diff --git a/README.md b/README.md
index dd1e178..ffd5667 100644
--- a/README.md
+++ b/README.md
@@ -382,13 +382,13 @@ module "eventbridge" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
## Modules
@@ -405,6 +405,13 @@ No modules.
| [aws_cloudwatch_event_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_permission) | resource |
| [aws_cloudwatch_event_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |
| [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
+| [aws_cloudwatch_log_delivery.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource |
+| [aws_cloudwatch_log_delivery.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource |
+| [aws_cloudwatch_log_delivery.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery) | resource |
+| [aws_cloudwatch_log_delivery_destination.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource |
+| [aws_cloudwatch_log_delivery_destination.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource |
+| [aws_cloudwatch_log_delivery_destination.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_destination) | resource |
+| [aws_cloudwatch_log_delivery_source.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_delivery_source) | resource |
| [aws_iam_policy.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
@@ -488,6 +495,7 @@ No modules.
| [attach\_sqs\_policy](#input\_attach\_sqs\_policy) | Controls whether the SQS policy should be added to IAM role for EventBridge Target | `bool` | `false` | no |
| [attach\_tracing\_policy](#input\_attach\_tracing\_policy) | Controls whether X-Ray tracing policy should be added to IAM role for EventBridge | `bool` | `false` | no |
| [bus\_description](#input\_bus\_description) | Event bus description | `string` | `null` | no |
+| [bus\_log\_config](#input\_bus\_log\_config) | The configuration block for the EventBridge bus logging | object({
include_detail = optional(string)
level = optional(string)
cloudwatch = optional(object({
enabled = optional(bool, false)
log_group_arn = optional(string)
}))
s3 = optional(object({
enabled = optional(bool, false)
bucket_arn = optional(string)
}))
firehose = optional(object({
enabled = optional(bool, false)
delivery_stream_arn = optional(string)
}))
}) | `null` | no |
| [bus\_name](#input\_bus\_name) | A unique name for your EventBridge Bus | `string` | `"default"` | no |
| [cloudwatch\_target\_arns](#input\_cloudwatch\_target\_arns) | The Amazon Resource Name (ARN) of the Cloudwatch Log Streams you want to use as EventBridge targets | `list(string)` | `[]` | no |
| [connections](#input\_connections) | A map of objects with EventBridge Connection definitions. | `any` | `{}` | no |
@@ -558,6 +566,7 @@ No modules.
| [eventbridge\_connection\_ids](#output\_eventbridge\_connection\_ids) | The EventBridge Connection IDs |
| [eventbridge\_connections](#output\_eventbridge\_connections) | The EventBridge Connections created and their attributes |
| [eventbridge\_iam\_roles](#output\_eventbridge\_iam\_roles) | The EventBridge IAM roles created and their attributes |
+| [eventbridge\_log\_delivery\_source](#output\_eventbridge\_log\_delivery\_source) | The EventBridge Bus CloudWatch Log Delivery Source created and their attributes |
| [eventbridge\_permission\_ids](#output\_eventbridge\_permission\_ids) | The EventBridge Permission IDs |
| [eventbridge\_permissions](#output\_eventbridge\_permissions) | The EventBridge Permissions created and their attributes |
| [eventbridge\_pipe\_arns](#output\_eventbridge\_pipe\_arns) | The EventBridge Pipes ARNs |
diff --git a/examples/api-gateway-event-source/README.md b/examples/api-gateway-event-source/README.md
index 0d788a9..9c0300f 100644
