Try AWS Native preview for resources not in the classic version.
aws.cloudwatch.EventTarget
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Provides an EventBridge Target resource.
Note: EventBridge was formerly known as CloudWatch Events. The functionality is identical.
Example Usage
Kinesis Usage
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var console = new Aws.CloudWatch.EventRule("console", new()
{
Description = "Capture all EC2 scaling events",
EventPattern = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["source"] = new[]
{
"aws.autoscaling",
},
["detail-type"] = new[]
{
"EC2 Instance Launch Successful",
"EC2 Instance Terminate Successful",
"EC2 Instance Launch Unsuccessful",
"EC2 Instance Terminate Unsuccessful",
},
}),
});
var testStream = new Aws.Kinesis.Stream("testStream", new()
{
ShardCount = 1,
});
var yada = new Aws.CloudWatch.EventTarget("yada", new()
{
Rule = console.Name,
Arn = testStream.Arn,
RunCommandTargets = new[]
{
new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs
{
Key = "tag:Name",
Values = new[]
{
"FooBar",
},
},
new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs
{
Key = "InstanceIds",
Values = new[]
{
"i-162058cd308bffec2",
},
},
},
});
});
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"source": []string{
"aws.autoscaling",
},
"detail-type": []string{
"EC2 Instance Launch Successful",
"EC2 Instance Terminate Successful",
"EC2 Instance Launch Unsuccessful",
"EC2 Instance Terminate Unsuccessful",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
console, err := cloudwatch.NewEventRule(ctx, "console", &cloudwatch.EventRuleArgs{
Description: pulumi.String("Capture all EC2 scaling events"),
EventPattern: pulumi.String(json0),
})
if err != nil {
return err
}
testStream, err := kinesis.NewStream(ctx, "testStream", &kinesis.StreamArgs{
ShardCount: pulumi.Int(1),
})
if err != nil {
return err
}
_, err = cloudwatch.NewEventTarget(ctx, "yada", &cloudwatch.EventTargetArgs{
Rule: console.Name,
Arn: testStream.Arn,
RunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{
&cloudwatch.EventTargetRunCommandTargetArgs{
Key: pulumi.String("tag:Name"),
Values: pulumi.StringArray{
pulumi.String("FooBar"),
},
},
&cloudwatch.EventTargetRunCommandTargetArgs{
Key: pulumi.String("InstanceIds"),
Values: pulumi.StringArray{
pulumi.String("i-162058cd308bffec2"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.EventRule;
import com.pulumi.aws.cloudwatch.EventRuleArgs;
import com.pulumi.aws.kinesis.Stream;
import com.pulumi.aws.kinesis.StreamArgs;
import com.pulumi.aws.cloudwatch.EventTarget;
import com.pulumi.aws.cloudwatch.EventTargetArgs;
import com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var console = new EventRule("console", EventRuleArgs.builder()
.description("Capture all EC2 scaling events")
.eventPattern(serializeJson(
jsonObject(
jsonProperty("source", jsonArray("aws.autoscaling")),
jsonProperty("detail-type", jsonArray(
"EC2 Instance Launch Successful",
"EC2 Instance Terminate Successful",
"EC2 Instance Launch Unsuccessful",
"EC2 Instance Terminate Unsuccessful"
))
)))
.build());
var testStream = new Stream("testStream", StreamArgs.builder()
.shardCount(1)
.build());
var yada = new EventTarget("yada", EventTargetArgs.builder()
.rule(console.name())
.arn(testStream.arn())
.runCommandTargets(
EventTargetRunCommandTargetArgs.builder()
.key("tag:Name")
.values("FooBar")
.build(),
EventTargetRunCommandTargetArgs.builder()
.key("InstanceIds")
.values("i-162058cd308bffec2")
.build())
.build());
}
}
import pulumi
import json
import pulumi_aws as aws
console = aws.cloudwatch.EventRule("console",
description="Capture all EC2 scaling events",
event_pattern=json.dumps({
"source": ["aws.autoscaling"],
"detail-type": [
"EC2 Instance Launch Successful",
"EC2 Instance Terminate Successful",
"EC2 Instance Launch Unsuccessful",
"EC2 Instance Terminate Unsuccessful",
],
}))
test_stream = aws.kinesis.Stream("testStream", shard_count=1)
yada = aws.cloudwatch.EventTarget("yada",
rule=console.name,
arn=test_stream.arn,
run_command_targets=[
aws.cloudwatch.EventTargetRunCommandTargetArgs(
key="tag:Name",
values=["FooBar"],
),
aws.cloudwatch.EventTargetRunCommandTargetArgs(
key="InstanceIds",
values=["i-162058cd308bffec2"],
),
])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const console = new aws.cloudwatch.EventRule("console", {
description: "Capture all EC2 scaling events",
eventPattern: JSON.stringify({
source: ["aws.autoscaling"],
"detail-type": [
"EC2 Instance Launch Successful",
"EC2 Instance Terminate Successful",
"EC2 Instance Launch Unsuccessful",
"EC2 Instance Terminate Unsuccessful",
],
}),
});
const testStream = new aws.kinesis.Stream("testStream", {shardCount: 1});
const yada = new aws.cloudwatch.EventTarget("yada", {
rule: console.name,
arn: testStream.arn,
runCommandTargets: [
{
key: "tag:Name",
values: ["FooBar"],
},
{
key: "InstanceIds",
values: ["i-162058cd308bffec2"],
},
],
});
resources:
yada:
type: aws:cloudwatch:EventTarget
properties:
rule: ${console.name}
arn: ${testStream.arn}
runCommandTargets:
- key: tag:Name
values:
- FooBar
- key: InstanceIds
values:
- i-162058cd308bffec2
console:
type: aws:cloudwatch:EventRule
properties:
description: Capture all EC2 scaling events
eventPattern:
fn::toJSON:
source:
- aws.autoscaling
detail-type:
- EC2 Instance Launch Successful
- EC2 Instance Terminate Successful
- EC2 Instance Launch Unsuccessful
- EC2 Instance Terminate Unsuccessful
testStream:
type: aws:kinesis:Stream
properties:
shardCount: 1
SSM Document Usage
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var ssmLifecycleTrust = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"events.amazonaws.com",
},
},
},
},
},
});
var stopInstance = new Aws.Ssm.Document("stopInstance", new()
{
DocumentType = "Command",
Content = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["schemaVersion"] = "1.2",
["description"] = "Stop an instance",
["parameters"] = new Dictionary<string, object?>
{
},
["runtimeConfig"] = new Dictionary<string, object?>
{
["aws:runShellScript"] = new Dictionary<string, object?>
{
["properties"] = new[]
{
new Dictionary<string, object?>
{
["id"] = "0.aws:runShellScript",
["runCommand"] = new[]
{
"halt",
},
},
},
},
},
}),
});
var ssmLifecyclePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"ssm:SendCommand",
},
Resources = new[]
{
"arn:aws:ec2:eu-west-1:1234567890:instance/*",
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "ec2:ResourceTag/Terminate",
Values = new[]
{
"*",
},
},
},
},
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"ssm:SendCommand",
},
Resources = new[]
{
stopInstance.Arn,
},
},
},
});
var ssmLifecycleRole = new Aws.Iam.Role("ssmLifecycleRole", new()
{
AssumeRolePolicy = ssmLifecycleTrust.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var ssmLifecyclePolicy = new Aws.Iam.Policy("ssmLifecyclePolicy", new()
{
PolicyDocument = ssmLifecyclePolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var ssmLifecycleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("ssmLifecycleRolePolicyAttachment", new()
{
PolicyArn = ssmLifecyclePolicy.Arn,
Role = ssmLifecycleRole.Name,
});
var stopInstancesEventRule = new Aws.CloudWatch.EventRule("stopInstancesEventRule", new()
{
Description = "Stop instances nightly",
ScheduleExpression = "cron(0 0 * * ? *)",
});
var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget("stopInstancesEventTarget", new()
{
Arn = stopInstance.Arn,
Rule = stopInstancesEventRule.Name,
RoleArn = ssmLifecycleRole.Arn,
RunCommandTargets = new[]
{
new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs
{
Key = "tag:Terminate",
Values = new[]
{
"midnight",
},
},
},
});
});
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
ssmLifecycleTrust, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"sts:AssumeRole",
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"events.amazonaws.com",
},
},
},
},
},
}, nil)
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"schemaVersion": "1.2",
"description": "Stop an instance",
"parameters": nil,
"runtimeConfig": map[string]interface{}{
"aws:runShellScript": map[string]interface{}{
"properties": []map[string]interface{}{
map[string]interface{}{
"id": "0.aws:runShellScript",
"runCommand": []string{
"halt",
},
},
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
stopInstance, err := ssm.NewDocument(ctx, "stopInstance", &ssm.DocumentArgs{
DocumentType: pulumi.String("Command"),
Content: pulumi.String(json0),
})
if err != nil {
return err
}
ssmLifecyclePolicyDocument := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Actions: pulumi.StringArray{
pulumi.String("ssm:SendCommand"),
},
Resources: pulumi.StringArray{
pulumi.String("arn:aws:ec2:eu-west-1:1234567890:instance/*"),
},
Conditions: iam.GetPolicyDocumentStatementConditionArray{
&iam.GetPolicyDocumentStatementConditionArgs{
Test: pulumi.String("StringEquals"),
Variable: pulumi.String("ec2:ResourceTag/Terminate"),
Values: pulumi.StringArray{
pulumi.String("*"),
},
},
},
},
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Actions: pulumi.StringArray{
pulumi.String("ssm:SendCommand"),
},
Resources: pulumi.StringArray{
stopInstance.Arn,
},
},
},
}, nil)
ssmLifecycleRole, err := iam.NewRole(ctx, "ssmLifecycleRole", &iam.RoleArgs{
AssumeRolePolicy: *pulumi.String(ssmLifecycleTrust.Json),
})
if err != nil {
return err
}
ssmLifecyclePolicy, err := iam.NewPolicy(ctx, "ssmLifecyclePolicy", &iam.PolicyArgs{
Policy: ssmLifecyclePolicyDocument.ApplyT(func(ssmLifecyclePolicyDocument iam.GetPolicyDocumentResult) (*string, error) {
return &ssmLifecyclePolicyDocument.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "ssmLifecycleRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
PolicyArn: ssmLifecyclePolicy.Arn,
Role: ssmLifecycleRole.Name,
})
if err != nil {
return err
}
stopInstancesEventRule, err := cloudwatch.NewEventRule(ctx, "stopInstancesEventRule", &cloudwatch.EventRuleArgs{
Description: pulumi.String("Stop instances nightly"),
ScheduleExpression: pulumi.String("cron(0 0 * * ? *)"),
})
if err != nil {
return err
}
_, err = cloudwatch.NewEventTarget(ctx, "stopInstancesEventTarget", &cloudwatch.EventTargetArgs{
Arn: stopInstance.Arn,
Rule: stopInstancesEventRule.Name,
RoleArn: ssmLifecycleRole.Arn,
RunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{
&cloudwatch.EventTargetRunCommandTargetArgs{
Key: pulumi.String("tag:Terminate"),
Values: pulumi.StringArray{
pulumi.String("midnight"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.ssm.Document;
import com.pulumi.aws.ssm.DocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.cloudwatch.EventRule;
import com.pulumi.aws.cloudwatch.EventRuleArgs;
import com.pulumi.aws.cloudwatch.EventTarget;
import com.pulumi.aws.cloudwatch.EventTargetArgs;
import com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var ssmLifecycleTrust = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("events.amazonaws.com")
.build())
.build())
.build());
var stopInstance = new Document("stopInstance", DocumentArgs.builder()
.documentType("Command")
.content(serializeJson(
jsonObject(
jsonProperty("schemaVersion", "1.2"),
