Skip to content

Commit

Permalink
feat: Added support for custom role_arn in targets (terraform-aws-mod…
Browse files Browse the repository at this point in the history
  • Loading branch information
antonbabenko authored Feb 4, 2022
1 parent 4ad24ec commit 45311f7
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 2 deletions.
3 changes: 3 additions & 0 deletions examples/with-api-destination/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ Note that this example may create resources which cost money. Run `terraform des

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.44 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3.0 |

## Modules
Expand All @@ -39,7 +40,9 @@ Note that this example may create resources which cost money. Run `terraform des

| Name | Type |
|------|------|
| [aws_iam_role.eventbridge](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

## Inputs

Expand Down
19 changes: 18 additions & 1 deletion examples/with-api-destination/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ module "eventbridge" {
{
name = "send-orders-to-requestbin"
destination = "requestbin"
attach_role_arn = true
attach_role_arn = aws_iam_role.eventbridge.arn
},
{
name = "send-orders-to-github"
Expand Down Expand Up @@ -164,3 +164,20 @@ module "eventbridge" {
resource "random_pet" "this" {
length = 2
}

resource "aws_iam_role" "eventbridge" {
name = "${random_pet.this.id}-role"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]

principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
}
}
3 changes: 2 additions & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,8 @@ resource "aws_cloudwatch_event_target" "this" {
rule = each.value.Name
arn = lookup(each.value, "destination", null) != null ? aws_cloudwatch_event_api_destination.this[each.value.destination].arn : each.value.arn

role_arn = lookup(each.value, "attach_role_arn", null) != null ? try(aws_iam_role.eventbridge[0].arn, "") : null
role_arn = can(length(each.value.attach_role_arn) > 0) ? each.value.attach_role_arn : (try(each.value.attach_role_arn, null) == true ? aws_iam_role.eventbridge[0].arn : null)

target_id = lookup(each.value, "target_id", null)
input = lookup(each.value, "input", null)
input_path = lookup(each.value, "input_path", null)
Expand Down

0 comments on commit 45311f7

Please sign in to comment.