--- a/examples/api-gateway-event-source/README.md
+++ b/examples/api-gateway-event-source/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/api-gateway-event-source/versions.tf b/examples/api-gateway-event-source/versions.tf
index 3fe2eaf..a8d1901 100644
--- a/examples/api-gateway-event-source/versions.tf
+++ b/examples/api-gateway-event-source/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 5995298..094db9a 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.0 |
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [null](#provider\_null) | >= 2.0 |
| [random](#provider\_random) | >= 3.0 |
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index b54c439..cb0c2fc 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/default-bus/README.md b/examples/default-bus/README.md
index aa5dc0c..e2d397b 100644
--- a/examples/default-bus/README.md
+++ b/examples/default-bus/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/default-bus/versions.tf b/examples/default-bus/versions.tf
index 3fe2eaf..a8d1901 100644
--- a/examples/default-bus/versions.tf
+++ b/examples/default-bus/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-api-destination/README.md b/examples/with-api-destination/README.md
index 28c0a9d..00cd3bf 100644
--- a/examples/with-api-destination/README.md
+++ b/examples/with-api-destination/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/with-api-destination/versions.tf b/examples/with-api-destination/versions.tf
index 3fe2eaf..a8d1901 100644
--- a/examples/with-api-destination/versions.tf
+++ b/examples/with-api-destination/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-archive/README.md b/examples/with-archive/README.md
index 00840dd..7710410 100644
--- a/examples/with-archive/README.md
+++ b/examples/with-archive/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [random](#provider\_random) | >= 3.0 |
## Modules
@@ -36,6 +36,7 @@ Note that this example may create resources which cost money. Run `terraform des
|------|--------|---------|
| [eventbridge](#module\_eventbridge) | ../../ | n/a |
| [eventbridge\_archive\_only](#module\_eventbridge\_archive\_only) | ../../ | n/a |
+| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 |
## Resources
@@ -43,6 +44,8 @@ Note that this example may create resources which cost money. Run `terraform des
|------|------|
| [aws_cloudwatch_event_bus.existing_bus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
diff --git a/examples/with-archive/versions.tf b/examples/with-archive/versions.tf
index 3fe2eaf..a8d1901 100644
--- a/examples/with-archive/versions.tf
+++ b/examples/with-archive/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-bus-logging/README.md b/examples/with-bus-logging/README.md
new file mode 100644
index 0000000..4091c88
--- /dev/null
+++ b/examples/with-bus-logging/README.md
@@ -0,0 +1,54 @@
+# EventBridge with Bus Logging Example
+
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.6 |
+| [random](#requirement\_random) | >= 3.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 6.6 |
+| [random](#provider\_random) | >= 3.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [cloudwatch\_log\_group](#module\_cloudwatch\_log\_group) | terraform-aws-modules/cloudwatch/aws//modules/log-group | ~> 3.0 |
+| [eventbridge](#module\_eventbridge) | ../../ | n/a |
+| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.cwlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+
diff --git a/examples/with-bus-logging/main.tf b/examples/with-bus-logging/main.tf
new file mode 100644
index 0000000..79b73cf
--- /dev/null
+++ b/examples/with-bus-logging/main.tf
@@ -0,0 +1,137 @@
+provider "aws" {
+ region = "eu-west-1"
+
+ # Make it faster by skipping something
