AWS EventBridge Terraform module
Terraform module to create EventBridge resources.
Supported Features
- Creates AWS EventBridge Resources (bus, rules, targets, permissions, connections, destinations, schedules and schedule groups)
- Attach resources to an existing EventBridge bus
- Support AWS EventBridge Archives and Replays
- Conditional creation for many types of resources
- Support IAM policy attachments and various ways to create and attach additional policies
Usage
EventBridge Complete
Most common use-case which creates custom bus, rules and targets.
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "my-bus"
rules = {
orders = {
description = "Capture all order data"
event_pattern = jsonencode({ "source" : ["myapp.orders"] })
enabled = true
}
}
targets = {
orders = [
{
name = "send-orders-to-sqs"
arn = aws_sqs_queue.queue.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
},
{
name = "send-orders-to-kinesis"
arn = aws_kinesis_stream.this.arn
dead_letter_arn = aws_sqs_queue.dlq.arn
input_transformer = local.kinesis_input_transformer
},
{
name = "log-orders-to-cloudwatch"
arn = aws_cloudwatch_log_group.this.arn
}
]
}
tags = {
Name = "my-bus"
}
}EventBridge Bus
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "my-bus"
tags = {
Name = "my-bus"
}
}EventBridge Rule
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "my-bus"
create_targets = false
rules = {
logs = {
description = "Capture log data"
event_pattern = jsonencode({ "source" : ["my.app.logs"] })
}
}
}EventBridge Target
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "my-bus"
rules = {
logs = {
description = "Capture log data"
event_pattern = jsonencode({ "source" : ["my.app.logs"] })
}
}
targets = {
logs = [
{
name = "send-logs-to-sqs"
arn = aws_sqs_queue.queue.arn
},
{
name = "send-logs-to-cloudwatch"
arn = aws_cloudwatch_log_stream.logs.arn
}
]
}
}EventBridge Archive
module "eventbridge_with_archive" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "my-bus"
create_archives = true
archives = {
"my-bus-launch-archive" = {
description = "EC2 AutoScaling Event archive",
retention_days = 1
event_pattern = <<PATTERN
{
"source": ["aws.autoscaling"],
"detail-type": ["EC2 Instance Launch Successful"]
}
PATTERN
}
}
tags = {
Name = "my-bus"
}
}EventBridge Permission
module "eventbridge_with_permissions" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "my-bus"
create_permissions = true
permissions = {
"099720109477 DevAccess" = {}
"099720109466 ProdAccess" = {}
}
tags = {
Name = "my-bus"
}
}EventBridge with schedule rule and Lambda target
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
create_bus = false
rules = {
crons = {
description = "Trigger for a Lambda"
schedule_expression = "rate(5 minutes)"
}
}
targets = {
crons = [
{
name = "lambda-loves-cron"
arn = "arn:aws:lambda:ap-southeast-1:135367859851:function:resolved-penguin-lambda"
input = jsonencode({"job": "cron-by-rate"})
}
]
}
}EventBridge with schedule rule and Step Functions target
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
create_bus = false
rules = {
crons = {
description = "Run state machine everyday 10:00 UTC"
schedule_expression = "cron(0 10 * * ? *)"
}
}
targets = {
crons = [
{
name = "your-awesome-state-machine"
arn = "arn:aws:states:us-east-1:123456789012:stateMachine:your-awesome-state-machine"
attach_role_arn = true
}
]
}
sfn_target_arns = ["arn:aws:states:us-east-1:123456789012:stateMachine:your-awesome-state-machine"]
attach_sfn_policy = true
}EventBridge Scheduler which triggers Lambda Function
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "example" # "default" bus already support schedule_expression in rules
attach_lambda_policy = true
lambda_target_arns = ["arn:aws:lambda:us-east-1:135367859851:function:resolved-penguin-lambda"]
schedules = {
lambda-cron = {
description = "Trigger for a Lambda"
schedule_expression = "rate(1 day)"
timezone = "Europe/London"
arn = "arn:aws:lambda:us-east-1:135367859851:function:resolved-penguin-lambda"
input = jsonencode({ "job" : "cron-by-rate" })
}
}
}EventBridge API Destination
module "eventbridge_with_api_destination" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "my-bus"
create_connections = true
create_api_destinations = true
attach_api_destination_policy = true
connections = {
smee = {
authorization_type = "OAUTH_CLIENT_CREDENTIALS"
auth_parameters = {
oauth = {
authorization_endpoint = "https://oauth.endpoint.com"
http_method = "GET"
client_parameters = {
client_id = "1234567890"
client_secret = "Pass1234!"
