From ee4ece22655bbfd0a2b1a3854d26a6c64a1bd30e Mon Sep 17 00:00:00 2001 From: Tiago Vieira Date: Thu, 28 Aug 2025 22:50:46 +0100 Subject: [PATCH] feat: Add EventBridge bus logging configuration --- README.md | 13 +- examples/api-gateway-event-source/README.md | 4 +- examples/api-gateway-event-source/versions.tf | 2 +- examples/complete/README.md | 4 +- examples/complete/versions.tf | 2 +- examples/default-bus/README.md | 4 +- examples/default-bus/versions.tf | 2 +- examples/with-api-destination/README.md | 4 +- examples/with-api-destination/versions.tf | 2 +- examples/with-archive/README.md | 7 +- examples/with-archive/versions.tf | 2 +- examples/with-bus-logging/README.md | 54 +++++++ examples/with-bus-logging/main.tf | 137 ++++++++++++++++++ examples/with-bus-logging/outputs.tf | 0 examples/with-bus-logging/variables.tf | 0 examples/with-bus-logging/versions.tf | 14 ++ examples/with-ecs-scheduling/README.md | 4 +- examples/with-ecs-scheduling/versions.tf | 2 +- examples/with-lambda-scheduling/README.md | 2 +- examples/with-lambda-scheduling/versions.tf | 2 +- examples/with-permissions/README.md | 4 +- examples/with-permissions/versions.tf | 2 +- examples/with-pipes/README.md | 4 +- examples/with-pipes/versions.tf | 2 +- examples/with-schedules/README.md | 4 +- examples/with-schedules/versions.tf | 2 +- main.tf | 114 +++++++++++++++ outputs.tf | 5 + variables.tf | 24 +++ versions.tf | 2 +- 30 files changed, 392 insertions(+), 32 deletions(-) create mode 100644 examples/with-bus-logging/README.md create mode 100644 examples/with-bus-logging/main.tf create mode 100644 examples/with-bus-logging/outputs.tf create mode 100644 examples/with-bus-logging/variables.tf create mode 100644 examples/with-bus-logging/versions.tf diff --git a/README.md b/README.md index dd1e178..ffd5667 100644 --- a/README.md +++ b/README.md @@ -382,13 +382,13 @@ module "eventbridge" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | ## Modules @@ -405,6 +405,13 @@ No modules. | [aws_cloudwatch_event_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_permission) | resource | | [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [aws_cloudwatch_log_delivery.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | +| [aws_cloudwatch_log_delivery.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | +| [aws_cloudwatch_log_delivery.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource | +| [aws_cloudwatch_log_delivery_destination.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | +| [aws_cloudwatch_log_delivery_destination.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | +| [aws_cloudwatch_log_delivery_destination.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource | +| [aws_cloudwatch_log_delivery_source.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_source) | resource | | [aws_iam_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | @@ -488,6 +495,7 @@ No modules. | [attach\_sqs\_policy](#input\_attach\_sqs\_policy) | Controls whether the SQS policy should be added to IAM role for EventBridge Target | `bool` | `false` | no | | [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for EventBridge | `bool` | `false` | no | | [bus\_description](#input\_bus\_description) | Event bus description | `string` | `null` | no | +| [bus\_log\_config](#input\_bus\_log\_config) | The configuration block for the EventBridge bus logging | 
object({
    include_detail = optional(string)
    level          = optional(string)

    cloudwatch = optional(object({
      enabled       = optional(bool, false)
      log_group_arn = optional(string)
    }))

    s3 = optional(object({
      enabled    = optional(bool, false)
      bucket_arn = optional(string)
    }))

    firehose = optional(object({
      enabled             = optional(bool, false)
      delivery_stream_arn = optional(string)
    }))
  })
| `null` | no | | [bus\_name](#input\_bus\_name) | A unique name for your EventBridge Bus | `string` | `"default"` | no | | [cloudwatch\_target\_arns](#input\_cloudwatch\_target\_arns) | The Amazon Resource Name (ARN) of the Cloudwatch Log Streams you want to use as EventBridge targets | `list(string)` | `[]` | no | | [connections](#input\_connections) | A map of objects with EventBridge Connection definitions. | `any` | `{}` | no | @@ -558,6 +566,7 @@ No modules. | [eventbridge\_connection\_ids](#output\_eventbridge\_connection\_ids) | The EventBridge Connection IDs | | [eventbridge\_connections](#output\_eventbridge\_connections) | The EventBridge Connections created and their attributes | | [eventbridge\_iam\_roles](#output\_eventbridge\_iam\_roles) | The EventBridge IAM roles created and their attributes | +| [eventbridge\_log\_delivery\_source](#output\_eventbridge\_log\_delivery\_source) | The EventBridge Bus CloudWatch Log Delivery Source created and their attributes | | [eventbridge\_permission\_ids](#output\_eventbridge\_permission\_ids) | The EventBridge Permission IDs | | [eventbridge\_permissions](#output\_eventbridge\_permissions) | The EventBridge Permissions created and their attributes | | [eventbridge\_pipe\_arns](#output\_eventbridge\_pipe\_arns) | The EventBridge Pipes ARNs | diff --git a/examples/api-gateway-event-source/README.md b/examples/api-gateway-event-source/README.md index 0d788a9..9c0300f 100644 --- a/examples/api-gateway-event-source/README.md +++ b/examples/api-gateway-event-source/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/api-gateway-event-source/versions.tf b/examples/api-gateway-event-source/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/api-gateway-event-source/versions.tf +++ b/examples/api-gateway-event-source/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/complete/README.md b/examples/complete/README.md index 5995298..094db9a 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 3.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [null](#provider\_null) | >= 2.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index b54c439..cb0c2fc 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/default-bus/README.md b/examples/default-bus/README.md index aa5dc0c..e2d397b 100644 --- a/examples/default-bus/README.md +++ b/examples/default-bus/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/default-bus/versions.tf b/examples/default-bus/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/default-bus/versions.tf +++ b/examples/default-bus/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-api-destination/README.md b/examples/with-api-destination/README.md index 28c0a9d..00cd3bf 100644 --- a/examples/with-api-destination/README.md +++ b/examples/with-api-destination/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/with-api-destination/versions.tf b/examples/with-api-destination/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/with-api-destination/versions.tf +++ b/examples/with-api-destination/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-archive/README.md b/examples/with-archive/README.md index 00840dd..7710410 100644 --- a/examples/with-archive/README.md +++ b/examples/with-archive/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules @@ -36,6 +36,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [eventbridge](#module\_eventbridge) | ../../ | n/a | | [eventbridge\_archive\_only](#module\_eventbridge\_archive\_only) | ../../ | n/a | +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 | ## Resources @@ -43,6 +44,8 @@ Note that this example may create resources which cost money. Run `terraform des |------|------| | [aws_cloudwatch_event_bus.existing_bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/examples/with-archive/versions.tf b/examples/with-archive/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/with-archive/versions.tf +++ b/examples/with-archive/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-bus-logging/README.md b/examples/with-bus-logging/README.md new file mode 100644 index 0000000..4091c88 --- /dev/null +++ b/examples/with-bus-logging/README.md @@ -0,0 +1,54 @@ +# EventBridge with Bus Logging Example + + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.6 | +| [random](#requirement\_random) | >= 3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 6.6 | +| [random](#provider\_random) | >= 3.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cloudwatch\_log\_group](#module\_cloudwatch\_log\_group) | terraform-aws-modules/cloudwatch/aws//modules/log-group | ~> 3.0 | +| [eventbridge](#module\_eventbridge) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 | + +## Resources + +| Name | Type | +|------|------| +| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | + +## Inputs + +No inputs. + +## Outputs + +No outputs. + diff --git a/examples/with-bus-logging/main.tf b/examples/with-bus-logging/main.tf new file mode 100644 index 0000000..79b73cf --- /dev/null +++ b/examples/with-bus-logging/main.tf @@ -0,0 +1,137 @@ +provider "aws" { + region = "eu-west-1" + + # Make it faster by skipping something + skip_metadata_api_check = true + skip_region_validation = true + skip_credentials_validation = true +} + +data "aws_caller_identity" "current" {} + +module "eventbridge" { + source = "../../" + + create_bus = true + + bus_name = "${random_pet.this.id}-bus" + bus_log_config = { + include_detail = "FULL" + level = "INFO" + cloudwatch = { + enabled = true + log_group_arn = module.cloudwatch_log_group.cloudwatch_log_group_arn + } + s3 = { + enabled = true + bucket_arn = module.s3_bucket.s3_bucket_arn + } + } +} + +################# +# Extra resources +################# + +resource "random_pet" "this" { + length = 2 +} + +###################### +# CloudWatch Log Group +###################### +module "cloudwatch_log_group" { + source = "terraform-aws-modules/cloudwatch/aws//modules/log-group" + version = "~> 3.0" + + name = "/aws/vendedlogs/events/event-bus/${random_pet.this.id}-bus" + retention_in_days = 14 +} + +data "aws_iam_policy_document" "cwlogs" { + statement { + effect = "Allow" + principals { + type = "Service" + identifiers = ["delivery.logs.amazonaws.com"] + } + actions = [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ] + resources = [ + "${module.cloudwatch_log_group.arn}:log-stream:*" + ] + condition { + test = "StringEquals" + variable = "aws:SourceAccount" + values = [data.aws_caller_identity.current.account_id] + } + condition { + test = "ArnLike" + variable = "aws:SourceArn" + values = [ + module.eventbridge.eventbridge_log_delivery_source.arn + ] + } + } +} + +#### +# S3 +#### +module "s3_bucket" { + source = "terraform-aws-modules/s3-bucket/aws" + version = "~> 5.0" + + bucket = "${random_pet.this.id}-eventbridge-bus-logs-bucket" + attach_policy = true + policy = data.aws_iam_policy_document.bucket_policy.json + + acl = "private" + + control_object_ownership = true + object_ownership = "ObjectWriter" + + versioning = { + enabled = true + } +} + +data "aws_iam_policy_document" "bucket_policy" { + statement { + effect = "Allow" + principals { + type = "Service" + identifiers = ["delivery.logs.amazonaws.com"] + } + actions = [ + "s3:PutObject" + ] + resources = [ + "${module.s3_bucket.s3_bucket_arn}/AWSLogs/${data.aws_caller_identity.current.account_id}/EventBusLogs/*" + ] + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + values = ["bucket-owner-full-control"] + } + condition { + test = "StringEquals" + variable = "aws:SourceAccount" + values = [data.aws_caller_identity.current.account_id] + } + condition { + test = "ArnLike" + variable = "aws:SourceArn" + values = [ + module.eventbridge.eventbridge_log_delivery_source.arn + ] + } + } +} + +# +# Kinesis Fire +# + diff --git a/examples/with-bus-logging/outputs.tf b/examples/with-bus-logging/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/with-bus-logging/variables.tf b/examples/with-bus-logging/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/with-bus-logging/versions.tf b/examples/with-bus-logging/versions.tf new file mode 100644 index 0000000..a8d1901 --- /dev/null +++ b/examples/with-bus-logging/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.5.7" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 6.6" + } + random = { + source = "hashicorp/random" + version = ">= 3.0" + } + } +} diff --git a/examples/with-ecs-scheduling/README.md b/examples/with-ecs-scheduling/README.md index 6bfc101..b01cc6a 100644 --- a/examples/with-ecs-scheduling/README.md +++ b/examples/with-ecs-scheduling/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/with-ecs-scheduling/versions.tf b/examples/with-ecs-scheduling/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/with-ecs-scheduling/versions.tf +++ b/examples/with-ecs-scheduling/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-lambda-scheduling/README.md b/examples/with-lambda-scheduling/README.md index e1f70e4..1352eb2 100644 --- a/examples/with-lambda-scheduling/README.md +++ b/examples/with-lambda-scheduling/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 3.0 | diff --git a/examples/with-lambda-scheduling/versions.tf b/examples/with-lambda-scheduling/versions.tf index b54c439..cb0c2fc 100644 --- a/examples/with-lambda-scheduling/versions.tf +++ b/examples/with-lambda-scheduling/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-permissions/README.md b/examples/with-permissions/README.md index 3ceb3a0..ac2852a 100644 --- a/examples/with-permissions/README.md +++ b/examples/with-permissions/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [random](#requirement\_random) | >= 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [random](#provider\_random) | >= 3.0 | ## Modules diff --git a/examples/with-permissions/versions.tf b/examples/with-permissions/versions.tf index 3fe2eaf..a8d1901 100644 --- a/examples/with-permissions/versions.tf +++ b/examples/with-permissions/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-pipes/README.md b/examples/with-pipes/README.md index b8c1b42..fdc1604 100644 --- a/examples/with-pipes/README.md +++ b/examples/with-pipes/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 3.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [null](#provider\_null) | >= 2.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/with-pipes/versions.tf b/examples/with-pipes/versions.tf index b54c439..cb0c2fc 100644 --- a/examples/with-pipes/versions.tf +++ b/examples/with-pipes/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/examples/with-schedules/README.md b/examples/with-schedules/README.md index de1cf6e..de0b349 100644 --- a/examples/with-schedules/README.md +++ b/examples/with-schedules/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.7 | -| [aws](#requirement\_aws) | >= 6.0 | +| [aws](#requirement\_aws) | >= 6.6 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 3.