jsonProperty("description", "Stop an instance"),
jsonProperty("parameters", jsonObject(
)),
jsonProperty("runtimeConfig", jsonObject(
jsonProperty("aws:runShellScript", jsonObject(
jsonProperty("properties", jsonArray(jsonObject(
jsonProperty("id", "0.aws:runShellScript"),
jsonProperty("runCommand", jsonArray("halt"))
)))
))
))
)))
.build());
final var ssmLifecyclePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("ssm:SendCommand")
.resources("arn:aws:ec2:eu-west-1:1234567890:instance/*")
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("ec2:ResourceTag/Terminate")
.values("*")
.build())
.build(),
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("ssm:SendCommand")
.resources(stopInstance.arn())
.build())
.build());
var ssmLifecycleRole = new Role("ssmLifecycleRole", RoleArgs.builder()
.assumeRolePolicy(ssmLifecycleTrust.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var ssmLifecyclePolicy = new Policy("ssmLifecyclePolicy", PolicyArgs.builder()
.policy(ssmLifecyclePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(ssmLifecyclePolicyDocument -> ssmLifecyclePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
var ssmLifecycleRolePolicyAttachment = new RolePolicyAttachment("ssmLifecycleRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.policyArn(ssmLifecyclePolicy.arn())
.role(ssmLifecycleRole.name())
.build());
var stopInstancesEventRule = new EventRule("stopInstancesEventRule", EventRuleArgs.builder()
.description("Stop instances nightly")
.scheduleExpression("cron(0 0 * * ? *)")
.build());
var stopInstancesEventTarget = new EventTarget("stopInstancesEventTarget", EventTargetArgs.builder()
.arn(stopInstance.arn())
.rule(stopInstancesEventRule.name())
.roleArn(ssmLifecycleRole.arn())
.runCommandTargets(EventTargetRunCommandTargetArgs.builder()
.key("tag:Terminate")
.values("midnight")
.build())
.build());
}
}
import pulumi
import json
import pulumi_aws as aws
ssm_lifecycle_trust = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
actions=["sts:AssumeRole"],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["events.amazonaws.com"],
)],
)])
stop_instance = aws.ssm.Document("stopInstance",
document_type="Command",
content=json.dumps({
"schemaVersion": "1.2",
"description": "Stop an instance",
"parameters": {},
"runtimeConfig": {
"aws:runShellScript": {
"properties": [{
"id": "0.aws:runShellScript",
"runCommand": ["halt"],
}],
},
},
}))
ssm_lifecycle_policy_document = aws.iam.get_policy_document_output(statements=[
aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=["ssm:SendCommand"],
resources=["arn:aws:ec2:eu-west-1:1234567890:instance/*"],
conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
variable="ec2:ResourceTag/Terminate",
values=["*"],
)],
),
aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=["ssm:SendCommand"],
resources=[stop_instance.arn],
),
])
ssm_lifecycle_role = aws.iam.Role("ssmLifecycleRole", assume_role_policy=ssm_lifecycle_trust.json)
ssm_lifecycle_policy = aws.iam.Policy("ssmLifecyclePolicy", policy=ssm_lifecycle_policy_document.json)
ssm_lifecycle_role_policy_attachment = aws.iam.RolePolicyAttachment("ssmLifecycleRolePolicyAttachment",
policy_arn=ssm_lifecycle_policy.arn,
role=ssm_lifecycle_role.name)
stop_instances_event_rule = aws.cloudwatch.EventRule("stopInstancesEventRule",
description="Stop instances nightly",
schedule_expression="cron(0 0 * * ? *)")
stop_instances_event_target = aws.cloudwatch.EventTarget("stopInstancesEventTarget",
arn=stop_instance.arn,
rule=stop_instances_event_rule.name,
role_arn=ssm_lifecycle_role.arn,
run_command_targets=[aws.cloudwatch.EventTargetRunCommandTargetArgs(
key="tag:Terminate",
values=["midnight"],
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const ssmLifecycleTrust = aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
principals: [{
type: "Service",
identifiers: ["events.amazonaws.com"],
}],
}],
});
const stopInstance = new aws.ssm.Document("stopInstance", {
documentType: "Command",
content: JSON.stringify({
schemaVersion: "1.2",
description: "Stop an instance",
parameters: {},
runtimeConfig: {
"aws:runShellScript": {
properties: [{
id: "0.aws:runShellScript",
runCommand: ["halt"],
}],
},
},
}),
});
const ssmLifecyclePolicyDocument = aws.iam.getPolicyDocumentOutput({
statements: [
{
effect: "Allow",
actions: ["ssm:SendCommand"],
resources: ["arn:aws:ec2:eu-west-1:1234567890:instance/*"],
conditions: [{
test: "StringEquals",
variable: "ec2:ResourceTag/Terminate",
values: ["*"],
}],
},
{
effect: "Allow",
actions: ["ssm:SendCommand"],
resources: [stopInstance.arn],
},
],
});
const ssmLifecycleRole = new aws.iam.Role("ssmLifecycleRole", {assumeRolePolicy: ssmLifecycleTrust.then(ssmLifecycleTrust => ssmLifecycleTrust.json)});
const ssmLifecyclePolicy = new aws.iam.Policy("ssmLifecyclePolicy", {policy: ssmLifecyclePolicyDocument.apply(ssmLifecyclePolicyDocument => ssmLifecyclePolicyDocument.json)});
const ssmLifecycleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("ssmLifecycleRolePolicyAttachment", {
policyArn: ssmLifecyclePolicy.arn,
role: ssmLifecycleRole.name,
});
const stopInstancesEventRule = new aws.cloudwatch.EventRule("stopInstancesEventRule", {
description: "Stop instances nightly",
scheduleExpression: "cron(0 0 * * ? *)",
});
const stopInstancesEventTarget = new aws.cloudwatch.EventTarget("stopInstancesEventTarget", {
arn: stopInstance.arn,
rule: stopInstancesEventRule.name,
roleArn: ssmLifecycleRole.arn,
runCommandTargets: [{
key: "tag:Terminate",
values: ["midnight"],
}],
});
resources:
ssmLifecycleRole:
type: aws:iam:Role
properties:
assumeRolePolicy: ${ssmLifecycleTrust.json}
ssmLifecyclePolicy:
type: aws:iam:Policy
properties:
policy: ${ssmLifecyclePolicyDocument.json}
ssmLifecycleRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
properties:
policyArn: ${ssmLifecyclePolicy.arn}
role: ${ssmLifecycleRole.name}
stopInstance:
type: aws:ssm:Document
properties:
documentType: Command
content:
fn::toJSON:
schemaVersion: '1.2'
description: Stop an instance
parameters: {}
runtimeConfig:
aws:runShellScript:
properties:
- id: 0.aws:runShellScript
runCommand:
- halt
stopInstancesEventRule:
type: aws:cloudwatch:EventRule
properties:
description: Stop instances nightly
scheduleExpression: cron(0 0 * * ? *)
stopInstancesEventTarget:
type: aws:cloudwatch:EventTarget
properties:
arn: ${stopInstance.arn}
rule: ${stopInstancesEventRule.name}
roleArn: ${ssmLifecycleRole.arn}
runCommandTargets:
- key: tag:Terminate
values:
- midnight
variables:
ssmLifecycleTrust:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRole
principals:
- type: Service
identifiers:
- events.amazonaws.com
ssmLifecyclePolicyDocument:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- ssm:SendCommand
resources:
- arn:aws:ec2:eu-west-1:1234567890:instance/*
conditions:
- test: StringEquals
variable: ec2:ResourceTag/Terminate
values:
- '*'
- effect: Allow
actions:
- ssm:SendCommand
resources:
- ${stopInstance.arn}
RunCommand Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var stopInstancesEventRule = new Aws.CloudWatch.EventRule("stopInstancesEventRule", new()
{
Description = "Stop instances nightly",
ScheduleExpression = "cron(0 0 * * ? *)",
});
var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget("stopInstancesEventTarget", new()
{
Arn = $"arn:aws:ssm:{@var.Aws_region}::document/AWS-RunShellScript",
Input = "{\"commands\":[\"halt\"]}",
Rule = stopInstancesEventRule.Name,
RoleArn = aws_iam_role.Ssm_lifecycle.Arn,
RunCommandTargets = new[]
{
new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs
{
Key = "tag:Terminate",
Values = new[]
{
"midnight",
},
},
},
});
});
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
stopInstancesEventRule, err := cloudwatch.NewEventRule(ctx, "stopInstancesEventRule", &cloudwatch.EventRuleArgs{
Description: pulumi.String("Stop instances nightly"),
ScheduleExpression: pulumi.String("cron(0 0 * * ? *)"),
})
if err != nil {
return err
}
_, err = cloudwatch.NewEventTarget(ctx, "stopInstancesEventTarget", &cloudwatch.EventTargetArgs{
Arn: pulumi.String(fmt.Sprintf("arn:aws:ssm:%v::document/AWS-RunShellScript", _var.Aws_region)),
Input: pulumi.String("{\"commands\":[\"halt\"]}"),
Rule: stopInstancesEventRule.Name,
RoleArn: pulumi.Any(aws_iam_role.Ssm_lifecycle.Arn),
RunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{
&cloudwatch.EventTargetRunCommandTargetArgs{
Key: pulumi.String("tag:Terminate"),
Values: pulumi.StringArray{
pulumi.String("midnight"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.EventRule;
import com.pulumi.aws.cloudwatch.EventRuleArgs;
import com.pulumi.aws.cloudwatch.EventTarget;
import com.pulumi.aws.cloudwatch.EventTargetArgs;
import com.pulumi.aws.cloudwatch.inputs.EventTargetRunCommandTargetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var stopInstancesEventRule = new EventRule("stopInstancesEventRule", EventRuleArgs.builder()
.description("Stop instances nightly")
.scheduleExpression("cron(0 0 * * ? *)")
.build());
var stopInstancesEventTarget = new EventTarget("stopInstancesEventTarget", EventTargetArgs.builder()
.arn(String.format("arn:aws:ssm:%s::document/AWS-RunShellScript", var_.aws_region()))
.input("{\"commands\":[\"halt\"]}")
.rule(stopInstancesEventRule.name())
.roleArn(aws_iam_role.ssm_lifecycle().arn())
.runCommandTargets(EventTargetRunCommandTargetArgs.builder()
.key("tag:Terminate")
.values("midnight")
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
stop_instances_event_rule = aws.cloudwatch.EventRule("stopInstancesEventRule",
description="Stop instances nightly",
schedule_expression="cron(0 0 * * ? *)")
stop_instances_event_target = aws.cloudwatch.EventTarget("stopInstancesEventTarget",
arn=f"arn:aws:ssm:{var['aws_region']}::document/AWS-RunShellScript",
input="{\"commands\":[\"halt\"]}",
rule=stop_instances_event_rule.name,
role_arn=aws_iam_role["ssm_lifecycle"]["arn"],
run_command_targets=[aws.cloudwatch.EventTargetRunCommandTargetArgs(
key="tag:Terminate",
values=["midnight"],
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const stopInstancesEventRule = new aws.cloudwatch.EventRule("stopInstancesEventRule", {
description: "Stop instances nightly",
scheduleExpression: "cron(0 0 * * ? *)",
});
const stopInstancesEventTarget = new aws.cloudwatch.EventTarget("stopInstancesEventTarget", {
arn: `arn:aws:ssm:${_var.aws_region}::document/AWS-RunShellScript`,
input: "{\"commands\":[\"halt\"]}",
rule: stopInstancesEventRule.name,
roleArn: aws_iam_role.ssm_lifecycle.arn,
runCommandTargets: [{
key: "tag:Terminate",
values: ["midnight"],
}],
});
resources:
stopInstancesEventRule:
type: aws:cloudwatch:EventRule
properties:
description: Stop instances nightly
scheduleExpression: cron(0 0 * * ? *)
stopInstancesEventTarget:
type: aws:cloudwatch:EventTarget
properties:
arn: arn:aws:ssm:${var.aws_region}::document/AWS-RunShellScript
input: '{"commands":["halt"]}'
rule: ${stopInstancesEventRule.name}
roleArn: ${aws_iam_role.ssm_lifecycle.arn}
runCommandTargets:
- key: tag:Terminate
values:
- midnight
API Gateway target
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleEventRule = new Aws.CloudWatch.EventRule("exampleEventRule");
// ...