}
oauth_http_parameters = {
body = [{
key = "body-parameter-key"
value = "body-parameter-value"
is_value_secret = false
}]
header = [{
key = "header-parameter-key1"
value = "header-parameter-value1"
}, {
key = "header-parameter-key2"
value = "header-parameter-value2"
is_value_secret = true
}]
query_string = [{
key = "query-string-parameter-key"
value = "query-string-parameter-value"
is_value_secret = false
}]
}
}
}
}
}
api_destinations = {
smee = {
description = "my smee endpoint"
invocation_endpoint = "https://smee.io/hgoubgoibwekt331"
http_method = "POST"
invocation_rate_limit_per_second = 200
}
}
}Additional IAM policies for Step Function
In addition to all supported AWS service integrations you may want to create and attach additional policies.
There are 5 supported ways to attach additional IAM policies to IAM role used by Step Function:
policy_json- JSON string or heredoc, whenattach_policy_json = true.policy_jsons- List of JSON strings or heredoc, whenattach_policy_jsons = trueandnumber_of_policy_jsons > 0.policy- ARN of existing IAM policy, whenattach_policy = true.policies- List of ARNs of existing IAM policies, whenattach_policies = trueandnumber_of_policies > 0.policy_statements- Map of maps to define IAM statements which will be generated as IAM policy. Requiresattach_policy_statements = true. Seeexamples/completefor more information.
Conditional creation
Sometimes you need to have a way to create resources conditionally but Terraform does not allow usage of count inside module block, so the solution is to specify create arguments.
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
create = false # to disable all resources
create_bus = false # to control creation of the EventBridge Bus and related resources
create_rules = false # to control creation of EventBridge Rules and related resources
create_targets = false # to control creation of EventBridge Targets and related resources
create_archives = false # to control creation of EventBridge Archives
create_permissions = false # to control creation of EventBridge Permissions
create_role = false # to control creation of the IAM role and policies required for EventBridge
create_connections = false # to control creation of EventBridge Connection resources
create_api_destinations = false # to control creation of EventBridge Destination resources
create_schedule_groups = false # to control creation of EventBridge Schedule Group resources
create_schedules = false # to control creation of EventBridge Schedule resources
attach_cloudwatch_policy = false
attach_ecs_policy = false
attach_kinesis_policy = false
attach_kinesis_firehose_policy = false
attach_lambda_policy = false
attach_sfn_policy = false
attach_sqs_policy = false
attach_tracing_policy = false
attach_api_destination_policy = false
# ... omitted
}Examples
- Complete - Creates EventBridge resources (bus, rules and targets) and connect with SQS queues, Kinesis Stream, Step Function, CloudWatch Logs, Lambda Functions, and more.
- HTTP API Gateway - Creates an integration with HTTP API Gateway as event source.
- Using Default Bus - Creates resources in the
defaultbus. - Archive - EventBridge Archives resources in various configurations.
- Permissions - Controls permissions to EventBridge.
- Scheduler - EventBridge Scheduler which works with any bus (recommended way).
- ECS Scheduling Events - Use default bus to schedule events on ECS.
- Lambda Scheduling Events - Trigger Lambda functions on schedule (works only with default bus).
- API Destination - Control access to EventBridge using API destinations.
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.64 |
Providers
| Name | Version |
|---|---|
| aws | >= 4.64 |
Modules
No modules.
