terraformterraform-aws-modules

How can i use same cloudwatch logs and same sns target for each scheduled events in terraform?


I have 2 events:

in event-bridge/events/event1/main.tf

module "event1" {
  source              = "../../rule"
  name                = "event1"
  description         = "event1"
  schedule_expression = "cron(0 4 * * ? *)"
  input               = jsonencode({"job-type": "event1"})
  cloudwatch_arn      = module.targets.cloudwatch_arn
}

module "targets" {
  source = "../../targets"
}

in event-bridge/events/event2/main.tf

module "event2" {
  source              = "../../rule"
  name                = "event2"
  description         = "event2"
  schedule_expression = "cron(0 5 * * ? *)"
  input               = jsonencode({"job-type": "event2"})
  cloudwatch_arn      = module.targets.cloudwatch_arn
}

module "targets" {
  source = "../../targets"
}

in event-bridge/targets/main.tf

resource "aws_cloudwatch_log_group" "log_group_target" {
  name = "/aws/events/${local.rule_name}"
}

resource "aws_sns_topic" "sns_target" {
  name = local.rule_name
}

resource "aws_sns_topic_policy" "sns-target-policy" {
  arn    = aws_sns_topic.sns_target.arn
  policy = data.aws_iam_policy_document.events_to_sns_topic_policy.json
}

data "aws_iam_policy_document" "events_to_sns_topic_policy" {
  statement {
    effect  = "Allow"
    actions = ["SNS:Publish"]

    principals {
      type        = "Service"
      identifiers = ["events.amazonaws.com"]
    }

    resources = [aws_sns_topic.sns_target.arn]
  }
}

in event-bridge/targets/variables.tf

locals {
  rule_name = "scheduled-events"
}

in event-bridge/targets/output.tf

output "cloudwatch_arn" {
  value = aws_cloudwatch_log_group.log_group_target.arn
}

output "sns_topic_arn" {
  value = aws_sns_topic.sns_target.arn
}

in event-bridge/rule/main.tf

resource "aws_cloudwatch_event_rule" "rule" {
  name                = var.name
  description         = var.description
  schedule_expression = var.schedule_expression
}

resource "aws_cloudwatch_event_target" "cloud_watch_target" {
  rule  = local.rule_name
  arn   = var.cloudwatch_arn
}

resource "aws_cloudwatch_event_target" "sns_target" {
  rule      = local.rule_name
  arn       = var.sns_arn
  input     = var.input
}

in event-bridge/rule/variables.tf

locals {
  rule_name = "scheduled-events"
}

variable "name" {
  description = "A name of the event bridge rule to be created"
  type        = string
}

variable "description" {
  description = "A description of the event bridge rule to be created"
  type        = string
}

variable "input" {
  description = "A message for the events to be processed by this rule"
  type        = any
}

variable "schedule_expression" {
  description = "A scheduled time interval for the events to be processed"
  type        = any
}

variable "cloudwatch_arn" {
  description = "Logging cloudwatch arn for the events to be processed"
  type        = any
}

if i plan like this for each event another cloudwatch log group and sns target is created and when apply there is an error due to same name, but i want them to use same cloudwatch log group and sns target.. do you have any idea how i can achieve that? thanks a lot!!


Solution

  • A resource can only be managed at one address in the state. You are creating two instances of the targets module: module.event1.module.targets and module.event2.module.targets.

    If you want to use the same values created in one targets module in both events modules, then you must either pass the module outputs in as variables or use data sources in the events modules to reference the targets. In both cases, only create one targets module.


    As requested, I am expanding the answer to clarify.

    Consider the following directory structure.

    Here main.tf at the root is the provider for the state. Here are the contents of the files, though I haven't tested this.

    rule/main.tf

    resource "aws_cloudwatch_event_rule" "rule" {
      name                = var.name
      description         = var.description
      schedule_expression = var.schedule_expression
    }
    
    resource "aws_cloudwatch_event_target" "cloud_watch_target" {
      rule = aws_cloudwatch_event_rule.rule.name
      arn  = var.cloudwatch_arn
    }
    
    resource "aws_cloudwatch_event_target" "sns_target" {
      rule  = aws_cloudwatch_event_rule.rule.name
      arn   = var.sns_topic_arn
      input = var.input
    }
    

    rule/variables.tf

    variable "name" {
      description = "A name of the event bridge rule to be created"
      type        = string
    }
    
    variable "description" {
      description = "A description of the event bridge rule to be created"
      type        = string
    }
    
    variable "input" {
      description = "A message for the events to be processed by this rule"
      type        = any
    }
    
    variable "schedule_expression" {
      description = "A scheduled time interval for the events to be processed"
      type        = string
    }
    
    variable "cloudwatch_arn" {
      description = "Logging cloudwatch arn for the events to be processed"
      type        = string
    }
    
    variable "sns_topic_arn" {
      type = string
    }
    

    targets/main.tf

    resource "aws_cloudwatch_log_group" "log_group_target" {
      name = "/aws/events/${local.rule_name}"
    }
    
    resource "aws_sns_topic" "sns_target" {
      name = local.rule_name
    }
    
    resource "aws_sns_topic_policy" "sns-target-policy" {
      arn    = aws_sns_topic.sns_target.arn
      policy = data.aws_iam_policy_document.events_to_sns_topic_policy.json
    }
    
    data "aws_iam_policy_document" "events_to_sns_topic_policy" {
      statement {
        effect  = "Allow"
        actions = ["SNS:Publish"]
    
        principals {
          type        = "Service"
          identifiers = ["events.amazonaws.com"]
        }
    
        resources = [aws_sns_topic.sns_target.arn]
      }
    }
    

    targets/outputs.tf

    output "cloudwatch_arn" {
      value = aws_cloudwatch_log_group.log_group_target.arn
    }
    
    output "sns_topic_arn" {
      value = aws_sns_topic.sns_target.arn
    }
    

    targets/variables.tf

    locals {
      rule_name = "scheduled-events"
    }
    

    the main top-level main.tf

    module "targets" {
      source = "./targets"
    }
    
    module "event1" {
      source = "./rule"
    
      name                = "event1"
      description         = "event1"
      schedule_expression = "cron(0 4 * * ? *)"
      input               = jsonencode({ "job-type" : "event1" })
      cloudwatch_arn      = module.targets.cloudwatch_arn
      sns_topic_arn       = module.targets.sns_topic_arn
    }
    
    module "event2" {
      source = "./rule"
    
      name                = "event2"
      description         = "event2"
      schedule_expression = "cron(0 5 * * ? *)"
      input               = jsonencode({ "job-type" : "event2" })
      cloudwatch_arn      = module.targets.cloudwatch_arn
      sns_topic_arn       = module.targets.sns_topic_arn
    }