var exampleDeployment = new Aws.ApiGateway.Deployment("exampleDeployment", new()
{
RestApi = aws_api_gateway_rest_api.Example.Id,
});
// ...
var exampleStage = new Aws.ApiGateway.Stage("exampleStage", new()
{
RestApi = aws_api_gateway_rest_api.Example.Id,
Deployment = exampleDeployment.Id,
});
// ...
var exampleEventTarget = new Aws.CloudWatch.EventTarget("exampleEventTarget", new()
{
Arn = exampleStage.ExecutionArn.Apply(executionArn => $"{executionArn}/GET"),
Rule = exampleEventRule.Id,
HttpTarget = new Aws.CloudWatch.Inputs.EventTargetHttpTargetArgs
{
QueryStringParameters =
{
{ "Body", "$.detail.body" },
},
HeaderParameters =
{
{ "Env", "Test" },
},
},
});
});
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleEventRule, err := cloudwatch.NewEventRule(ctx, "exampleEventRule", nil)
if err != nil {
return err
}
exampleDeployment, err := apigateway.NewDeployment(ctx, "exampleDeployment", &apigateway.DeploymentArgs{
RestApi: pulumi.Any(aws_api_gateway_rest_api.Example.Id),
})
if err != nil {
return err
}
exampleStage, err := apigateway.NewStage(ctx, "exampleStage", &apigateway.StageArgs{
RestApi: pulumi.Any(aws_api_gateway_rest_api.Example.Id),
Deployment: exampleDeployment.ID(),
})
if err != nil {
return err
}
_, err = cloudwatch.NewEventTarget(ctx, "exampleEventTarget", &cloudwatch.EventTargetArgs{
Arn: exampleStage.ExecutionArn.ApplyT(func(executionArn string) (string, error) {
return fmt.Sprintf("%v/GET", executionArn), nil
}).(pulumi.StringOutput),
Rule: exampleEventRule.ID(),
HttpTarget: &cloudwatch.EventTargetHttpTargetArgs{
QueryStringParameters: pulumi.StringMap{
"Body": pulumi.String("$.detail.body"),
},
HeaderParameters: pulumi.StringMap{
"Env": pulumi.String("Test"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.EventRule;
import com.pulumi.aws.apigateway.Deployment;
import com.pulumi.aws.apigateway.DeploymentArgs;
import com.pulumi.aws.apigateway.Stage;
import com.pulumi.aws.apigateway.StageArgs;
import com.pulumi.aws.cloudwatch.EventTarget;
import com.pulumi.aws.cloudwatch.EventTargetArgs;
import com.pulumi.aws.cloudwatch.inputs.EventTargetHttpTargetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleEventRule = new EventRule("exampleEventRule");
var exampleDeployment = new Deployment("exampleDeployment", DeploymentArgs.builder()
.restApi(aws_api_gateway_rest_api.example().id())
.build());
var exampleStage = new Stage("exampleStage", StageArgs.builder()
.restApi(aws_api_gateway_rest_api.example().id())
.deployment(exampleDeployment.id())
.build());
var exampleEventTarget = new EventTarget("exampleEventTarget", EventTargetArgs.builder()
.arn(exampleStage.executionArn().applyValue(executionArn -> String.format("%s/GET", executionArn)))
.rule(exampleEventRule.id())
.httpTarget(EventTargetHttpTargetArgs.builder()
.queryStringParameters(Map.of("Body", "$.detail.body"))
.headerParameters(Map.of("Env", "Test"))
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example_event_rule = aws.cloudwatch.EventRule("exampleEventRule")
# ...
example_deployment = aws.apigateway.Deployment("exampleDeployment", rest_api=aws_api_gateway_rest_api["example"]["id"])
# ...
example_stage = aws.apigateway.Stage("exampleStage",
rest_api=aws_api_gateway_rest_api["example"]["id"],
deployment=example_deployment.id)
# ...
example_event_target = aws.cloudwatch.EventTarget("exampleEventTarget",
arn=example_stage.execution_arn.apply(lambda execution_arn: f"{execution_arn}/GET"),
rule=example_event_rule.id,
http_target=aws.cloudwatch.EventTargetHttpTargetArgs(
query_string_parameters={
"Body": "$.detail.body",
},
header_parameters={
"Env": "Test",
},
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleEventRule = new aws.cloudwatch.EventRule("exampleEventRule", {});
// ...
const exampleDeployment = new aws.apigateway.Deployment("exampleDeployment", {restApi: aws_api_gateway_rest_api.example.id});
// ...
const exampleStage = new aws.apigateway.Stage("exampleStage", {
restApi: aws_api_gateway_rest_api.example.id,
deployment: exampleDeployment.id,
});
// ...
const exampleEventTarget = new aws.cloudwatch.EventTarget("exampleEventTarget", {
arn: pulumi.interpolate`${exampleStage.executionArn}/GET`,
rule: exampleEventRule.id,
httpTarget: {
queryStringParameters: {
Body: "$.detail.body",
},
headerParameters: {
Env: "Test",
},
},
});
resources:
exampleEventTarget:
type: aws:cloudwatch:EventTarget
properties:
arn: ${exampleStage.executionArn}/GET
rule: ${exampleEventRule.id}
httpTarget:
queryStringParameters:
Body: $.detail.body
headerParameters:
Env: Test
exampleEventRule:
type: aws:cloudwatch:EventRule
exampleDeployment:
type: aws:apigateway:Deployment
properties:
restApi: ${aws_api_gateway_rest_api.example.id}
exampleStage:
type: aws:apigateway:Stage
properties:
restApi: ${aws_api_gateway_rest_api.example.id}
deployment: ${exampleDeployment.id}
Cross-Account Event Bus target
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"events.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var eventBusInvokeRemoteEventBusRole = new Aws.Iam.Role("eventBusInvokeRemoteEventBusRole", new()
{
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var eventBusInvokeRemoteEventBusPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"events:PutEvents",
},
Resources = new[]
{
"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus",
},
},
},
});
var eventBusInvokeRemoteEventBusPolicy = new Aws.Iam.Policy("eventBusInvokeRemoteEventBusPolicy", new()
{
PolicyDocument = eventBusInvokeRemoteEventBusPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var eventBusInvokeRemoteEventBusRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("eventBusInvokeRemoteEventBusRolePolicyAttachment", new()
{
Role = eventBusInvokeRemoteEventBusRole.Name,
PolicyArn = eventBusInvokeRemoteEventBusPolicy.Arn,
});
var stopInstancesEventRule = new Aws.CloudWatch.EventRule("stopInstancesEventRule", new()
{
Description = "Stop instances nightly",
ScheduleExpression = "cron(0 0 * * ? *)",
});
var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget("stopInstancesEventTarget", new()
{
Arn = "arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus",
Rule = stopInstancesEventRule.Name,
RoleArn = eventBusInvokeRemoteEventBusRole.Arn,
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"events.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
eventBusInvokeRemoteEventBusRole, err := iam.NewRole(ctx, "eventBusInvokeRemoteEventBusRole", &iam.RoleArgs{
AssumeRolePolicy: *pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
eventBusInvokeRemoteEventBusPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"events:PutEvents",
},
Resources: []string{
"arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus",
},
},
},
}, nil)
if err != nil {
return err
}
eventBusInvokeRemoteEventBusPolicy, err := iam.NewPolicy(ctx, "eventBusInvokeRemoteEventBusPolicy", &iam.PolicyArgs{
Policy: *pulumi.String(eventBusInvokeRemoteEventBusPolicyDocument.Json),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "eventBusInvokeRemoteEventBusRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: eventBusInvokeRemoteEventBusRole.Name,
PolicyArn: eventBusInvokeRemoteEventBusPolicy.Arn,
})
if err != nil {
return err
}
stopInstancesEventRule, err := cloudwatch.NewEventRule(ctx, "stopInstancesEventRule", &cloudwatch.EventRuleArgs{
Description: pulumi.String("Stop instances nightly"),
ScheduleExpression: pulumi.String("cron(0 0 * * ? *)"),
})
if err != nil {
return err
}
_, err = cloudwatch.NewEventTarget(ctx, "stopInstancesEventTarget", &cloudwatch.EventTargetArgs{
Arn: pulumi.String("arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus"),
Rule: stopInstancesEventRule.Name,
RoleArn: eventBusInvokeRemoteEventBusRole.Arn,
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.cloudwatch.EventRule;
import com.pulumi.aws.cloudwatch.EventRuleArgs;
import com.pulumi.aws.cloudwatch.EventTarget;
import com.pulumi.aws.cloudwatch.EventTargetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("events.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var eventBusInvokeRemoteEventBusRole = new Role("eventBusInvokeRemoteEventBusRole", RoleArgs.builder()
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
final var eventBusInvokeRemoteEventBusPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("events:PutEvents")
.resources("arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus")
.build())
.build());
var eventBusInvokeRemoteEventBusPolicy = new Policy("eventBusInvokeRemoteEventBusPolicy", PolicyArgs.builder()
.policy(eventBusInvokeRemoteEventBusPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var eventBusInvokeRemoteEventBusRolePolicyAttachment = new RolePolicyAttachment("eventBusInvokeRemoteEventBusRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(eventBusInvokeRemoteEventBusRole.name())
.policyArn(eventBusInvokeRemoteEventBusPolicy.arn())
.build());
var stopInstancesEventRule = new EventRule("stopInstancesEventRule", EventRuleArgs.builder()
.description("Stop instances nightly")
.scheduleExpression("cron(0 0 * * ? *)")
.build());
var stopInstancesEventTarget = new EventTarget("stopInstancesEventTarget", EventTargetArgs.builder()
.arn("arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus")
.rule(stopInstancesEventRule.name())
.roleArn(eventBusInvokeRemoteEventBusRole.arn())
.build());
}
}
import pulumi
import pulumi_aws as aws
assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["events.amazonaws.com"],
)],
actions=["sts:AssumeRole"],
)])
event_bus_invoke_remote_event_bus_role = aws.iam.Role("eventBusInvokeRemoteEventBusRole", assume_role_policy=assume_role.json)
event_bus_invoke_remote_event_bus_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=["events:PutEvents"],
resources=["arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus"],
)])
event_bus_invoke_remote_event_bus_policy = aws.iam.Policy("eventBusInvokeRemoteEventBusPolicy", policy=event_bus_invoke_remote_event_bus_policy_document.json)
event_bus_invoke_remote_event_bus_role_policy_attachment = aws.iam.RolePolicyAttachment("eventBusInvokeRemoteEventBusRolePolicyAttachment",
role=event_bus_invoke_remote_event_bus_role.name,
policy_arn=event_bus_invoke_remote_event_bus_policy.arn)
stop_instances_event_rule = aws.cloudwatch.EventRule("stopInstancesEventRule",
description="Stop instances nightly",
schedule_expression="cron(0 0 * * ? *)")
stop_instances_event_target = aws.cloudwatch.EventTarget("stopInstancesEventTarget",
arn="arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus",
rule=stop_instances_event_rule.name,
role_arn=event_bus_invoke_remote_event_bus_role.arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["events.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const eventBusInvokeRemoteEventBusRole = new aws.iam.Role("eventBusInvokeRemoteEventBusRole", {assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json)});
const eventBusInvokeRemoteEventBusPolicyDocument = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: ["events:PutEvents"],
resources: ["arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus"],
}],
});
const eventBusInvokeRemoteEventBusPolicy = new aws.iam.Policy("eventBusInvokeRemoteEventBusPolicy", {policy: eventBusInvokeRemoteEventBusPolicyDocument.then(eventBusInvokeRemoteEventBusPolicyDocument => eventBusInvokeRemoteEventBusPolicyDocument.json)});
const eventBusInvokeRemoteEventBusRolePolicyAttachment = new aws.iam.RolePolicyAttachment("eventBusInvokeRemoteEventBusRolePolicyAttachment", {
role: eventBusInvokeRemoteEventBusRole.name,
policyArn: eventBusInvokeRemoteEventBusPolicy.arn,
});
const stopInstancesEventRule = new aws.cloudwatch.EventRule("stopInstancesEventRule", {
description: "Stop instances nightly",
scheduleExpression: "cron(0 0 * * ? *)",
});
const stopInstancesEventTarget = new aws.cloudwatch.EventTarget("stopInstancesEventTarget", {
arn: "arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus",
rule: stopInstancesEventRule.name,
roleArn: eventBusInvokeRemoteEventBusRole.arn,
});
resources:
eventBusInvokeRemoteEventBusRole:
type: aws:iam:Role
properties:
assumeRolePolicy: ${assumeRole.json}
eventBusInvokeRemoteEventBusPolicy:
type: aws:iam:Policy
properties:
policy: ${eventBusInvokeRemoteEventBusPolicyDocument.json}
eventBusInvokeRemoteEventBusRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
properties:
role: ${eventBusInvokeRemoteEventBusRole.name}
policyArn: ${eventBusInvokeRemoteEventBusPolicy.arn}
stopInstancesEventRule:
type: aws:cloudwatch:EventRule
properties:
description: Stop instances nightly
scheduleExpression: cron(0 0 * * ? *)
stopInstancesEventTarget:
type: aws:cloudwatch:EventTarget
properties:
arn: arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus
rule: ${stopInstancesEventRule.name}
roleArn: ${eventBusInvokeRemoteEventBusRole.arn}
variables:
assumeRole:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- events.amazonaws.com
actions:
- sts:AssumeRole
eventBusInvokeRemoteEventBusPolicyDocument:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- events:PutEvents
resources:
- arn:aws:events:eu-west-1:1234567890:event-bus/My-Event-Bus
Input Transformer Usage - JSON Object
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleEventRule = new Aws.CloudWatch.EventRule("exampleEventRule");
// ...
var exampleEventTarget = new Aws.CloudWatch.EventTarget("exampleEventTarget", new()
{
Arn = aws_lambda_function.Example.Arn,
Rule = exampleEventRule.Id,
InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs
{
InputPaths =
{
{ "instance", "$.detail.instance" },
{ "status", "$.detail.status" },
},
InputTemplate = @"{
""instance_id"": <instance>,
""instance_status"": <status>
}
",
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleEventRule, err := cloudwatch.NewEventRule(ctx, "exampleEventRule", nil)
if err != nil {
return err
}
_, err = cloudwatch.NewEventTarget(ctx, "exampleEventTarget", &cloudwatch.EventTargetArgs{
Arn: pulumi.Any(aws_lambda_function.Example.Arn),
Rule: exampleEventRule.ID(),
InputTransformer: &cloudwatch.EventTargetInputTransformerArgs{
InputPaths: pulumi.StringMap{
"instance": pulumi.String("$.detail.instance"),
"status": pulumi.String("$.detail.status"),
},
InputTemplate: pulumi.String("{\n \"instance_id\": <instance>,\n \"instance_status\": <status>\n}\n"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.EventRule;
import com.pulumi.aws.cloudwatch.EventTarget;
import com.pulumi.aws.cloudwatch.EventTargetArgs;
import com.pulumi.aws.cloudwatch.inputs.EventTargetInputTransformerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleEventRule = new EventRule("exampleEventRule");
var exampleEventTarget = new EventTarget("exampleEventTarget", EventTargetArgs.builder()
.arn(aws_lambda_function.example().arn())
.rule(exampleEventRule.id())
.inputTransformer(EventTargetInputTransformerArgs.builder()
.inputPaths(Map.ofEntries(
Map.entry("instance", "$.detail.instance"),
Map.entry("status", "$.detail.status")
))
.inputTemplate("""
{
"instance_id": <instance>,
"instance_status": <status>
}
""")
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example_event_rule = aws.cloudwatch.EventRule("exampleEventRule")
# ...
example_event_target = aws.cloudwatch.EventTarget("exampleEventTarget",
arn=aws_lambda_function["example"]["arn"],
rule=example_event_rule.id,
input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(
input_paths={
"instance": "$.detail.instance",
"status": "$.detail.status",
},
input_template="""{
"instance_id": <instance>,
"instance_status": <status>
}
""",
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleEventRule = new aws.cloudwatch.EventRule("exampleEventRule", {});
// ...
const exampleEventTarget = new aws.cloudwatch.EventTarget("exampleEventTarget", {
arn: aws_lambda_function.example.arn,
rule: exampleEventRule.id,
inputTransformer: {
inputPaths: {
instance: "$.detail.instance",
status: "$.detail.status",
},
inputTemplate: `{
"instance_id": <instance>,
"instance_status": <status>
}
`,
},
});
resources:
exampleEventTarget:
type: aws:cloudwatch:EventTarget
properties:
arn: ${aws_lambda_function.example.arn}
rule: ${exampleEventRule.id}
inputTransformer:
inputPaths:
instance: $.detail.instance
status: $.detail.status
inputTemplate: |
{
"instance_id": <instance>,
"instance_status": <status>
}
exampleEventRule:
type: aws:cloudwatch:EventRule
Input Transformer Usage - Simple String
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleEventRule = new Aws.CloudWatch.EventRule("exampleEventRule");
// ...
var exampleEventTarget = new Aws.CloudWatch.EventTarget("exampleEventTarget", new()
{
Arn = aws_lambda_function.Example.Arn,
Rule = exampleEventRule.Id,
InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs
{
InputPaths =
{
{ "instance", "$.detail.instance" },
{ "status", "$.detail.status" },
},
InputTemplate = "\"<instance> is in state <status>\"",
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleEventRule, err := cloudwatch.NewEventRule(ctx, "exampleEventRule", nil)
if err != nil {
return err
}
_, err = cloudwatch.NewEventTarget(ctx, "exampleEventTarget", &cloudwatch.EventTargetArgs{
Arn: pulumi.Any(aws_lambda_function.Example.Arn),
Rule: exampleEventRule.ID(),
InputTransformer: &cloudwatch.EventTargetInputTransformerArgs{
InputPaths: pulumi.StringMap{
"instance": pulumi.String("$.detail.instance"),
"status": pulumi.String("$.detail.status"),
},
InputTemplate: pulumi.String("\"<instance> is in state <status>\""),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.EventRule;
import com.pulumi.aws.cloudwatch.EventTarget;
import com.pulumi.aws.cloudwatch.EventTargetArgs;
import com.pulumi.aws.cloudwatch.inputs.EventTargetInputTransformerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleEventRule = new EventRule("exampleEventRule");
var exampleEventTarget = new EventTarget("exampleEventTarget", EventTargetArgs.builder()
.arn(aws_lambda_function.example().arn())
.rule(exampleEventRule.id())
.inputTransformer(EventTargetInputTransformerArgs.builder()
.inputPaths(Map.ofEntries(
Map.entry("instance", "$.detail.instance"),
Map.entry("status", "$.detail.status")
))
.inputTemplate("\"<instance> is in state <status>\"")
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example_event_rule = aws.cloudwatch.EventRule("exampleEventRule")
# ...
example_event_target = aws.cloudwatch.EventTarget("exampleEventTarget",
arn=aws_lambda_function["example"]["arn"],
rule=example_event_rule.id,
input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(
input_paths={
"instance": "$.detail.instance",
"status": "$.detail.status",
},
input_template="\"<instance> is in state <status>\"",
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleEventRule = new aws.cloudwatch.EventRule("exampleEventRule", {});
// ...