Resources
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| api_destinations | A map of objects with EventBridge Destination definitions. | map(any) |
{} |
no |
| append_connection_postfix | Controls whether to append '-connection' to the name of the connection | bool |
true |
no |
| append_destination_postfix | Controls whether to append '-destination' to the name of the destination | bool |
true |
no |
| append_rule_postfix | Controls whether to append '-rule' to the name of the rule | bool |
true |
no |
| append_schedule_group_postfix | Controls whether to append '-group' to the name of the schedule group | bool |
true |
no |
| append_schedule_postfix | Controls whether to append '-schedule' to the name of the schedule | bool |
true |
no |
| archives | A map of objects with the EventBridge Archive definitions. | map(any) |
{} |
no |
| attach_api_destination_policy | Controls whether the API Destination policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_cloudwatch_policy | Controls whether the Cloudwatch policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_ecs_policy | Controls whether the ECS policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_kinesis_firehose_policy | Controls whether the Kinesis Firehose policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_kinesis_policy | Controls whether the Kinesis policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_lambda_policy | Controls whether the Lambda Function policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_policies | Controls whether list of policies should be added to IAM role | bool |
false |
no |
| attach_policy | Controls whether policy should be added to IAM role | bool |
false |
no |
| attach_policy_json | Controls whether policy_json should be added to IAM role | bool |
false |
no |
| attach_policy_jsons | Controls whether policy_jsons should be added to IAM role | bool |
false |
no |
| attach_policy_statements | Controls whether policy_statements should be added to IAM role | bool |
false |
no |
| attach_sfn_policy | Controls whether the StepFunction policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_sns_policy | Controls whether the SNS policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_sqs_policy | Controls whether the SQS policy should be added to IAM role for EventBridge Target | bool |
false |
no |
| attach_tracing_policy | Controls whether X-Ray tracing policy should be added to IAM role for EventBridge | bool |
false |
no |
| bus_name | A unique name for your EventBridge Bus | string |
"default" |
no |
| cloudwatch_target_arns | The Amazon Resource Name (ARN) of the Cloudwatch Log Streams you want to use as EventBridge targets | list(string) |
[] |
no |
| connections | A map of objects with EventBridge Connection definitions. | any |
{} |
no |
| create | Controls whether resources should be created | bool |
true |
no |
| create_api_destinations | Controls whether EventBridge Destination resources should be created | bool |
false |
no |
| create_archives | Controls whether EventBridge Archive resources should be created | bool |
false |
no |
| create_bus | Controls whether EventBridge Bus resource should be created | bool |
true |
no |
| create_connections | Controls whether EventBridge Connection resources should be created | bool |
false |
no |
| create_permissions | Controls whether EventBridge Permission resources should be created | bool |
true |
no |
| create_role | Controls whether IAM roles should be created | bool |
true |
no |
| create_rules | Controls whether EventBridge Rule resources should be created | bool |
true |
no |
| create_schedule_groups | Controls whether EventBridge Schedule Group resources should be created | bool |
true |
no |
| create_schedules | Controls whether EventBridge Schedule resources should be created | bool |
true |
no |
| create_schemas_discoverer | Controls whether default schemas discoverer should be created | bool |
false |
no |
| create_targets | Controls whether EventBridge Target resources should be created | bool |
true |
no |
| ecs_target_arns | The Amazon Resource Name (ARN) of the AWS ECS Tasks you want to use as EventBridge targets | list(string) |
[] |
no |
| event_source_name | The partner event source that the new event bus will be matched with. Must match name. | string |
