[Enhancement]: aws_cloudwatch_event_connection: add auth_parameters.connectivity_parameters argument

[jschilperoord]

Terraform Core Version

1.9.8

AWS Provider Version

5.85.0

Affected Resource(s)

aws_cloudwatch_event_connection

Expected Behavior

The aws_cloudwatch_event_connection resource should also have a connectivity_parameters block inside the auth_parameters block to support VPC Lattice on the auth connection as well

Actual Behavior

The documentation doesn't include it and the resource doesn't seem to support the connectivity_parameters or auth_connectivity_parameters inside auth_parameters

Relevant Error/Panic Output Snippet

Blocks of type "connectivity_parameters" are not expected here

Terraform Configuration Files

resource "aws_cloudwatch_event_connection" "default" {
  name               = "connection"
  description        = "The connection description"
  authorization_type = "OAUTH_CLIENT_CREDENTIALS"
  invocation_connectivity_parameters {
    resource_parameters {
      resource_configuration_arn = "arn:aws:vpc-lattice:us-east-1:12345678910:resourceconfiguration/rcfg-12345678910"
    }
  }
  auth_parameters {
    connectivity_parameters {
      resource_parameters {
        resource_configuration_arn = "arn:aws:vpc-lattice:us-east-1:12345678910:resourceconfiguration/rcfg-12345678910"
      }
    }
    oauth {
      authorization_endpoint = "https://some-authorization-endpoint.com"
      http_method            = "POST"
      client_parameters {
        client_id     = "12345678910"
        client_secret = "12345678910"
      }

      oauth_http_parameters {
        body {
            key = "grant_type" 
            value = "client_credentials"
        }
        header {
          key = "Content-Type"
          value = "application/x-www-form-urlencoded"
        }
      }
    }
  }
}

Steps to Reproduce

Try to plan / apply the above snippet

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @jschilperoord 👋 Thank you for taking the time to raise this! This looks similar to #40384, which was addressed by #41144 (released in v5.85.0) with the introduction of the invocation_connectivity_parameters argument.

Can you review that information and let me know if it covers your use case?

[jschilperoord]

Hi @justinretzolk! All that you mention is completely true 👍 And the implementation has been working fine for the invocation part. There is a separate configuration though to use VPC lattice with the OAUTH authentication, as far as I can see this implementation is not there or the documentation doesn't mention it

[justinretzolk]

Ah! I see what you're saying now @jschilperoord, thanks for the correction here! As a heads up, we consider adding additional functionality to existing resources as an enhancement rather than a bug. With that in mind, I'm going to adjust the issue title and labels slightly. No further action is needed on your side at this point, I just like to communicate before I make these kinds of adjustments. Thanks again for taking the time to raise this!

For whoever picks this up:

• CreateConnection: ConnectivityParameters
• ConnectivityResourceParameters