const exampleEventTarget = new aws.cloudwatch.EventTarget("exampleEventTarget", {
arn: aws_lambda_function.example.arn,
rule: exampleEventRule.id,
inputTransformer: {
inputPaths: {
instance: "$.detail.instance",
status: "$.detail.status",
},
inputTemplate: "\"<instance> is in state <status>\"",
},
});
resources:
exampleEventTarget:
type: aws:cloudwatch:EventTarget
properties:
arn: ${aws_lambda_function.example.arn}
rule: ${exampleEventRule.id}
inputTransformer:
inputPaths:
instance: $.detail.instance
status: $.detail.status
inputTemplate: '"<instance> is in state <status>"'
exampleEventRule:
type: aws:cloudwatch:EventRule
Cloudwatch Log Group Usage
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new()
{
RetentionInDays = 1,
});
var exampleEventRule = new Aws.CloudWatch.EventRule("exampleEventRule", new()
{
Description = "GuardDuty Findings",
EventPattern = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["source"] = new[]
{
"aws.guardduty",
},
}),
Tags =
{
{ "Environment", "example" },
},
});
var exampleLogPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"logs:CreateLogStream",
},
Resources = new[]
{
$"{exampleLogGroup.Arn}:*",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"events.amazonaws.com",
"delivery.logs.amazonaws.com",
},
},
},
},
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"logs:PutLogEvents",
},
Resources = new[]
{
$"{exampleLogGroup.Arn}:*:*",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"events.amazonaws.com",
"delivery.logs.amazonaws.com",
},
},
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "ArnEquals",
Values = new[]
{
exampleEventRule.Arn,
},
Variable = "aws:SourceArn",
},
},
},
},
});
var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("exampleLogResourcePolicy", new()
{
PolicyDocument = exampleLogPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
PolicyName = "guardduty-log-publishing-policy",
});
var exampleEventTarget = new Aws.CloudWatch.EventTarget("exampleEventTarget", new()
{
Rule = exampleEventRule.Name,
Arn = exampleLogGroup.Arn,
});
});
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", &cloudwatch.LogGroupArgs{
RetentionInDays: pulumi.Int(1),
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"source": []string{
"aws.guardduty",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
exampleEventRule, err := cloudwatch.NewEventRule(ctx, "exampleEventRule", &cloudwatch.EventRuleArgs{
Description: pulumi.String("GuardDuty Findings"),
EventPattern: pulumi.String(json0),
Tags: pulumi.StringMap{
"Environment": pulumi.String("example"),
},
})
if err != nil {
return err
}
exampleLogPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Actions: pulumi.StringArray{
pulumi.String("logs:CreateLogStream"),
},
Resources: pulumi.StringArray{
exampleLogGroup.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v:*", arn), nil
}).(pulumi.StringOutput),
},
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("Service"),
Identifiers: pulumi.StringArray{
pulumi.String("events.amazonaws.com"),
pulumi.String("delivery.logs.amazonaws.com"),
},
},
},
},
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Actions: pulumi.StringArray{
pulumi.String("logs:PutLogEvents"),
},
Resources: pulumi.StringArray{
exampleLogGroup.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v:*:*", arn), nil
}).(pulumi.StringOutput),
},
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("Service"),
Identifiers: pulumi.StringArray{
pulumi.String("events.amazonaws.com"),
pulumi.String("delivery.logs.amazonaws.com"),
},
},
},
Conditions: iam.GetPolicyDocumentStatementConditionArray{
&iam.GetPolicyDocumentStatementConditionArgs{
Test: pulumi.String("ArnEquals"),
Values: pulumi.StringArray{
exampleEventRule.Arn,
},
Variable: pulumi.String("aws:SourceArn"),
},
},
},
},
}, nil)
_, err = cloudwatch.NewLogResourcePolicy(ctx, "exampleLogResourcePolicy", &cloudwatch.LogResourcePolicyArgs{
PolicyDocument: exampleLogPolicy.ApplyT(func(exampleLogPolicy iam.GetPolicyDocumentResult) (*string, error) {
return &exampleLogPolicy.Json, nil
}).(pulumi.StringPtrOutput),
PolicyName: pulumi.String("guardduty-log-publishing-policy"),
})
if err != nil {
return err
}
_, err = cloudwatch.NewEventTarget(ctx, "exampleEventTarget", &cloudwatch.EventTargetArgs{
Rule: exampleEventRule.Name,
Arn: exampleLogGroup.Arn,
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.cloudwatch.EventRule;
import com.pulumi.aws.cloudwatch.EventRuleArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogResourcePolicy;
import com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;
import com.pulumi.aws.cloudwatch.EventTarget;
import com.pulumi.aws.cloudwatch.EventTargetArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleLogGroup = new LogGroup("exampleLogGroup", LogGroupArgs.builder()
.retentionInDays(1)
.build());
var exampleEventRule = new EventRule("exampleEventRule", EventRuleArgs.builder()
.description("GuardDuty Findings")
.eventPattern(serializeJson(
jsonObject(
jsonProperty("source", jsonArray("aws.guardduty"))
)))
.tags(Map.of("Environment", "example"))
.build());
final var exampleLogPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("logs:CreateLogStream")
.resources(exampleLogGroup.arn().applyValue(arn -> String.format("%s:*", arn)))
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers(
"events.amazonaws.com",
"delivery.logs.amazonaws.com")
.build())
.build(),
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("logs:PutLogEvents")
.resources(exampleLogGroup.arn().applyValue(arn -> String.format("%s:*:*", arn)))
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers(
"events.amazonaws.com",
"delivery.logs.amazonaws.com")
.build())
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("ArnEquals")
.values(exampleEventRule.arn())
.variable("aws:SourceArn")
.build())
.build())
.build());
var exampleLogResourcePolicy = new LogResourcePolicy("exampleLogResourcePolicy", LogResourcePolicyArgs.builder()
.policyDocument(exampleLogPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(exampleLogPolicy -> exampleLogPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.policyName("guardduty-log-publishing-policy")
.build());
var exampleEventTarget = new EventTarget("exampleEventTarget", EventTargetArgs.builder()
.rule(exampleEventRule.name())
.arn(exampleLogGroup.arn())
.build());
}
}
import pulumi
import json
import pulumi_aws as aws
example_log_group = aws.cloudwatch.LogGroup("exampleLogGroup", retention_in_days=1)
example_event_rule = aws.cloudwatch.EventRule("exampleEventRule",
description="GuardDuty Findings",
event_pattern=json.dumps({
"source": ["aws.guardduty"],
}),
tags={
"Environment": "example",
})
example_log_policy = aws.iam.get_policy_document_output(statements=[
aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=["logs:CreateLogStream"],
resources=[example_log_group.arn.apply(lambda arn: f"{arn}:*")],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=[
"events.amazonaws.com",
"delivery.logs.amazonaws.com",
],
)],
),
aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=["logs:PutLogEvents"],
resources=[example_log_group.arn.apply(lambda arn: f"{arn}:*:*")],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=[
"events.amazonaws.com",
"delivery.logs.amazonaws.com",
],
)],
conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
test="ArnEquals",
values=[example_event_rule.arn],
variable="aws:SourceArn",
)],
),
])
example_log_resource_policy = aws.cloudwatch.LogResourcePolicy("exampleLogResourcePolicy",
policy_document=example_log_policy.json,
policy_name="guardduty-log-publishing-policy")
example_event_target = aws.cloudwatch.EventTarget("exampleEventTarget",
rule=example_event_rule.name,
arn=example_log_group.arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleLogGroup = new aws.cloudwatch.LogGroup("exampleLogGroup", {retentionInDays: 1});
const exampleEventRule = new aws.cloudwatch.EventRule("exampleEventRule", {
description: "GuardDuty Findings",
eventPattern: JSON.stringify({
source: ["aws.guardduty"],
}),
tags: {
Environment: "example",
},
});
const exampleLogPolicy = aws.iam.getPolicyDocumentOutput({
statements: [
{
effect: "Allow",
actions: ["logs:CreateLogStream"],
resources: [pulumi.interpolate`${exampleLogGroup.arn}:*`],
principals: [{
type: "Service",
identifiers: [
"events.amazonaws.com",
"delivery.logs.amazonaws.com",
],
}],
},
{
effect: "Allow",
actions: ["logs:PutLogEvents"],
resources: [pulumi.interpolate`${exampleLogGroup.arn}:*:*`],
principals: [{
type: "Service",
identifiers: [
"events.amazonaws.com",
"delivery.logs.amazonaws.com",
],
}],
conditions: [{
test: "ArnEquals",
values: [exampleEventRule.arn],
variable: "aws:SourceArn",
}],
},
],
});
const exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy("exampleLogResourcePolicy", {
policyDocument: exampleLogPolicy.apply(exampleLogPolicy => exampleLogPolicy.json),
policyName: "guardduty-log-publishing-policy",
});
const exampleEventTarget = new aws.cloudwatch.EventTarget("exampleEventTarget", {
rule: exampleEventRule.name,
arn: exampleLogGroup.arn,
});
resources:
exampleLogGroup:
type: aws:cloudwatch:LogGroup
properties:
retentionInDays: 1
exampleLogResourcePolicy:
type: aws:cloudwatch:LogResourcePolicy
properties:
policyDocument: ${exampleLogPolicy.json}
policyName: guardduty-log-publishing-policy
exampleEventRule:
type: aws:cloudwatch:EventRule
properties:
description: GuardDuty Findings
eventPattern:
fn::toJSON:
source:
- aws.guardduty
tags:
Environment: example
exampleEventTarget:
type: aws:cloudwatch:EventTarget
properties:
rule: ${exampleEventRule.name}
arn: ${exampleLogGroup.arn}
variables:
exampleLogPolicy:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- logs:CreateLogStream
resources:
- ${exampleLogGroup.arn}:*
principals:
- type: Service
identifiers:
- events.amazonaws.com
- delivery.logs.amazonaws.com
- effect: Allow
actions:
- logs:PutLogEvents
resources:
- ${exampleLogGroup.arn}:*:*
principals:
- type: Service
identifiers:
- events.amazonaws.com
- delivery.logs.amazonaws.com
conditions:
- test: ArnEquals
values:
- ${exampleEventRule.arn}
variable: aws:SourceArn
Create EventTarget Resource
new EventTarget(name: string, args: EventTargetArgs, opts?: CustomResourceOptions);
@overload
def EventTarget(resource_name: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
batch_target: Optional[EventTargetBatchTargetArgs] = None,
dead_letter_config: Optional[EventTargetDeadLetterConfigArgs] = None,
ecs_target: Optional[EventTargetEcsTargetArgs] = None,
event_bus_name: Optional[str] = None,
http_target: Optional[EventTargetHttpTargetArgs] = None,
input: Optional[str] = None,
input_path: Optional[str] = None,
input_transformer: Optional[EventTargetInputTransformerArgs] = None,
kinesis_target: Optional[EventTargetKinesisTargetArgs] = None,
redshift_target: Optional[EventTargetRedshiftTargetArgs] = None,
retry_policy: Optional[EventTargetRetryPolicyArgs] = None,
role_arn: Optional[str] = None,
rule: Optional[str] = None,
run_command_targets: Optional[Sequence[EventTargetRunCommandTargetArgs]] = None,
sagemaker_pipeline_target: Optional[EventTargetSagemakerPipelineTargetArgs] = None,
sqs_target: Optional[EventTargetSqsTargetArgs] = None,
target_id: Optional[str] = None)
@overload
def EventTarget(resource_name: str,
args: EventTargetArgs,
opts: Optional[ResourceOptions] = None)
func NewEventTarget(ctx *Context, name string, args EventTargetArgs, opts ...ResourceOption) (*EventTarget, error)
public EventTarget(string name, EventTargetArgs args, CustomResourceOptions? opts = null)
public EventTarget(String name, EventTargetArgs args)
public EventTarget(String name, EventTargetArgs args, CustomResourceOptions options)
type: aws:cloudwatch:EventTarget
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EventTargetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EventTargetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EventTargetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EventTargetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EventTargetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
EventTarget Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The EventTarget resource accepts the following input properties:
- Arn string
The Amazon Resource Name (ARN) of the target.