null |
no |
| kinesis_firehose_target_arns | The Amazon Resource Name (ARN) of the Kinesis Firehose Delivery Streams you want to use as EventBridge targets | list(string) |
[] |
no |
| kinesis_target_arns | The Amazon Resource Name (ARN) of the Kinesis Streams you want to use as EventBridge targets | list(string) |
[] |
no |
| lambda_target_arns | The Amazon Resource Name (ARN) of the Lambda Functions you want to use as EventBridge targets | list(string) |
[] |
no |
| number_of_policies | Number of policies to attach to IAM role | number |
0 |
no |
| number_of_policy_jsons | Number of policies JSON to attach to IAM role | number |
0 |
no |
| permissions | A map of objects with EventBridge Permission definitions. | map(any) |
{} |
no |
| policies | List of policy statements ARN to attach to IAM role | list(string) |
[] |
no |
| policy | An additional policy document ARN to attach to IAM role | string |
null |
no |
| policy_json | An additional policy document as JSON to attach to IAM role | string |
null |
no |
| policy_jsons | List of additional policy documents as JSON to attach to IAM role | list(string) |
[] |
no |
| policy_statements | Map of dynamic policy statements to attach to IAM role | any |
{} |
no |
| role_description | Description of IAM role to use for EventBridge | string |
null |
no |
| role_force_detach_policies | Specifies to force detaching any policies the IAM role has before destroying it. | bool |
true |
no |
| role_name | Name of IAM role to use for EventBridge | string |
null |
no |
| role_path | Path of IAM role to use for EventBridge | string |
null |
no |
| role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the IAM role used by EventBridge | string |
null |
no |
| role_tags | A map of tags to assign to IAM role | map(string) |
{} |
no |
| rules | A map of objects with EventBridge Rule definitions. | map(any) |
{} |
no |
| schedule_group_timeouts | A map of objects with EventBridge Schedule Group create and delete timeouts. | map(string) |
{} |
no |
| schedule_groups | A map of objects with EventBridge Schedule Group definitions. | any |
{} |
no |
| schedules | A map of objects with EventBridge Schedule definitions. | map(any) |
{} |
no |
| schemas_discoverer_description | Default schemas discoverer description | string |
"Auto schemas discoverer event" |
no |
| sfn_target_arns | The Amazon Resource Name (ARN) of the StepFunctions you want to use as EventBridge targets | list(string) |
[] |
no |
| sns_target_arns | The Amazon Resource Name (ARN) of the AWS SNS's you want to use as EventBridge targets | list(string) |
[] |
no |
| sqs_target_arns | The Amazon Resource Name (ARN) of the AWS SQS Queues you want to use as EventBridge targets | list(string) |
[] |
no |
| tags | A map of tags to assign to resources. | map(string) |
{} |
no |
| targets | A map of objects with EventBridge Target definitions. | any |
{} |
no |
| trusted_entities | Additional trusted entities for assuming roles (trust relationship) | list(string) |
[] |
no |
Outputs
| Name | Description |
|---|---|
| eventbridge_api_destination_arns | The EventBridge API Destination ARNs |
| eventbridge_archive_arns | The EventBridge Archive ARNs |
| eventbridge_bus_arn | The EventBridge Bus ARN |
| eventbridge_bus_name | The EventBridge Bus Name |
| eventbridge_connection_arns | The EventBridge Connection Arns |
| eventbridge_connection_ids | The EventBridge Connection IDs |
| eventbridge_permission_ids | The EventBridge Permission IDs |
| eventbridge_role_arn | The ARN of the IAM role created for EventBridge |
| eventbridge_role_name | The name of the IAM role created for EventBridge |
| eventbridge_rule_arns | The EventBridge Rule ARNs |
| eventbridge_rule_ids | The EventBridge Rule IDs |
| eventbridge_schedule_arns | The EventBridge Schedule ARNs created |
| eventbridge_schedule_group_arns | The EventBridge Schedule Group ARNs |
| eventbridge_schedule_group_ids | The EventBridge Schedule Group IDs |
| eventbridge_schedule_group_states | The EventBridge Schedule Group states |
| eventbridge_schedule_ids | The EventBridge Schedule IDs created |
Authors
Module managed by Sven Lito. Check out serverless.tf to learn more about doing serverless with Terraform.
License
Apache 2 Licensed. See LICENSE for full details.