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 6.0 | +| [aws](#provider\_aws) | >= 6.6 | | [null](#provider\_null) | >= 2.0 | | [random](#provider\_random) | >= 3.0 | diff --git a/examples/with-schedules/versions.tf b/examples/with-schedules/versions.tf index b54c439..cb0c2fc 100644 --- a/examples/with-schedules/versions.tf +++ b/examples/with-schedules/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.0" + version = ">= 6.6" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index 55634ed..c952ea8 100644 --- a/main.tf +++ b/main.tf @@ -53,6 +53,7 @@ locals { "Name" = var.append_pipe_postfix ? "${replace(index, "_", "-")}-pipe" : index }) ]) + enabled_bus_log_type = var.bus_log_config != null ? "${upper(var.bus_log_config.level)}_LOGS" : null } data "aws_cloudwatch_event_bus" "this" { @@ -78,9 +79,122 @@ resource "aws_cloudwatch_event_bus" "this" { } } + dynamic "log_config" { + for_each = var.bus_log_config != null ? [var.bus_log_config] : [] + content { + include_detail = log_config.value.include_detail + level = log_config.value.level + } + } + + tags = var.tags +} + +resource "aws_cloudwatch_log_delivery_source" "this" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null + ) ? 1 : 0 + + name = "EventBusSource-${var.bus_name}-${local.enabled_bus_log_type}" + log_type = local.enabled_bus_log_type + resource_arn = aws_cloudwatch_event_bus.this[0].arn +} + +resource "aws_cloudwatch_log_delivery_destination" "cwlogs" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.cloudwatch != null && + var.bus_log_config.cloudwatch.enabled + ) ? 1 : 0 + + name = "EventsDeliveryDestination-${var.bus_name}-CWLogs" + + delivery_destination_configuration { + destination_resource_arn = var.bus_log_config.cloudwatch.log_group_arn + } + + tags = var.tags +} + +resource "aws_cloudwatch_log_delivery" "cwlogs" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.cloudwatch != null && + var.bus_log_config.cloudwatch.enabled + ) ? 1 : 0 + + delivery_destination_arn = aws_cloudwatch_log_delivery_destination.cwlogs[0].arn + delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name +} + +resource "aws_cloudwatch_log_delivery_destination" "s3" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.s3 != null && + var.bus_log_config.s3.enabled + ) ? 1 : 0 + + name = "EventsDeliveryDestination-${var.bus_name}-S3" + + delivery_destination_configuration { + destination_resource_arn = var.bus_log_config.s3.bucket_arn + } + tags = var.tags } +resource "aws_cloudwatch_log_delivery" "s3" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.s3 != null && + var.bus_log_config.s3.enabled + ) ? 1 : 0 + + delivery_destination_arn = aws_cloudwatch_log_delivery_destination.s3[0].arn + delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name +} + +resource "aws_cloudwatch_log_delivery_destination" "firehose" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.firehose != null && + var.bus_log_config.firehose.enabled + ) ? 1 : 0 + + name = "EventsDeliveryDestination-${var.bus_name}-Firehose" + + delivery_destination_configuration { + destination_resource_arn = var.bus_log_config.firehose.delivery_stream_arn + } + + tags = var.tags +} + +resource "aws_cloudwatch_log_delivery" "firehose" { + count = ( + var.create && + var.create_bus && + var.bus_log_config != null && + var.bus_log_config.firehose != null && + var.bus_log_config.firehose.enabled + ) ? 1 : 0 + + delivery_destination_arn = aws_cloudwatch_log_delivery_destination.firehose[0].arn + delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name +} + resource "aws_schemas_discoverer" "this" { count = var.create && var.create_schemas_discoverer ? 1 : 0 diff --git a/outputs.tf b/outputs.tf index 97e2b66..da9b687 100644 --- a/outputs.tf +++ b/outputs.tf @@ -161,6 +161,11 @@ output "eventbridge_pipes" { value = aws_pipes_pipe.this } +output "eventbridge_log_delivery_source" { + description = "The EventBridge Bus CloudWatch Log Delivery Source created and their attributes" + value = aws_cloudwatch_log_delivery_source.this +} + # IAM Roles output "eventbridge_pipes_iam_roles" { description = "The EventBridge Pipes IAM roles created and their attributes" diff --git a/variables.tf b/variables.tf index 445a993..0146c78 100644 --- a/variables.tf +++ b/variables.tf @@ -138,6 +138,30 @@ variable "bus_description" { default = null } +variable "bus_log_config" { + description = "The configuration block for the EventBridge bus logging" + type = object({ + include_detail = optional(string) + level = optional(string) + + cloudwatch = optional(object({ + enabled = optional(bool, false) + log_group_arn = optional(string) + })) + + s3 = optional(object({ + enabled = optional(bool, false) + bucket_arn = optional(string) + })) + + firehose = optional(object({ + enabled = optional(bool, false) + delivery_stream_arn = optional(string) + })) + }) + default = null +} + variable "event_source_name" { description = "The partner event source that the new event bus will be matched with. Must match name." type = string diff --git a/versions.tf b/versions.tf index 0d66b2d..36ee0bc 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 6.2" + version = ">= 6.6" } } }