examples: Add examples for CloudWatch Events

This commit is contained in:
Radek Simko 2016-02-05 13:11:11 +00:00
parent e288b161d7
commit 30e5ec7b19
8 changed files with 187 additions and 0 deletions

View File

@ -0,0 +1,14 @@
# CloudWatch Event sent to Kinesis Stream
This example sets up a CloudWatch Event Rule with a Target and IAM Role & Policy
to send all autoscaling events into Kinesis stream for further examination.
See more details about [CloudWatch Events](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchEvents.html)
in the official AWS docs.
## How to run the example
```
terraform apply \
-var=aws_region=us-west-2
```

View File

@ -0,0 +1,72 @@
provider "aws" {
region = "${var.aws_region}"
}
resource "aws_cloudwatch_event_rule" "foo" {
name = "${var.rule_name}"
event_pattern = <<PATTERN
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"autoscaling.amazonaws.com"
]
}
}
PATTERN
role_arn = "${aws_iam_role.role.arn}"
}
resource "aws_iam_role" "role" {
name = "${var.iam_role_name}"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "events.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
POLICY
}
resource "aws_iam_role_policy" "policy" {
name = "tf-example-policy"
role = "${aws_iam_role.role.id}"
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
POLICY
}
resource "aws_cloudwatch_event_target" "foobar" {
rule = "${aws_cloudwatch_event_rule.foo.name}"
target_id = "${var.target_name}"
arn = "${aws_kinesis_stream.foo.arn}"
}
resource "aws_kinesis_stream" "foo" {
name = "${var.stream_name}"
shard_count = 1
}

View File

@ -0,0 +1,7 @@
output "rule_arn" {
value = "${aws_cloudwatch_event_rule.foo.arn}"
}
output "kinesis_stream_arn" {
value = "${aws_kinesis_stream.foo.arn}"
}

View File

@ -0,0 +1,24 @@
variable "aws_region" {
description = "The AWS region to create resources in."
default = "us-east-1"
}
variable "rule_name" {
description = "The name of the CloudWatch Event Rule"
default = "tf-example-cloudwatch-event-rule-for-kinesis"
}
variable "iam_role_name" {
description = "The name of the IAM Role"
default = "tf-example-iam-role-for-kinesis"
}
variable "target_name" {
description = "The name of the CloudWatch Event Target"
default = "tf-example-cloudwatch-event-target-for-kinesis"
}
variable "stream_name" {
description = "The name of the Kinesis Stream to send events to"
default = "tf-example-kinesis-stream"
}

View File

@ -0,0 +1,15 @@
# CloudWatch Event sent to SNS Topic
This example sets up a CloudWatch Event Rule with a Target and SNS Topic
to send any CloudTrail API operation into that SNS topic. This allows you
to add SNS subscriptions which may notify you about suspicious activity.
See more details about [CloudWatch Events](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchEvents.html)
in the official AWS docs.
## How to run the example
```
terraform apply \
-var=aws_region=us-west-2
```

View File

@ -0,0 +1,29 @@
provider "aws" {
region = "${var.aws_region}"
}
resource "aws_cloudwatch_event_rule" "foo" {
name = "${var.rule_name}"
event_pattern = <<PATTERN
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"cloudtrail.amazonaws.com"
]
}
}
PATTERN
}
resource "aws_cloudwatch_event_target" "bar" {
rule = "${aws_cloudwatch_event_rule.foo.name}"
target_id = "${var.target_name}"
arn = "${aws_sns_topic.foo.arn}"
}
resource "aws_sns_topic" "foo" {
name = "${var.sns_topic_name}"
}

View File

@ -0,0 +1,7 @@
output "rule_arn" {
value = "${aws_cloudwatch_event_rule.foo.arn}"
}
output "sns_topic_arn" {
value = "${aws_sns_topic.foo.arn}"
}

View File

@ -0,0 +1,19 @@
variable "aws_region" {
description = "The AWS region to create resources in."
default = "us-east-1"
}
variable "rule_name" {
description = "The name of the CloudWatch Event Rule"
default = "tf-example-cloudwatch-event-rule-for-sns"
}
variable "target_name" {
description = "The name of the CloudWatch Event Target"
default = "tf-example-cloudwatch-event-target-for-sns"
}
variable "sns_topic_name" {
description = "The name of the SNS Topic to send events to"
default = "tf-example-sns-topic"
}