+ skip_metadata_api_check = true
+ skip_region_validation = true
+ skip_credentials_validation = true
+}
+
+data "aws_caller_identity" "current" {}
+
+module "eventbridge" {
+ source = "../../"
+
+ create_bus = true
+
+ bus_name = "${random_pet.this.id}-bus"
+ bus_log_config = {
+ include_detail = "FULL"
+ level = "INFO"
+ cloudwatch = {
+ enabled = true
+ log_group_arn = module.cloudwatch_log_group.cloudwatch_log_group_arn
+ }
+ s3 = {
+ enabled = true
+ bucket_arn = module.s3_bucket.s3_bucket_arn
+ }
+ }
+}
+
+#################
+# Extra resources
+#################
+
+resource "random_pet" "this" {
+ length = 2
+}
+
+######################
+# CloudWatch Log Group
+######################
+module "cloudwatch_log_group" {
+ source = "terraform-aws-modules/cloudwatch/aws//modules/log-group"
+ version = "~> 3.0"
+
+ name = "/aws/vendedlogs/events/event-bus/${random_pet.this.id}-bus"
+ retention_in_days = 14
+}
+
+data "aws_iam_policy_document" "cwlogs" {
+ statement {
+ effect = "Allow"
+ principals {
+ type = "Service"
+ identifiers = ["delivery.logs.amazonaws.com"]
+ }
+ actions = [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents"
+ ]
+ resources = [
+ "${module.cloudwatch_log_group.arn}:log-stream:*"
+ ]
+ condition {
+ test = "StringEquals"
+ variable = "aws:SourceAccount"
+ values = [data.aws_caller_identity.current.account_id]
+ }
+ condition {
+ test = "ArnLike"
+ variable = "aws:SourceArn"
+ values = [
+ module.eventbridge.eventbridge_log_delivery_source.arn
+ ]
+ }
+ }
+}
+
+####
+# S3
+####
+module "s3_bucket" {
+ source = "terraform-aws-modules/s3-bucket/aws"
+ version = "~> 5.0"
+
+ bucket = "${random_pet.this.id}-eventbridge-bus-logs-bucket"
+ attach_policy = true
+ policy = data.aws_iam_policy_document.bucket_policy.json
+
+ acl = "private"
+
+ control_object_ownership = true
+ object_ownership = "ObjectWriter"
+
+ versioning = {
+ enabled = true
+ }
+}
+
+data "aws_iam_policy_document" "bucket_policy" {
+ statement {
+ effect = "Allow"
+ principals {
+ type = "Service"
+ identifiers = ["delivery.logs.amazonaws.com"]
+ }
+ actions = [
+ "s3:PutObject"
+ ]
+ resources = [
+ "${module.s3_bucket.s3_bucket_arn}/AWSLogs/${data.aws_caller_identity.current.account_id}/EventBusLogs/*"
+ ]
+ condition {
+ test = "StringEquals"
+ variable = "s3:x-amz-acl"
+ values = ["bucket-owner-full-control"]
+ }
+ condition {
+ test = "StringEquals"
+ variable = "aws:SourceAccount"
+ values = [data.aws_caller_identity.current.account_id]
+ }
+ condition {
+ test = "ArnLike"
+ variable = "aws:SourceArn"
+ values = [
+ module.eventbridge.eventbridge_log_delivery_source.arn
+ ]
+ }
+ }
+}
+
+#
+# Kinesis Fire
+#
+
diff --git a/examples/with-bus-logging/outputs.tf b/examples/with-bus-logging/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/examples/with-bus-logging/variables.tf b/examples/with-bus-logging/variables.tf
new file mode 100644
index 0000000..e69de29
diff --git a/examples/with-bus-logging/versions.tf b/examples/with-bus-logging/versions.tf
new file mode 100644
index 0000000..a8d1901
--- /dev/null
+++ b/examples/with-bus-logging/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+ required_version = ">= 1.5.7"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 6.6"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.0"
+ }
+ }
+}
diff --git a/examples/with-ecs-scheduling/README.md b/examples/with-ecs-scheduling/README.md
index 6bfc101..b01cc6a 100644
--- a/examples/with-ecs-scheduling/README.md
+++ b/examples/with-ecs-scheduling/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/with-ecs-scheduling/versions.tf b/examples/with-ecs-scheduling/versions.tf
index 3fe2eaf..a8d1901 100644
--- a/examples/with-ecs-scheduling/versions.tf