- Rule string
The name of the rule you want to add targets to.
The following arguments are optional:
- Batch
Target EventTarget Batch Target Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- Dead
Letter EventConfig Target Dead Letter Config Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- Ecs
Target EventTarget Ecs Target Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- Event
Bus stringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- Http
Target EventTarget Http Target Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- Input string
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- Input
Path string The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- Input
Transformer EventTarget Input Transformer Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- Kinesis
Target EventTarget Kinesis Target Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- Redshift
Target EventTarget Redshift Target Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- Retry
Policy EventTarget Retry Policy Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- Role
Arn string The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- Run
Command List<EventTargets Target Run Command Target> Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- Sagemaker
Pipeline EventTarget Target Sagemaker Pipeline Target Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- Sqs
Target EventTarget Sqs Target Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- Target
Id string The unique target assignment ID. If missing, will generate a random, unique id.
- Arn string
The Amazon Resource Name (ARN) of the target.
- Rule string
The name of the rule you want to add targets to.
The following arguments are optional:
- Batch
Target EventTarget Batch Target Args Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- Dead
Letter EventConfig Target Dead Letter Config Args Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- Ecs
Target EventTarget Ecs Target Args Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- Event
Bus stringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- Http
Target EventTarget Http Target Args Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- Input string
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- Input
Path string The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- Input
Transformer EventTarget Input Transformer Args Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- Kinesis
Target EventTarget Kinesis Target Args Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- Redshift
Target EventTarget Redshift Target Args Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- Retry
Policy EventTarget Retry Policy Args Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- Role
Arn string The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- Run
Command []EventTargets Target Run Command Target Args Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- Sagemaker
Pipeline EventTarget Target Sagemaker Pipeline Target Args Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- Sqs
Target EventTarget Sqs Target Args Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- Target
Id string The unique target assignment ID. If missing, will generate a random, unique id.
- arn String
The Amazon Resource Name (ARN) of the target.
- rule String
The name of the rule you want to add targets to.
The following arguments are optional:
- batch
Target EventTarget Batch Target Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- dead
Letter EventConfig Target Dead Letter Config Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- ecs
Target EventTarget Ecs Target Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- event
Bus StringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- http
Target EventTarget Http Target Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- input String
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- input
Path String The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- input
Transformer EventTarget Input Transformer Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- kinesis
Target EventTarget Kinesis Target Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- redshift
Target EventTarget Redshift Target Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- retry
Policy EventTarget Retry Policy Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- role
Arn String The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- run
Command List<EventTargets Target Run Command Target> Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- sagemaker
Pipeline EventTarget Target Sagemaker Pipeline Target Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- sqs
Target EventTarget Sqs Target Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- target
Id String The unique target assignment ID. If missing, will generate a random, unique id.
- arn string
The Amazon Resource Name (ARN) of the target.
- rule string
The name of the rule you want to add targets to.
The following arguments are optional:
- batch
Target EventTarget Batch Target Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- dead
Letter EventConfig Target Dead Letter Config Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- ecs
Target EventTarget Ecs Target Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- event
Bus stringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- http
Target EventTarget Http Target Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- input string
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- input
Path string The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- input
Transformer EventTarget Input Transformer Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- kinesis
Target EventTarget Kinesis Target Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- redshift
Target EventTarget Redshift Target Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- retry
Policy EventTarget Retry Policy Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- role
Arn string The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- run
Command EventTargets Target Run Command Target[] Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- sagemaker
Pipeline EventTarget Target Sagemaker Pipeline Target Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- sqs
Target EventTarget Sqs Target Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- target
Id string The unique target assignment ID. If missing, will generate a random, unique id.
- arn str
The Amazon Resource Name (ARN) of the target.
- rule str
The name of the rule you want to add targets to.
The following arguments are optional:
- batch_
target EventTarget Batch Target Args Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- dead_
letter_ Eventconfig Target Dead Letter Config Args Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- ecs_
target EventTarget Ecs Target Args Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- event_
bus_ strname The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- http_
target EventTarget Http Target Args Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- input str
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- input_
path str The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- input_
transformer EventTarget Input Transformer Args Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- kinesis_
target EventTarget Kinesis Target Args Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- redshift_
target EventTarget Redshift Target Args Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- retry_
policy EventTarget Retry Policy Args Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- role_
arn str The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- run_
command_ Sequence[Eventtargets Target Run Command Target Args] Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- sagemaker_
pipeline_ Eventtarget Target Sagemaker Pipeline Target Args Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- sqs_
target EventTarget Sqs Target Args Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- target_
id str The unique target assignment ID. If missing, will generate a random, unique id.
- arn String
The Amazon Resource Name (ARN) of the target.
- rule String
The name of the rule you want to add targets to.
The following arguments are optional:
- batch
Target Property Map Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- dead
Letter Property MapConfig Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- ecs
Target Property Map Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- event
Bus StringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- http
Target Property Map Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- input String
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- input
Path String The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- input
Transformer Property Map Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- kinesis
Target Property Map Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- redshift
Target Property Map Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- retry
Policy Property Map Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- role
Arn String The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- run
Command List<Property Map>Targets Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- sagemaker
Pipeline Property MapTarget Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- sqs
Target Property Map Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- target
Id String The unique target assignment ID. If missing, will generate a random, unique id.
Outputs
All input properties are implicitly available as output properties. Additionally, the EventTarget resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing EventTarget Resource
Get an existing EventTarget resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EventTargetState, opts?: CustomResourceOptions): EventTarget
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
batch_target: Optional[EventTargetBatchTargetArgs] = None,
dead_letter_config: Optional[EventTargetDeadLetterConfigArgs] = None,
ecs_target: Optional[EventTargetEcsTargetArgs] = None,
event_bus_name: Optional[str] = None,
http_target: Optional[EventTargetHttpTargetArgs] = None,
input: Optional[str] = None,
input_path: Optional[str] = None,
input_transformer: Optional[EventTargetInputTransformerArgs] = None,
kinesis_target: Optional[EventTargetKinesisTargetArgs] = None,
redshift_target: Optional[EventTargetRedshiftTargetArgs] = None,
retry_policy: Optional[EventTargetRetryPolicyArgs] = None,
role_arn: Optional[str] = None,
rule: Optional[str] = None,
run_command_targets: Optional[Sequence[EventTargetRunCommandTargetArgs]] = None,
sagemaker_pipeline_target: Optional[EventTargetSagemakerPipelineTargetArgs] = None,
sqs_target: Optional[EventTargetSqsTargetArgs] = None,
target_id: Optional[str] = None) -> EventTarget
func GetEventTarget(ctx *Context, name string, id IDInput, state *EventTargetState, opts ...ResourceOption) (*EventTarget, error)
public static EventTarget Get(string name, Input<string> id, EventTargetState? state, CustomResourceOptions? opts = null)
public static EventTarget get(String name, Output<String> id, EventTargetState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
The Amazon Resource Name (ARN) of the target.
- Batch
Target EventTarget Batch Target Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- Dead
Letter EventConfig Target Dead Letter Config Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- Ecs
Target EventTarget Ecs Target Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- Event
Bus stringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- Http
Target EventTarget Http Target Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- Input string
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- Input
Path string The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- Input
Transformer EventTarget Input Transformer Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- Kinesis
Target EventTarget Kinesis Target Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- Redshift
Target EventTarget Redshift Target Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- Retry
Policy EventTarget Retry Policy Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- Role
Arn string The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- Rule string
The name of the rule you want to add targets to.
The following arguments are optional:
- Run
Command List<EventTargets Target Run Command Target> Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- Sagemaker
Pipeline EventTarget Target Sagemaker Pipeline Target Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- Sqs
Target EventTarget Sqs Target Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- Target
Id string The unique target assignment ID. If missing, will generate a random, unique id.
- Arn string
The Amazon Resource Name (ARN) of the target.
- Batch
Target EventTarget Batch Target Args Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- Dead
Letter EventConfig Target Dead Letter Config Args Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- Ecs
Target EventTarget Ecs Target Args Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- Event
Bus stringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- Http
Target EventTarget Http Target Args Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- Input string
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- Input
Path string The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- Input
Transformer EventTarget Input Transformer Args Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- Kinesis
Target EventTarget Kinesis Target Args Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- Redshift
Target EventTarget Redshift Target Args Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- Retry
Policy EventTarget Retry Policy Args Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- Role
Arn string The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- Rule string
The name of the rule you want to add targets to.
The following arguments are optional:
- Run
Command []EventTargets Target Run Command Target Args Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- Sagemaker
Pipeline EventTarget Target Sagemaker Pipeline Target Args Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- Sqs
Target EventTarget Sqs Target Args Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- Target
Id string The unique target assignment ID. If missing, will generate a random, unique id.
