examples: Add examples for CloudWatch Events
This commit is contained in:
parent
e288b161d7
commit
30e5ec7b19
|
@ -0,0 +1,14 @@
|
|||
# CloudWatch Event sent to Kinesis Stream
|
||||
|
||||
This example sets up a CloudWatch Event Rule with a Target and IAM Role & Policy
|
||||
to send all autoscaling events into Kinesis stream for further examination.
|
||||
|
||||
See more details about [CloudWatch Events](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchEvents.html)
|
||||
in the official AWS docs.
|
||||
|
||||
## How to run the example
|
||||
|
||||
```
|
||||
terraform apply \
|
||||
-var=aws_region=us-west-2
|
||||
```
|
|
@ -0,0 +1,72 @@
|
|||
provider "aws" {
|
||||
region = "${var.aws_region}"
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_event_rule" "foo" {
|
||||
name = "${var.rule_name}"
|
||||
event_pattern = <<PATTERN
|
||||
{
|
||||
"detail-type": [
|
||||
"AWS API Call via CloudTrail"
|
||||
],
|
||||
"detail": {
|
||||
"eventSource": [
|
||||
"autoscaling.amazonaws.com"
|
||||
]
|
||||
}
|
||||
}
|
||||
PATTERN
|
||||
role_arn = "${aws_iam_role.role.arn}"
|
||||
}
|
||||
|
||||
resource "aws_iam_role" "role" {
|
||||
name = "${var.iam_role_name}"
|
||||
assume_role_policy = <<POLICY
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": "sts:AssumeRole",
|
||||
"Principal": {
|
||||
"Service": "events.amazonaws.com"
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Sid": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
POLICY
|
||||
}
|
||||
|
||||
resource "aws_iam_role_policy" "policy" {
|
||||
name = "tf-example-policy"
|
||||
role = "${aws_iam_role.role.id}"
|
||||
policy = <<POLICY
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": [
|
||||
"kinesis:PutRecord",
|
||||
"kinesis:PutRecords"
|
||||
],
|
||||
"Resource": [
|
||||
"*"
|
||||
],
|
||||
"Effect": "Allow"
|
||||
}
|
||||
]
|
||||
}
|
||||
POLICY
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_event_target" "foobar" {
|
||||
rule = "${aws_cloudwatch_event_rule.foo.name}"
|
||||
target_id = "${var.target_name}"
|
||||
arn = "${aws_kinesis_stream.foo.arn}"
|
||||
}
|
||||
|
||||
resource "aws_kinesis_stream" "foo" {
|
||||
name = "${var.stream_name}"
|
||||
shard_count = 1
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
output "rule_arn" {
|
||||
value = "${aws_cloudwatch_event_rule.foo.arn}"
|
||||
}
|
||||
|
||||
output "kinesis_stream_arn" {
|
||||
value = "${aws_kinesis_stream.foo.arn}"
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
variable "aws_region" {
|
||||
description = "The AWS region to create resources in."
|
||||
default = "us-east-1"
|
||||
}
|
||||
|
||||
variable "rule_name" {
|
||||
description = "The name of the CloudWatch Event Rule"
|
||||
default = "tf-example-cloudwatch-event-rule-for-kinesis"
|
||||
}
|
||||
|
||||
variable "iam_role_name" {
|
||||
description = "The name of the IAM Role"
|
||||
default = "tf-example-iam-role-for-kinesis"
|
||||
}
|
||||
|
||||
variable "target_name" {
|
||||
description = "The name of the CloudWatch Event Target"
|
||||
default = "tf-example-cloudwatch-event-target-for-kinesis"
|
||||
}
|
||||
|
||||
variable "stream_name" {
|
||||
description = "The name of the Kinesis Stream to send events to"
|
||||
default = "tf-example-kinesis-stream"
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
# CloudWatch Event sent to SNS Topic
|
||||
|
||||
This example sets up a CloudWatch Event Rule with a Target and SNS Topic
|
||||
to send any CloudTrail API operation into that SNS topic. This allows you
|
||||
to add SNS subscriptions which may notify you about suspicious activity.
|
||||
|
||||
See more details about [CloudWatch Events](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchEvents.html)
|
||||
in the official AWS docs.
|
||||
|
||||
## How to run the example
|
||||
|
||||
```
|
||||
terraform apply \
|
||||
-var=aws_region=us-west-2
|
||||
```
|
|
@ -0,0 +1,29 @@
|
|||
provider "aws" {
|
||||
region = "${var.aws_region}"
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_event_rule" "foo" {
|
||||
name = "${var.rule_name}"
|
||||
event_pattern = <<PATTERN
|
||||
{
|
||||
"detail-type": [
|
||||
"AWS API Call via CloudTrail"
|
||||
],
|
||||
"detail": {
|
||||
"eventSource": [
|
||||
"cloudtrail.amazonaws.com"
|
||||
]
|
||||
}
|
||||
}
|
||||
PATTERN
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_event_target" "bar" {
|
||||
rule = "${aws_cloudwatch_event_rule.foo.name}"
|
||||
target_id = "${var.target_name}"
|
||||
arn = "${aws_sns_topic.foo.arn}"
|
||||
}
|
||||
|
||||
resource "aws_sns_topic" "foo" {
|
||||
name = "${var.sns_topic_name}"
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
output "rule_arn" {
|
||||
value = "${aws_cloudwatch_event_rule.foo.arn}"
|
||||
}
|
||||
|
||||
output "sns_topic_arn" {
|
||||
value = "${aws_sns_topic.foo.arn}"
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
variable "aws_region" {
|
||||
description = "The AWS region to create resources in."
|
||||
default = "us-east-1"
|
||||
}
|
||||
|
||||
variable "rule_name" {
|
||||
description = "The name of the CloudWatch Event Rule"
|
||||
default = "tf-example-cloudwatch-event-rule-for-sns"
|
||||
}
|
||||
|
||||
variable "target_name" {
|
||||
description = "The name of the CloudWatch Event Target"
|
||||
default = "tf-example-cloudwatch-event-target-for-sns"
|
||||
}
|
||||
|
||||
variable "sns_topic_name" {
|
||||
description = "The name of the SNS Topic to send events to"
|
||||
default = "tf-example-sns-topic"
|
||||
}
|
Loading…
Reference in New Issue