Skip to content

Commit

Permalink
feat: Add support for setting the condition field in Event Bus permis…
Browse files Browse the repository at this point in the history
…sions (terraform-aws-modules#84)

Co-authored-by: Anton Babenko <anton@antonbabenko.com>
  • Loading branch information
cadrake and antonbabenko authored Apr 28, 2023
1 parent df8797e commit 49f1dff
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 1 deletion.
1 change: 1 addition & 0 deletions examples/with-permissions/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ Note that this example may create resources which cost money. Run `terraform des
|------|------|
| [aws_cloudwatch_event_bus.external](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [aws_organizations_organization.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |

## Inputs

Expand Down
5 changes: 4 additions & 1 deletion examples/with-permissions/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ provider "aws" {
skip_requesting_account_id = true
}

data "aws_organizations_organization" "this" {}

module "eventbridge" {
source = "../../"

Expand All @@ -23,8 +25,9 @@ module "eventbridge" {
action = "events:PutEvents"
}

"* PublicAccessToExternalBus" = {
"* OrgAccessToExternalBus" = {
event_bus_name = aws_cloudwatch_event_bus.external.name
condition_org = data.aws_organizations_organization.this.id
}
}

Expand Down
10 changes: 10 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,16 @@ resource "aws_cloudwatch_event_permission" "this" {

action = lookup(each.value, "action", null)
event_bus_name = try(each.value["event_bus_name"], aws_cloudwatch_event_bus.this[0].name, var.bus_name, null)

dynamic "condition" {
for_each = try([each.value.condition_org], [])

content {
key = "aws:PrincipalOrgID"
type = "StringEquals"
value = condition.value
}
}
}

resource "aws_cloudwatch_event_connection" "this" {
Expand Down

0 comments on commit 49f1dff

Please sign in to comment.