- arn String
The Amazon Resource Name (ARN) of the target.
- batch
Target EventTarget Batch Target Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- dead
Letter EventConfig Target Dead Letter Config Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- ecs
Target EventTarget Ecs Target Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- event
Bus StringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- http
Target EventTarget Http Target Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- input String
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- input
Path String The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- input
Transformer EventTarget Input Transformer Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- kinesis
Target EventTarget Kinesis Target Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- redshift
Target EventTarget Redshift Target Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- retry
Policy EventTarget Retry Policy Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- role
Arn String The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- rule String
The name of the rule you want to add targets to.
The following arguments are optional:
- run
Command List<EventTargets Target Run Command Target> Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- sagemaker
Pipeline EventTarget Target Sagemaker Pipeline Target Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- sqs
Target EventTarget Sqs Target Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- target
Id String The unique target assignment ID. If missing, will generate a random, unique id.
- arn string
The Amazon Resource Name (ARN) of the target.
- batch
Target EventTarget Batch Target Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- dead
Letter EventConfig Target Dead Letter Config Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- ecs
Target EventTarget Ecs Target Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- event
Bus stringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- http
Target EventTarget Http Target Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- input string
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- input
Path string The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- input
Transformer EventTarget Input Transformer Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- kinesis
Target EventTarget Kinesis Target Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- redshift
Target EventTarget Redshift Target Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- retry
Policy EventTarget Retry Policy Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- role
Arn string The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- rule string
The name of the rule you want to add targets to.
The following arguments are optional:
- run
Command EventTargets Target Run Command Target[] Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- sagemaker
Pipeline EventTarget Target Sagemaker Pipeline Target Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- sqs
Target EventTarget Sqs Target Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- target
Id string The unique target assignment ID. If missing, will generate a random, unique id.
- arn str
The Amazon Resource Name (ARN) of the target.
- batch_
target EventTarget Batch Target Args Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- dead_
letter_ Eventconfig Target Dead Letter Config Args Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- ecs_
target EventTarget Ecs Target Args Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- event_
bus_ strname The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- http_
target EventTarget Http Target Args Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- input str
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- input_
path str The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- input_
transformer EventTarget Input Transformer Args Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- kinesis_
target EventTarget Kinesis Target Args Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- redshift_
target EventTarget Redshift Target Args Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- retry_
policy EventTarget Retry Policy Args Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- role_
arn str The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- rule str
The name of the rule you want to add targets to.
The following arguments are optional:
- run_
command_ Sequence[Eventtargets Target Run Command Target Args] Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- sagemaker_
pipeline_ Eventtarget Target Sagemaker Pipeline Target Args Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- sqs_
target EventTarget Sqs Target Args Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- target_
id str The unique target assignment ID. If missing, will generate a random, unique id.
- arn String
The Amazon Resource Name (ARN) of the target.
- batch
Target Property Map Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.
- dead
Letter Property MapConfig Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.
- ecs
Target Property Map Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.
- event
Bus StringName The name or ARN of the event bus to associate with the rule. If you omit this, the
default
event bus is used.- http
Target Property Map Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.
- input String
Valid JSON text passed to the target. Conflicts with
input_path
andinput_transformer
.- input
Path String The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with
input
andinput_transformer
.- input
Transformer Property Map Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with
input
andinput_path
.- kinesis
Target Property Map Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.
- redshift
Target Property Map Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.
- retry
Policy Property Map Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.
- role
Arn String The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if
ecs_target
is used or target inarn
is EC2 instance, Kinesis data stream, Step Functions state machine, or Event Bus in different account or region.- rule String
The name of the rule you want to add targets to.
The following arguments are optional:
- run
Command List<Property Map>Targets Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.
- sagemaker
Pipeline Property MapTarget Parameters used when you are using the rule to invoke an Amazon SageMaker Pipeline. Documented below. A maximum of 1 are allowed.
- sqs
Target Property Map Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.
- target
Id String The unique target assignment ID. If missing, will generate a random, unique id.
Supporting Types
EventTargetBatchTarget, EventTargetBatchTargetArgs
- Job
Definition string The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.
- Job
Name string The name to use for this execution of the job, if the target is an AWS Batch job.
- Array
Size int The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.
- Job
Attempts int The number of times to attempt to retry, if the job fails. Valid values are 1 to 10.
- Job
Definition string The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.
- Job
Name string The name to use for this execution of the job, if the target is an AWS Batch job.
- Array
Size int The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.
- Job
Attempts int The number of times to attempt to retry, if the job fails. Valid values are 1 to 10.
- job
Definition String The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.
- job
Name String The name to use for this execution of the job, if the target is an AWS Batch job.
- array
Size Integer The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.
- job
Attempts Integer The number of times to attempt to retry, if the job fails. Valid values are 1 to 10.
- job
Definition string The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.
- job
Name string The name to use for this execution of the job, if the target is an AWS Batch job.
- array
Size number The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.
- job
Attempts number The number of times to attempt to retry, if the job fails. Valid values are 1 to 10.
- job_
definition str The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.
- job_
name str The name to use for this execution of the job, if the target is an AWS Batch job.
- array_
size int The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.
- job_
attempts int The number of times to attempt to retry, if the job fails. Valid values are 1 to 10.
- job
Definition String The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.
- job
Name String The name to use for this execution of the job, if the target is an AWS Batch job.
- array
Size Number The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.
- job
Attempts Number The number of times to attempt to retry, if the job fails. Valid values are 1 to 10.
EventTargetDeadLetterConfig, EventTargetDeadLetterConfigArgs
- Arn string
ARN of the SQS queue specified as the target for the dead-letter queue.
- Arn string
ARN of the SQS queue specified as the target for the dead-letter queue.
- arn String
ARN of the SQS queue specified as the target for the dead-letter queue.
- arn string
ARN of the SQS queue specified as the target for the dead-letter queue.
- arn str
ARN of the SQS queue specified as the target for the dead-letter queue.
- arn String
ARN of the SQS queue specified as the target for the dead-letter queue.
EventTargetEcsTarget, EventTargetEcsTargetArgs
- Task
Definition stringArn The ARN of the task definition to use if the event target is an Amazon ECS cluster.
- Capacity
Provider List<EventStrategies Target Ecs Target Capacity Provider Strategy> The capacity provider strategy to use for the task. If a
capacity_provider_strategy
specified, thelaunch_type
parameter must be omitted. If nocapacity_provider_strategy
orlaunch_type
is specified, the default capacity provider strategy for the cluster is used. Can be one or more. See below.- bool
Specifies whether to enable Amazon ECS managed tags for the task.
- Enable
Execute boolCommand Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.
- Group string
Specifies an ECS task group for the task. The maximum length is 255 characters.
- Launch
Type string Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include:
EC2
,EXTERNAL
, orFARGATE
.- Network
Configuration EventTarget Ecs Target Network Configuration Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if
launch_type
isFARGATE
because the awsvpc mode is required for Fargate tasks.- Ordered
Placement List<EventStrategies Target Ecs Target Ordered Placement Strategy> An array of placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task.
- Placement
Constraints List<EventTarget Ecs Target Placement Constraint> An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below.
- Platform
Version string Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as
1.1.0
. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions.- string
Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. The only valid value is:
TASK_DEFINITION
.- Dictionary<string, string>
A map of tags to assign to ecs resources.
- Task
Count int The number of tasks to create based on the TaskDefinition. Defaults to
1
.
- Task
Definition stringArn The ARN of the task definition to use if the event target is an Amazon ECS cluster.
- Capacity
Provider []EventStrategies Target Ecs Target Capacity Provider Strategy The capacity provider strategy to use for the task. If a
capacity_provider_strategy
specified, thelaunch_type
parameter must be omitted. If nocapacity_provider_strategy
orlaunch_type
is specified, the default capacity provider strategy for the cluster is used. Can be one or more. See below.- bool
Specifies whether to enable Amazon ECS managed tags for the task.
- Enable
Execute boolCommand Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.
- Group string
Specifies an ECS task group for the task. The maximum length is 255 characters.
- Launch
Type string Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include:
EC2
,EXTERNAL
, orFARGATE
.- Network
Configuration EventTarget Ecs Target Network Configuration Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if
launch_type
isFARGATE
because the awsvpc mode is required for Fargate tasks.- Ordered
Placement []EventStrategies Target Ecs Target Ordered Placement Strategy An array of placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task.
- Placement
Constraints []EventTarget Ecs Target Placement Constraint An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below.
- Platform
Version string Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as
1.1.0
. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions.- string
Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. The only valid value is:
TASK_DEFINITION
.- map[string]string
A map of tags to assign to ecs resources.
- Task
Count int The number of tasks to create based on the TaskDefinition. Defaults to
1
.
- task
Definition StringArn The ARN of the task definition to use if the event target is an Amazon ECS cluster.
- capacity
Provider List<EventStrategies Target Ecs Target Capacity Provider Strategy> The capacity provider strategy to use for the task. If a
capacity_provider_strategy
specified, thelaunch_type
parameter must be omitted. If nocapacity_provider_strategy
orlaunch_type
is specified, the default capacity provider strategy for the cluster is used. Can be one or more. See below.- Boolean
Specifies whether to enable Amazon ECS managed tags for the task.
- enable
Execute BooleanCommand Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.
- group String
Specifies an ECS task group for the task. The maximum length is 255 characters.
- launch
Type String Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include:
EC2
,EXTERNAL
, orFARGATE
.- network
Configuration EventTarget Ecs Target Network Configuration Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if
launch_type
isFARGATE
because the awsvpc mode is required for Fargate tasks.- ordered
Placement List<EventStrategies Target Ecs Target Ordered Placement Strategy> An array of placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task.
- placement
Constraints List<EventTarget Ecs Target Placement Constraint> An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below.
- platform
Version String Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as
1.1.0
. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions.- String
Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. The only valid value is:
TASK_DEFINITION
.- Map<String,String>
A map of tags to assign to ecs resources.
- task
Count Integer The number of tasks to create based on the TaskDefinition. Defaults to
1
.
- task
Definition stringArn The ARN of the task definition to use if the event target is an Amazon ECS cluster.
- capacity
Provider EventStrategies Target Ecs Target Capacity Provider Strategy[] The capacity provider strategy to use for the task. If a
capacity_provider_strategy
specified, thelaunch_type
parameter must be omitted. If nocapacity_provider_strategy
orlaunch_type
is specified, the default capacity provider strategy for the cluster is used. Can be one or more. See below.- boolean
Specifies whether to enable Amazon ECS managed tags for the task.
- enable
Execute booleanCommand Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.
- group string
Specifies an ECS task group for the task. The maximum length is 255 characters.
- launch
Type string Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include:
EC2
,EXTERNAL
, orFARGATE
.- network
Configuration EventTarget Ecs Target Network Configuration Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if
launch_type
isFARGATE
because the awsvpc mode is required for Fargate tasks.- ordered
Placement EventStrategies Target Ecs Target Ordered Placement Strategy[] An array of placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task.
