Artem Udovyk

Search

SearchSearch

How to configure EventBridge pipe with Terraform

Apr 08, 20241 min read

resource "aws_pipes_pipe" "image_processor_events" {
  name       = "${local.project_name}-${terraform.workspace}-reporting-image-processor-events-pipe"
  role_arn   = aws_iam_role.image_processor_events.arn
  source     = aws_sqs_queue.image_processor_events.arn
  target     = aws_cloudwatch_log_group.events_activity_logs.arn
 
  source_parameters {}
 
  target_parameters {}
 
  depends_on = [aws_iam_role_policy.source, aws_iam_role_policy.target]
}
 
resource "awscc_pipes_pipe" "image_processor_events" {
  name       = "${local.project_name}-${terraform.workspace}-reporting-image-processor-events-pipe"
  role_arn   = aws_iam_role.image_processor_events.arn
  source     = aws_sqs_queue.image_processor_events.arn
  target     = aws_cloudwatch_log_group.events_activity_logs.arn
  desired_state = "RUNNING"
 
  source_parameters = {}
 
  target_parameters = {
    cloudwatch_logs_parameters = {
      log_stream_name = "image_processor"
    }
  }
 
  depends_on = [aws_iam_role_policy.source, aws_iam_role_policy.target]
}
 
# Role
resource "aws_iam_role" "image_processor_events" {
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = {
      Effect = "Allow"
      Action = "sts:AssumeRole"
      Principal = {
        Service = "pipes.amazonaws.com"
      }
      Condition = {
        StringEquals = {
          "aws:SourceAccount" = data.aws_caller_identity.main.account_id
        }
      }
    }
  })
}
 
resource "aws_iam_role_policy" "source" {
  role = aws_iam_role.image_processor_events.id
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "sqs:DeleteMessage",
          "sqs:GetQueueAttributes",
          "sqs:ReceiveMessage",
        ],
        Resource = [
          aws_sqs_queue.image_processor_events.arn,
        ]
      },
    ]
  })
}
 
resource "aws_iam_role_policy" "target" {
  role = aws_iam_role.image_processor_events.id
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "sqs:SendMessage",
        ],
        Resource = [
          aws_cloudwatch_log_group.events_activity_logs.arn,
        ]
      },
    ]
  })
}

Graph View

Backlinks

  • No backlinks found