+++ b/examples/with-ecs-scheduling/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-lambda-scheduling/README.md b/examples/with-lambda-scheduling/README.md
index e1f70e4..1352eb2 100644
--- a/examples/with-lambda-scheduling/README.md
+++ b/examples/with-lambda-scheduling/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.0 |
diff --git a/examples/with-lambda-scheduling/versions.tf b/examples/with-lambda-scheduling/versions.tf
index b54c439..cb0c2fc 100644
--- a/examples/with-lambda-scheduling/versions.tf
+++ b/examples/with-lambda-scheduling/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-permissions/README.md b/examples/with-permissions/README.md
index 3ceb3a0..ac2852a 100644
--- a/examples/with-permissions/README.md
+++ b/examples/with-permissions/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/with-permissions/versions.tf b/examples/with-permissions/versions.tf
index 3fe2eaf..a8d1901 100644
--- a/examples/with-permissions/versions.tf
+++ b/examples/with-permissions/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-pipes/README.md b/examples/with-pipes/README.md
index b8c1b42..fdc1604 100644
--- a/examples/with-pipes/README.md
+++ b/examples/with-pipes/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.0 |
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [null](#provider\_null) | >= 2.0 |
| [random](#provider\_random) | >= 3.0 |
diff --git a/examples/with-pipes/versions.tf b/examples/with-pipes/versions.tf
index b54c439..cb0c2fc 100644
--- a/examples/with-pipes/versions.tf
+++ b/examples/with-pipes/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-schedules/README.md b/examples/with-schedules/README.md
index de1cf6e..de0b349 100644
--- a/examples/with-schedules/README.md
+++ b/examples/with-schedules/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
+| [aws](#requirement\_aws) | >= 6.6 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.0 |
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
+| [aws](#provider\_aws) | >= 6.6 |
| [null](#provider\_null) | >= 2.0 |
| [random](#provider\_random) | >= 3.0 |
diff --git a/examples/with-schedules/versions.tf b/examples/with-schedules/versions.tf
index b54c439..cb0c2fc 100644
--- a/examples/with-schedules/versions.tf
+++ b/examples/with-schedules/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.0"
+ version = ">= 6.6"
}
random = {
source = "hashicorp/random"
diff --git a/main.tf b/main.tf
index 55634ed..c952ea8 100644
--- a/main.tf
+++ b/main.tf
@@ -53,6 +53,7 @@ locals {
"Name" = var.append_pipe_postfix ? "${replace(index, "_", "-")}-pipe" : index
})
])
+ enabled_bus_log_type = var.bus_log_config != null ? "${upper(var.bus_log_config.level)}_LOGS" : null
}
data "aws_cloudwatch_event_bus" "this" {
@@ -78,9 +79,122 @@ resource "aws_cloudwatch_event_bus" "this" {
}
}
+ dynamic "log_config" {
+ for_each = var.bus_log_config != null ? [var.bus_log_config] : []
+ content {
+ include_detail = log_config.value.include_detail
+ level = log_config.value.level
+ }
+ }
+
+ tags = var.tags
+}
+
+resource "aws_cloudwatch_log_delivery_source" "this" {
+ count = (
+ var.create &&
+ var.create_bus &&
+ var.bus_log_config != null
+ ) ? 1 : 0
+
+ name = "EventBusSource-${var.bus_name}-${local.enabled_bus_log_type}"
+ log_type = local.enabled_bus_log_type
+ resource_arn = aws_cloudwatch_event_bus.this[0].arn
+}
+
+resource "aws_cloudwatch_log_delivery_destination" "cwlogs" {
+ count = (
+ var.create &&
+ var.create_bus &&
+ var.bus_log_config != null &&
+ var.bus_log_config.cloudwatch != null &&
+ var.bus_log_config.cloudwatch.enabled
+ ) ? 1 : 0
+
+ name = "EventsDeliveryDestination-${var.bus_name}-CWLogs"
+
+ delivery_destination_configuration {
