Provides a resource to create an EventBridge permission to support cross-account events in the current account default event bus.
resource "aws_cloudwatch_event_permission" "DevAccountAccess" {
principal = "123456789012"
statement_id = "DevAccountAccess"
}
resource "aws_cloudwatch_event_permission" "OrganizationAccess" {
principal = "*"
statement_id = "OrganizationAccess"
condition {
key = "aws:PrincipalOrgID"
type = "StringEquals"
value = aws_organizations_organization.example.id
}
}
This resource supports the following arguments:
principal
- (Required) The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify *
to permit any account to put events to your default event bus, optionally limited by condition
.statement_id
- (Required) An identifier string for the external account that you are granting permissions to.action
- (Optional) The action that you are enabling the other account to perform. Defaults to events:PutEvents
.condition
- (Optional) Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below.event_bus_name
- (Optional) The name of the event bus to set the permissions on.
If you omit this, the permissions are set on the default
event bus.key
- (Required) Key for the condition. Valid values: aws:PrincipalOrgID
.type
- (Required) Type of condition. Value values: StringEquals
.value
- (Required) Value for the key.This resource exports the following attributes in addition to the arguments above:
id
- The statement ID of the EventBridge permission.In Terraform v1.5.0 and later, use an import
block to import EventBridge permissions using the event_bus_name/statement_id
(if you omit event_bus_name
, the default
event bus will be used). For example:
import {
to = aws_cloudwatch_event_permission.DevAccountAccess
id = "example-event-bus/DevAccountAccess"
}
Using terraform import
, import EventBridge permissions using the event_bus_name/statement_id
(if you omit event_bus_name
, the default
event bus will be used). For example:
% terraform import aws_cloudwatch_event_permission.DevAccountAccess example-event-bus/DevAccountAccess