridge Schedule resources create_pipes = false # to control creation of EventBridge Pipes resources - create_logging = false # to control creation of EventBridge Logging resources + create_log_delivery_source = false # to control creation of EventBridge Log Delivery Source resources + create_log_delivery = false # to control creation of EventBridge Log Delivery resources attach_cloudwatch_policy = false attach_ecs_policy = false diff --git a/examples/with-bus-logging/main.tf b/examples/with-bus-logging/main.tf index 4643cc8..e828d4b 100644 --- a/examples/with-bus-logging/main.tf +++ b/examples/with-bus-logging/main.tf @@ -17,7 +17,7 @@ module "eventbridge" { bus_name = random_pet.this.id log_config = { - include_detail = "FULL" + include_detail = "NONE" level = "INFO" } diff --git a/main.tf b/main.tf index 557a31b..5bccc50 100644 --- a/main.tf +++ b/main.tf @@ -99,7 +99,7 @@ resource "aws_cloudwatch_log_delivery_source" "this" { region = var.region name = coalesce(var.log_delivery_source_name, var.bus_name) - log_type = format("%s_LOGS", try(contains(["INFO", "ERROR", "TRACE"], upper(var.log_config.level)), false) ? upper(var.log_config.level) : "ERROR") + log_type = try(format("%s_LOGS", contains(["INFO", "ERROR", "TRACE"], upper(var.log_config.level)) ? upper(var.log_config.level) : "ERROR"), "ERROR_LOGS") resource_arn = var.create_bus ? aws_cloudwatch_event_bus.this[0].arn : data.aws_cloudwatch_event_bus.this[0].arn tags = var.tags From 3b85b40b8075ee16402738e66c471f1b449d954f Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 4 Oct 2025 13:46:44 +0200 Subject: [PATCH 5/5] Fixed examples (ECS related) --- examples/complete/README.md | 9 +- examples/complete/main.tf | 151 ++++++++----------------- examples/complete/outputs.tf | 1 + examples/with-ecs-scheduling/README.md | 2 +- examples/with-ecs-scheduling/main.tf | 13 +-- 5 files changed, 56 insertions(+), 120 deletions(-) diff --git a/examples/complete/README.md b/examples/complete/README.md index 094db9a..2fc4a81 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -38,7 +38,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [bucket](#module\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | | [disabled](#module\_disabled) | ../../ | n/a | -| [ecs](#module\_ecs) | terraform-aws-modules/ecs/aws | ~> 3.0 | +| [ecs](#module\_ecs) | terraform-aws-modules/ecs/aws | ~> 6.0 | | [eventbridge](#module\_eventbridge) | ../../ | n/a | | [lambda](#module\_lambda) | terraform-aws-modules/lambda/aws | ~> 8.0 | | [sns](#module\_sns) | terraform-aws-modules/sns/aws | ~> 6.0 | @@ -50,8 +50,6 @@ Note that this example may create resources which cost money. Run `terraform des |------|------| | [aws_cloudtrail.trail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource | | [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | -| [aws_ecs_service.hello_world](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | -| [aws_ecs_task_definition.hello_world](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource | | [aws_kinesis_stream.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_stream) | resource | | [aws_sqs_queue.dlq](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | | [aws_sqs_queue.fifo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | @@ -59,10 +57,9 @@ Note that this example may create resources which cost money. Run `terraform des | [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource | | [null_resource.download_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_subnets.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | +| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | ## Inputs diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 8eff736..8fac152 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -38,7 +38,7 @@ module "eventbridge" { append_rule_postfix = false attach_ecs_policy = true - ecs_target_arns = [aws_ecs_task_definition.hello_world.arn] + ecs_target_arns = [module.ecs.services.hello-world.task_definition_arn] rules = { orders = { @@ -114,11 +114,11 @@ module "eventbridge" { }, { name = "process-email-with-ecs-task", - arn = module.ecs.ecs_cluster_arn, + arn = module.ecs.cluster_arn, attach_role_arn = true ecs_target = { task_count = 1 - task_definition_arn = aws_ecs_task_definition.hello_world.arn + task_definition_arn = module.ecs.services.hello-world.task_definition_arn } } ] @@ -229,6 +229,19 @@ locals { EOF } } +############################################################# +# Data sources to get VPC and default security group details +############################################################# +data "aws_vpc" "default" { + default = true +} + +data "aws_subnets" "default" { + filter { + name = "vpc-id" + values = [data.aws_vpc.default.id] + } +} ################## # Extra resources @@ -314,37 +327,36 @@ module "step_function" { module "ecs" { source = "terraform-aws-modules/ecs/aws" - version = "~> 3.0" - - name = random_pet.this.id - - capacity_providers = ["FARGATE", "FARGATE_SPOT"] -} - -resource "aws_ecs_service" "hello_world" { - name = "hello_world-${random_pet.this.id}" - cluster = module.ecs.ecs_cluster_id - task_definition = aws_ecs_task_definition.hello_world.arn - - desired_count = 1 + version = "~> 6.0" - deployment_maximum_percent = 100 - deployment_minimum_healthy_percent = 0 -} + cluster_name = random_pet.this.id -resource "aws_ecs_task_definition" "hello_world" { - family = "hello_world-${random_pet.this.id}" + default_capacity_provider_strategy = { + FARGATE = { + weight = 100 + base = 20 + } + FARGATE_SPOT = { + weight = 100 + } + } - container_definitions = < [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws | ~> 5.0 | +| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws | ~> 6.0 | | [eventbridge](#module\_eventbridge) | ../../ | n/a | ## Resources diff --git a/examples/with-ecs-scheduling/main.tf b/examples/with-ecs-scheduling/main.tf index 011e347..2d01a79 100644 --- a/examples/with-ecs-scheduling/main.tf +++ b/examples/with-ecs-scheduling/main.tf @@ -106,20 +106,17 @@ module "eventbridge" { module "ecs_cluster" { source = "terraform-aws-modules/ecs/aws" - version = "~> 5.0" + version = "~> 6.0" cluster_name = random_pet.this.id - fargate_capacity_providers = { + default_capacity_provider_strategy = { FARGATE = { - default_capacity_provider_strategy = { - weight = 100 - } + weight = 100 + base = 20 } FARGATE_SPOT = { - default_capacity_provider_strategy = { - weight = 100 - } + weight = 100 } }