+ destination_resource_arn = var.bus_log_config.cloudwatch.log_group_arn
+ }
+
+ tags = var.tags
+}
+
+resource "aws_cloudwatch_log_delivery" "cwlogs" {
+ count = (
+ var.create &&
+ var.create_bus &&
+ var.bus_log_config != null &&
+ var.bus_log_config.cloudwatch != null &&
+ var.bus_log_config.cloudwatch.enabled
+ ) ? 1 : 0
+
+ delivery_destination_arn = aws_cloudwatch_log_delivery_destination.cwlogs[0].arn
+ delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name
+}
+
+resource "aws_cloudwatch_log_delivery_destination" "s3" {
+ count = (
+ var.create &&
+ var.create_bus &&
+ var.bus_log_config != null &&
+ var.bus_log_config.s3 != null &&
+ var.bus_log_config.s3.enabled
+ ) ? 1 : 0
+
+ name = "EventsDeliveryDestination-${var.bus_name}-S3"
+
+ delivery_destination_configuration {
+ destination_resource_arn = var.bus_log_config.s3.bucket_arn
+ }
+
tags = var.tags
}
+resource "aws_cloudwatch_log_delivery" "s3" {
+ count = (
+ var.create &&
+ var.create_bus &&
+ var.bus_log_config != null &&
+ var.bus_log_config.s3 != null &&
+ var.bus_log_config.s3.enabled
+ ) ? 1 : 0
+
+ delivery_destination_arn = aws_cloudwatch_log_delivery_destination.s3[0].arn
+ delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name
+}
+
+resource "aws_cloudwatch_log_delivery_destination" "firehose" {
+ count = (
+ var.create &&
+ var.create_bus &&
+ var.bus_log_config != null &&
+ var.bus_log_config.firehose != null &&
+ var.bus_log_config.firehose.enabled
+ ) ? 1 : 0
+
+ name = "EventsDeliveryDestination-${var.bus_name}-Firehose"
+
+ delivery_destination_configuration {
+ destination_resource_arn = var.bus_log_config.firehose.delivery_stream_arn
+ }
+
+ tags = var.tags
+}
+
+resource "aws_cloudwatch_log_delivery" "firehose" {
+ count = (
+ var.create &&
+ var.create_bus &&
+ var.bus_log_config != null &&
+ var.bus_log_config.firehose != null &&
+ var.bus_log_config.firehose.enabled
+ ) ? 1 : 0
+
+ delivery_destination_arn = aws_cloudwatch_log_delivery_destination.firehose[0].arn
+ delivery_source_name = aws_cloudwatch_log_delivery_source.this[0].name
+}
+
resource "aws_schemas_discoverer" "this" {
count = var.create && var.create_schemas_discoverer ? 1 : 0
diff --git a/outputs.tf b/outputs.tf
index 97e2b66..da9b687 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -161,6 +161,11 @@ output "eventbridge_pipes" {
value = aws_pipes_pipe.this
}
+output "eventbridge_log_delivery_source" {
+ description = "The EventBridge Bus CloudWatch Log Delivery Source created and their attributes"
+ value = aws_cloudwatch_log_delivery_source.this
+}
+
# IAM Roles
output "eventbridge_pipes_iam_roles" {
description = "The EventBridge Pipes IAM roles created and their attributes"
diff --git a/variables.tf b/variables.tf
index 445a993..0146c78 100644
--- a/variables.tf
+++ b/variables.tf
@@ -138,6 +138,30 @@ variable "bus_description" {
default = null
}
+variable "bus_log_config" {
+ description = "The configuration block for the EventBridge bus logging"
+ type = object({
+ include_detail = optional(string)
+ level = optional(string)
+
+ cloudwatch = optional(object({
+ enabled = optional(bool, false)
+ log_group_arn = optional(string)
+ }))
+
+ s3 = optional(object({
+ enabled = optional(bool, false)
+ bucket_arn = optional(string)
+ }))
+
+ firehose = optional(object({
+ enabled = optional(bool, false)
+ delivery_stream_arn = optional(string)
+ }))
+ })
+ default = null
+}
+
variable "event_source_name" {
description = "The partner event source that the new event bus will be matched with. Must match name."
type = string
diff --git a/versions.tf b/versions.tf
index 0d66b2d..36ee0bc 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 6.2"
+ version = ">= 6.6"
}
}
}