» Resource: aws_cloudwatch_event_permission
Provides a resource to create a CloudWatch Events permission to support cross-account events in the current account default event bus.
» Example Usage
» Account Access
resource "aws_cloudwatch_event_permission" "DevAccountAccess" {
principal = "123456789012"
statement_id = "DevAccountAccess"
}
» Organization Access
resource "aws_cloudwatch_event_permission" "OrganizationAccess" {
principal = "*"
statement_id = "OrganizationAccess"
condition {
key = "aws:PrincipalOrgID"
type = "StringEquals"
value = "${aws_organizations_organization.example.id}"
}
}
» Argument Reference
The following arguments are supported:
-
principal
- (Required) The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify*
to permit any account to put events to your default event bus, optionally limited bycondition
. -
statement_id
- (Required) An identifier string for the external account that you are granting permissions to. -
action
- (Optional) The action that you are enabling the other account to perform. Defaults toevents:PutEvents
. -
condition
- (Optional) Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below.
» condition
-
key
- (Required) Key for the condition. Valid values:aws:PrincipalOrgID
. -
type
- (Required) Type of condition. Value values:StringEquals
. -
value
- (Required) Value for the key.
» Attributes Reference
In addition to all arguments above, the following attributes are exported:
-
id
- The statement ID of the CloudWatch Events permission.
» Import
CloudWatch Events permissions can be imported using the statement ID, e.g.
$ terraform import aws_cloudwatch_event_permission.DevAccountAccess DevAccountAccess