Provides a resource to create an EventBridge resource policy to support cross-account events.
data "aws_iam_policy_document" "test" {
statement {
sid = "DevAccountAccess"
effect = "Allow"
actions = [
"events:PutEvents",
]
resources = [
"arn:aws:events:eu-west-1:123456789012:event-bus/default"
]
principals {
type = "AWS"
identifiers = ["123456789012"]
}
}
}
resource "aws_cloudwatch_event_bus_policy" "test" {
policy = data.aws_iam_policy_document.test.json
event_bus_name = aws_cloudwatch_event_bus.test.name
}
data "aws_iam_policy_document" "test" {
statement {
sid = "OrganizationAccess"
effect = "Allow"
actions = [
"events:DescribeRule",
"events:ListRules",
"events:ListTargetsByRule",
"events:ListTagsForResource",
]
resources = [
"arn:aws:events:eu-west-1:123456789012:rule/*",
"arn:aws:events:eu-west-1:123456789012:event-bus/default"
]
principals {
type = "AWS"
identifiers = ["*"]
}
condition {
test = "StringEquals"
variable = "aws:PrincipalOrgID"
values = [aws_organizations_organization.example.id]
}
}
}
resource "aws_cloudwatch_event_bus_policy" "test" {
policy = data.aws_iam_policy_document.test.json
event_bus_name = aws_cloudwatch_event_bus.test.name
}
data "aws_iam_policy_document" "test" {
statement {
sid = "DevAccountAccess"
effect = "Allow"
actions = [
"events:PutEvents",
]
resources = [
"arn:aws:events:eu-west-1:123456789012:event-bus/default"
]
principals {
type = "AWS"
identifiers = ["123456789012"]
}
}
statement {
sid = "OrganizationAccess"
effect = "Allow"
actions = [
"events:DescribeRule",
"events:ListRules",
"events:ListTargetsByRule",
"events:ListTagsForResource",
]
resources = [
"arn:aws:events:eu-west-1:123456789012:rule/*",
"arn:aws:events:eu-west-1:123456789012:event-bus/default"
]
principals {
type = "AWS"
identifiers = ["*"]
}
condition {
test = "StringEquals"
variable = "aws:PrincipalOrgID"
values = [aws_organizations_organization.example.id]
}
}
}
resource "aws_cloudwatch_event_bus_policy" "test" {
policy = data.aws_iam_policy_document.test.json
event_bus_name = aws_cloudwatch_event_bus.test.name
}
This resource supports the following arguments:
policy
- (Required) The text of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.event_bus_name
- (Optional) The name of the event bus to set the permissions on.
If you omit this, the permissions are set on the default
event bus.This resource exports the following attributes in addition to the arguments above:
id
- The name of the EventBridge event bus.In Terraform v1.5.0 and later, use an import
block to import an EventBridge policy using the event_bus_name
. For example:
import {
to = aws_cloudwatch_event_bus_policy.DevAccountAccess
id = "example-event-bus"
}
Using terraform import
, import an EventBridge policy using the event_bus_name
. For example:
% terraform import aws_cloudwatch_event_bus_policy.DevAccountAccess example-event-bus