examples: Add examples for CloudWatch Events

examples/aws-cloudwatch-events/kinesis/README.md

@@ -0,0 +1,14 @@
+# CloudWatch Event sent to Kinesis Stream
+
+This example sets up a CloudWatch Event Rule with a Target and IAM Role & Policy
+to send all autoscaling events into Kinesis stream for further examination.
+
+See more details about [CloudWatch Events](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchEvents.html)
+in the official AWS docs.
+
+## How to run the example
+
+```
+terraform apply \
+	-var=aws_region=us-west-2
+```

examples/aws-cloudwatch-events/kinesis/main.tf

@@ -0,0 +1,72 @@
+provider "aws" {
+  region = "${var.aws_region}"
+}
+
+resource "aws_cloudwatch_event_rule" "foo" {
+  name = "${var.rule_name}"
+  event_pattern = <<PATTERN
+{
+  "detail-type": [
+    "AWS API Call via CloudTrail"
+  ],
+  "detail": {
+    "eventSource": [
+      "autoscaling.amazonaws.com"
+    ]
+  }
+}
+PATTERN
+  role_arn = "${aws_iam_role.role.arn}"
+}
+
+resource "aws_iam_role" "role" {
+	name = "${var.iam_role_name}"
+	assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "events.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "policy" {
+  name = "tf-example-policy"
+  role = "${aws_iam_role.role.id}"
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "kinesis:PutRecord",
+        "kinesis:PutRecords"
+      ],
+      "Resource": [
+        "*"
+      ],
+      "Effect": "Allow"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_cloudwatch_event_target" "foobar" {
+	rule = "${aws_cloudwatch_event_rule.foo.name}"
+	target_id = "${var.target_name}"
+	arn = "${aws_kinesis_stream.foo.arn}"
+}
+
+resource "aws_kinesis_stream" "foo" {
+  name = "${var.stream_name}"
+  shard_count = 1
+}

examples/aws-cloudwatch-events/kinesis/outputs.tf

@@ -0,0 +1,7 @@
+output "rule_arn" {
+  value = "${aws_cloudwatch_event_rule.foo.arn}"
+}
+
+output "kinesis_stream_arn" {
+  value = "${aws_kinesis_stream.foo.arn}"
+}

examples/aws-cloudwatch-events/kinesis/variables.tf

@@ -0,0 +1,24 @@
+variable "aws_region" {
+  description = "The AWS region to create resources in."
+  default = "us-east-1"
+}
+
+variable "rule_name" {
+  description = "The name of the CloudWatch Event Rule"
+  default = "tf-example-cloudwatch-event-rule-for-kinesis"
+}
+
+variable "iam_role_name" {
+  description = "The name of the IAM Role"
+  default = "tf-example-iam-role-for-kinesis"
+}
+
+variable "target_name" {
+  description = "The name of the CloudWatch Event Target"
+  default = "tf-example-cloudwatch-event-target-for-kinesis"
+}
+
+variable "stream_name" {
+  description = "The name of the Kinesis Stream to send events to"
+  default = "tf-example-kinesis-stream"
+}

examples/aws-cloudwatch-events/sns/README.md

@@ -0,0 +1,15 @@
+# CloudWatch Event sent to SNS Topic
+
+This example sets up a CloudWatch Event Rule with a Target and SNS Topic
+to send any CloudTrail API operation into that SNS topic. This allows you
+to add SNS subscriptions which may notify you about suspicious activity.
+
+See more details about [CloudWatch Events](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchEvents.html)
+in the official AWS docs.
+
+## How to run the example
+
+```
+terraform apply \
+	-var=aws_region=us-west-2
+```

examples/aws-cloudwatch-events/sns/main.tf

@@ -0,0 +1,29 @@
+provider "aws" {
+  region = "${var.aws_region}"
+}
+
+resource "aws_cloudwatch_event_rule" "foo" {
+  name = "${var.rule_name}"
+  event_pattern = <<PATTERN
+{
+  "detail-type": [
+    "AWS API Call via CloudTrail"
+  ],
+  "detail": {
+    "eventSource": [
+      "cloudtrail.amazonaws.com"
+    ]
+  }
+}
+PATTERN
+}
+
+resource "aws_cloudwatch_event_target" "bar" {
+  rule = "${aws_cloudwatch_event_rule.foo.name}"
+  target_id = "${var.target_name}"
+  arn = "${aws_sns_topic.foo.arn}"
+}
+
+resource "aws_sns_topic" "foo" {
+  name = "${var.sns_topic_name}"
+}

examples/aws-cloudwatch-events/sns/outputs.tf

@@ -0,0 +1,7 @@
+output "rule_arn" {
+  value = "${aws_cloudwatch_event_rule.foo.arn}"
+}
+
+output "sns_topic_arn" {
+  value = "${aws_sns_topic.foo.arn}"
+}

examples/aws-cloudwatch-events/sns/variables.tf

@@ -0,0 +1,19 @@
+variable "aws_region" {
+  description = "The AWS region to create resources in."
+  default = "us-east-1"
+}
+
+variable "rule_name" {
+  description = "The name of the CloudWatch Event Rule"
+  default = "tf-example-cloudwatch-event-rule-for-sns"
+}
+
+variable "target_name" {
+  description = "The name of the CloudWatch Event Target"
+  default = "tf-example-cloudwatch-event-target-for-sns"
+}
+
+variable "sns_topic_name" {
+  description = "The name of the SNS Topic to send events to"
+  default = "tf-example-sns-topic"
+}