Merge pull request #8 from tomarv2/develop

Pulling refs/heads/develop into main

Author: tomarv2

.github/workflows/pr-lint.yml

@@ -0,0 +1,15 @@
+name: PR lint
+
+on:
+  pull_request:
+    types: ['opened', 'edited', 'reopened', 'synchronize']
+
+jobs:
+  pr-lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: seferov/pr-lint-action@master
+      with:
+        title-regex: '^((Pulling|Update from) refs\/heads\/|(\[tf (plan|apply|destroy|status)\]|\[non tf\])\s(feat|fix|build|chore|ci|docs|style|refactor|perf|test)(\!?): (.{3,250})[^\s*]$)'
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        auto-close-message: 'Closing this pull request since the title does not match %pattern% pattern. Please fix the title and re-open the pull request.'

.github/workflows/state-actions.yml

@@ -19,7 +19,7 @@ repos:
           - '--args=--only=terraform_workspace_remote'
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.3.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -31,7 +31,7 @@ repos:
       - id: requirements-txt-fixer
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '2.0.914'
+    rev: '2.1.226'
     hooks:
     - id: checkov
       verbose: true

.pre-commit-config.yaml

@@ -18,7 +18,7 @@
 ### Versions
 
 - Module tested for Terraform 1.0.1.
-- AWS provider version [3.74](https://registry.terraform.io/providers/hashicorp/aws/latest)
+- AWS provider version [4.35](https://registry.terraform.io/providers/hashicorp/aws/latest)
 - `main` branch: Provider versions not pinned to keep up with Terraform releases.
 - `tags` releases: Tags are pinned with versions (use <a href="https://github.com/tomarv2/terraform-aws-cloudwatch-events/tags" alt="GitHub tag">
         <img src="https://img.shields.io/github/v/tag/tomarv2/terraform-aws-cloudwatch-events" /></a>).
@@ -38,7 +38,7 @@ terraform destroy -var='teamid=tryme' -var='prjid=project1'
 
 #### Option 2:
 
-##### Recommended method (stores remote state in S3 using `prjid` and `teamid` to create directory structure):
+##### Recommended method (stores remote state in remote backend(S3,  Azure storage, or Google bucket) using `prjid` and `teamid` to create directory structure):
 
 - Create python 3.8+ virtual environment
 ```
@@ -92,13 +92,13 @@ tf -c=aws destroy -var='teamid=foo' -var='prjid=bar'
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.74 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.35 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 3.74 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.35 |
 
 ## Modules
 
@@ -115,24 +115,15 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_branch"></a> [branch](#input\_branch) | branch to use for cicd | `string` | `"main"` | no |
-| <a name="input_custom_input"></a> [custom\_input](#input\_custom\_input) | custom input to be included in generated events | `map(any)` | `null` | no |
-| <a name="input_deploy_event_rule"></a> [deploy\_event\_rule](#input\_deploy\_event\_rule) | Feature flag, true or false | `bool` | `true` | no |
-| <a name="input_deploy_event_target"></a> [deploy\_event\_target](#input\_deploy\_event\_target) | Feature flag, true or false | `bool` | `true` | no |
-| <a name="input_description"></a> [description](#input\_description) | description for the cloudwatch event | `string` | `null` | no |
-| <a name="input_name"></a> [name](#input\_name) | Cloudwatch event rule name | `string` | `null` | no |
+| <a name="input_cloudwatch_event_config"></a> [cloudwatch\_event\_config](#input\_cloudwatch\_event\_config) | Cloudwatch event configuration | `map(any)` | `{}` | no |
+| <a name="input_extra_tags"></a> [extra\_tags](#input\_extra\_tags) | Additional tags to associate | `map(string)` | `{}` | no |
 | <a name="input_prjid"></a> [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes |
-| <a name="input_schedule"></a> [schedule](#input\_schedule) | schedule for the cloudwatch event | `string` | `"rate(1 day)"` | no |
-| <a name="input_service_role"></a> [service\_role](#input\_service\_role) | service role to be used by cicd | `string` | `null` | no |
-| <a name="input_suffix"></a> [suffix](#input\_suffix) | suffix to be added to cloudwatch rule name | `string` | `"rule"` | no |
-| <a name="input_target_arn"></a> [target\_arn](#input\_target\_arn) | target arn | `string` | n/a | yes |
 | <a name="input_teamid"></a> [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes |
-| <a name="input_timeout"></a> [timeout](#input\_timeout) | timeout for cloudwatch event | `number` | `60` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_cloudwatch_event_rule_arn"></a> [cloudwatch\_event\_rule\_arn](#output\_cloudwatch\_event\_rule\_arn) | The cloudwatch event rule ARN |
-| <a name="output_cloudwatch_event_target_arn"></a> [cloudwatch\_event\_target\_arn](#output\_cloudwatch\_event\_target\_arn) | The cloudwatch event target ARN |
+| <a name="output_event_rule_arn"></a> [event\_rule\_arn](#output\_event\_rule\_arn) | The cloudwatch event rule ARN |
+| <a name="output_event_target_arn"></a> [event\_target\_arn](#output\_event\_target\_arn) | The cloudwatch event target ARN |
 <!-- END_TF_DOCS -->

README.md

@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 1.0.1"
   required_providers {
     aws = {
-      version = "~> 3.74"
+      version = "~> 4.35"
     }
   }
 }
@@ -13,9 +13,12 @@ provider "aws" {
 
 module "cloudwatch_event" {
   source = "../"
-
-  service_role = "<>"
-  target_arn   = "<>"
+  cloudwatch_event_config = {
+    demo_rule = {
+      service_role = "arn:aws:iam::123456789012:role/demo-role"
+      target_arn   = "<lambda_role>"
+    }
+  }
   #-----------------------------------------------
   # Note: Do not change teamid and prjid once set.
   teamid = var.prjid

examples/main.tf

@@ -1,9 +1,9 @@
 output "cloudwatch_event_rule_arn" {
   description = "The cloudwatch event rule arn."
-  value       = module.cloudwatch_event.cloudwatch_event_rule_arn
+  value       = module.cloudwatch_event.event_rule_arn
 }
 
 output "cloudwatch_event_target_arn" {
   description = "The cloudwatch event target arn."
-  value       = module.cloudwatch_event.cloudwatch_event_target_arn
+  value       = module.cloudwatch_event.event_target_arn
 }

examples/outputs.tf

@@ -1,15 +1,23 @@
 variable "teamid" {
   description = "Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply'"
   type        = string
+  default     = "hello"
 }
 
 variable "prjid" {
   description = "Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply'"
   type        = string
+  default     = "world"
 }
 
 variable "region" {
   description = "AWS region to create resources"
   default     = "us-west-2"
   type        = string
 }
+
+variable "cloudwatch_event_config" {
+  description = "Cloudwatch event configuration"
+  type        = map(any)
+  default     = {}
+}

examples/variables.tf

@@ -1,25 +1,19 @@
-locals {
-  default_input = { "sourceVersion" = var.branch, "timeoutInMinutesOverride" = var.timeout }
-  event_input   = var.custom_input == null ? local.default_input : var.custom_input
-}
-
 resource "aws_cloudwatch_event_rule" "event_rule" {
-  count = var.deploy_event_rule ? 1 : 0
+  for_each = var.cloudwatch_event_config != null ? var.cloudwatch_event_config : {}
 
-  name                = var.name != null ? "${var.name}-${var.suffix}" : "${var.teamid}-${var.prjid}-${var.suffix}"
-  description         = var.description == null ? "Terraform managed: ${var.teamid}-${var.prjid}" : var.description
-  schedule_expression = var.schedule
-  role_arn            = var.service_role
+  name                = each.key
+  description         = try(each.value.description, "Terraform managed: ${var.teamid}-${var.prjid}")
+  schedule_expression = try(each.value.schedule, "rate(1 day)")
+  role_arn            = each.value.service_role
 
-  tags = merge(local.shared_tags)
+  tags = merge(local.shared_tags, var.extra_tags)
 }
 
 resource "aws_cloudwatch_event_target" "event_target_input_type" {
-  count = var.deploy_event_target ? 1 : 0
+  for_each = var.cloudwatch_event_config != null ? var.cloudwatch_event_config : {}
 
-  target_id = var.name != null ? var.name : "${var.teamid}-${var.prjid}"
-  rule      = aws_cloudwatch_event_rule.event_rule.*.id[count.index]
-  arn       = var.target_arn
-  role_arn  = var.service_role
-  input     = jsonencode(local.event_input)
+  target_id = each.key
+  rule      = join("", [for rule in aws_cloudwatch_event_rule.event_rule : rule.id])
+  arn       = each.value.target_arn
+  input     = jsonencode(try(each.value.event_input, { "sourceVersion" = try(each.value.branch, "main"), "timeoutInMinutesOverride" = try(each.value.timeout, 60) }))
 }

main.tf

@@ -1,9 +1,9 @@
-output "cloudwatch_event_rule_arn" {
+output "event_rule_arn" {
   description = "The cloudwatch event rule ARN"
-  value       = join("", aws_cloudwatch_event_rule.event_rule.*.arn)
+  value       = [for event in aws_cloudwatch_event_rule.event_rule : event.arn]
 }
 
-output "cloudwatch_event_target_arn" {
+output "event_target_arn" {
   description = "The cloudwatch event target ARN"
-  value       = join("", aws_cloudwatch_event_target.event_target_input_type.*.arn)
+  value       = [for target in aws_cloudwatch_event_rule.event_rule : target.arn]
 }

outputs.tf

@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 1.0.1"
   required_providers {
     aws = {
-      version = "~> 3.74"
+      version = "~> 4.35"
     }
   }
 }