- placement
Constraints EventTarget Ecs Target Placement Constraint[] An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below.
- platform
Version string Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as
1.1.0
. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions.- string
Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. The only valid value is:
TASK_DEFINITION
.- {[key: string]: string}
A map of tags to assign to ecs resources.
- task
Count number The number of tasks to create based on the TaskDefinition. Defaults to
1
.
- task_
definition_ strarn The ARN of the task definition to use if the event target is an Amazon ECS cluster.
- capacity_
provider_ Sequence[Eventstrategies Target Ecs Target Capacity Provider Strategy] The capacity provider strategy to use for the task. If a
capacity_provider_strategy
specified, thelaunch_type
parameter must be omitted. If nocapacity_provider_strategy
orlaunch_type
is specified, the default capacity provider strategy for the cluster is used. Can be one or more. See below.- bool
Specifies whether to enable Amazon ECS managed tags for the task.
- enable_
execute_ boolcommand Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.
- group str
Specifies an ECS task group for the task. The maximum length is 255 characters.
- launch_
type str Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include:
EC2
,EXTERNAL
, orFARGATE
.- network_
configuration EventTarget Ecs Target Network Configuration Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if
launch_type
isFARGATE
because the awsvpc mode is required for Fargate tasks.- ordered_
placement_ Sequence[Eventstrategies Target Ecs Target Ordered Placement Strategy] An array of placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task.
- placement_
constraints Sequence[EventTarget Ecs Target Placement Constraint] An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below.
- platform_
version str Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as
1.1.0
. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions.- str
Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. The only valid value is:
TASK_DEFINITION
.- Mapping[str, str]
A map of tags to assign to ecs resources.
- task_
count int The number of tasks to create based on the TaskDefinition. Defaults to
1
.
- task
Definition StringArn The ARN of the task definition to use if the event target is an Amazon ECS cluster.
- capacity
Provider List<Property Map>Strategies The capacity provider strategy to use for the task. If a
capacity_provider_strategy
specified, thelaunch_type
parameter must be omitted. If nocapacity_provider_strategy
orlaunch_type
is specified, the default capacity provider strategy for the cluster is used. Can be one or more. See below.- Boolean
Specifies whether to enable Amazon ECS managed tags for the task.
- enable
Execute BooleanCommand Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.
- group String
Specifies an ECS task group for the task. The maximum length is 255 characters.
- launch
Type String Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include:
EC2
,EXTERNAL
, orFARGATE
.- network
Configuration Property Map Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if
launch_type
isFARGATE
because the awsvpc mode is required for Fargate tasks.- ordered
Placement List<Property Map>Strategies An array of placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task.
- placement
Constraints List<Property Map> An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below.
- platform
Version String Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as
1.1.0
. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions.- String
Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. The only valid value is:
TASK_DEFINITION
.- Map<String>
A map of tags to assign to ecs resources.
- task
Count Number The number of tasks to create based on the TaskDefinition. Defaults to
1
.
EventTargetEcsTargetCapacityProviderStrategy, EventTargetEcsTargetCapacityProviderStrategyArgs
- Capacity
Provider string Short name of the capacity provider.
- Base int
The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to
0
.- Weight int
The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
- Capacity
Provider string Short name of the capacity provider.
- Base int
The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to
0
.- Weight int
The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
- capacity
Provider String Short name of the capacity provider.
- base Integer
The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to
0
.- weight Integer
The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
- capacity
Provider string Short name of the capacity provider.
- base number
The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to
0
.- weight number
The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
- capacity_
provider str Short name of the capacity provider.
- base int
The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to
0
.- weight int
The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
- capacity
Provider String Short name of the capacity provider.
- base Number
The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to
0
.- weight Number
The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.
EventTargetEcsTargetNetworkConfiguration, EventTargetEcsTargetNetworkConfigurationArgs
- Subnets List<string>
The subnets associated with the task or service.
- Assign
Public boolIp Assign a public IP address to the ENI (Fargate launch type only). Valid values are
true
orfalse
. Defaults tofalse
.For more information, see Task Networking
- Security
Groups List<string> The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
- Subnets []string
The subnets associated with the task or service.
- Assign
Public boolIp Assign a public IP address to the ENI (Fargate launch type only). Valid values are
true
orfalse
. Defaults tofalse
.For more information, see Task Networking
- Security
Groups []string The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
- subnets List<String>
The subnets associated with the task or service.
- assign
Public BooleanIp Assign a public IP address to the ENI (Fargate launch type only). Valid values are
true
orfalse
. Defaults tofalse
.For more information, see Task Networking
- security
Groups List<String> The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
- subnets string[]
The subnets associated with the task or service.
- assign
Public booleanIp Assign a public IP address to the ENI (Fargate launch type only). Valid values are
true
orfalse
. Defaults tofalse
.For more information, see Task Networking
- security
Groups string[] The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
- subnets Sequence[str]
The subnets associated with the task or service.
- assign_
public_ boolip Assign a public IP address to the ENI (Fargate launch type only). Valid values are
true
orfalse
. Defaults tofalse
.For more information, see Task Networking
- security_
groups Sequence[str] The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
- subnets List<String>
The subnets associated with the task or service.
- assign
Public BooleanIp Assign a public IP address to the ENI (Fargate launch type only). Valid values are
true
orfalse
. Defaults tofalse
.For more information, see Task Networking
- security
Groups List<String> The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
EventTargetEcsTargetOrderedPlacementStrategy, EventTargetEcsTargetOrderedPlacementStrategyArgs
- Type string
Type of placement strategy. The only valid values at this time are
binpack
,random
andspread
.- Field string
The field to apply the placement strategy against. For the
spread
placement strategy, valid values areinstanceId
(orhost
, which has the same effect), or any platform or custom attribute that is applied to a container instance, such asattribute:ecs.availability-zone
. For thebinpack
placement strategy, valid values arecpu
andmemory
. For therandom
placement strategy, this field is not used. For more information, see Amazon ECS task placement strategies.
- Type string
Type of placement strategy. The only valid values at this time are
binpack
,random
andspread
.- Field string
The field to apply the placement strategy against. For the
spread
placement strategy, valid values areinstanceId
(orhost
, which has the same effect), or any platform or custom attribute that is applied to a container instance, such asattribute:ecs.availability-zone
. For thebinpack
placement strategy, valid values arecpu
andmemory
. For therandom
placement strategy, this field is not used. For more information, see Amazon ECS task placement strategies.
- type String
Type of placement strategy. The only valid values at this time are
binpack
,random
andspread
.- field String
The field to apply the placement strategy against. For the
spread
placement strategy, valid values areinstanceId
(orhost
, which has the same effect), or any platform or custom attribute that is applied to a container instance, such asattribute:ecs.availability-zone
. For thebinpack
placement strategy, valid values arecpu
andmemory
. For therandom
placement strategy, this field is not used. For more information, see Amazon ECS task placement strategies.
- type string
Type of placement strategy. The only valid values at this time are
binpack
,random
andspread
.- field string
The field to apply the placement strategy against. For the
spread
placement strategy, valid values areinstanceId
(orhost
, which has the same effect), or any platform or custom attribute that is applied to a container instance, such asattribute:ecs.availability-zone
. For thebinpack
placement strategy, valid values arecpu
andmemory
. For therandom
placement strategy, this field is not used. For more information, see Amazon ECS task placement strategies.
- type str
Type of placement strategy. The only valid values at this time are
binpack
,random
andspread
.- field str
The field to apply the placement strategy against. For the
spread
placement strategy, valid values areinstanceId
(orhost
, which has the same effect), or any platform or custom attribute that is applied to a container instance, such asattribute:ecs.availability-zone
. For thebinpack
placement strategy, valid values arecpu
andmemory
. For therandom
placement strategy, this field is not used. For more information, see Amazon ECS task placement strategies.
- type String
Type of placement strategy. The only valid values at this time are
binpack
,random
andspread
.- field String
The field to apply the placement strategy against. For the
spread
placement strategy, valid values areinstanceId
(orhost
, which has the same effect), or any platform or custom attribute that is applied to a container instance, such asattribute:ecs.availability-zone
. For thebinpack
placement strategy, valid values arecpu
andmemory
. For therandom
placement strategy, this field is not used. For more information, see Amazon ECS task placement strategies.
EventTargetEcsTargetPlacementConstraint, EventTargetEcsTargetPlacementConstraintArgs
- Type string
Type of constraint. The only valid values at this time are
memberOf
anddistinctInstance
.- Expression string
Cluster Query Language expression to apply to the constraint. Does not need to be specified for the
distinctInstance
type. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.
- Type string
Type of constraint. The only valid values at this time are
memberOf
anddistinctInstance
.- Expression string
Cluster Query Language expression to apply to the constraint. Does not need to be specified for the
distinctInstance
type. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.
- type String
Type of constraint. The only valid values at this time are
memberOf
anddistinctInstance
.- expression String
Cluster Query Language expression to apply to the constraint. Does not need to be specified for the
distinctInstance
type. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.
- type string
Type of constraint. The only valid values at this time are
memberOf
anddistinctInstance
.- expression string
Cluster Query Language expression to apply to the constraint. Does not need to be specified for the
distinctInstance
type. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.
- type str
Type of constraint. The only valid values at this time are
memberOf
anddistinctInstance
.- expression str
Cluster Query Language expression to apply to the constraint. Does not need to be specified for the
distinctInstance
type. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.
- type String
Type of constraint. The only valid values at this time are
memberOf
anddistinctInstance
.- expression String
Cluster Query Language expression to apply to the constraint. Does not need to be specified for the
distinctInstance
type. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.
EventTargetHttpTarget, EventTargetHttpTargetArgs
- Header
Parameters Dictionary<string, string> Enables you to specify HTTP headers to add to the request.
- Path
Parameter List<string>Values The list of values that correspond sequentially to any path variables in your endpoint ARN (for example
arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*
).- Query
String Dictionary<string, string>Parameters Represents keys/values of query string parameters that are appended to the invoked endpoint.
- Header
Parameters map[string]string Enables you to specify HTTP headers to add to the request.
- Path
Parameter []stringValues The list of values that correspond sequentially to any path variables in your endpoint ARN (for example
arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*
).- Query
String map[string]stringParameters Represents keys/values of query string parameters that are appended to the invoked endpoint.
- header
Parameters Map<String,String> Enables you to specify HTTP headers to add to the request.
- path
Parameter List<String>Values The list of values that correspond sequentially to any path variables in your endpoint ARN (for example
arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*
).- query
String Map<String,String>Parameters Represents keys/values of query string parameters that are appended to the invoked endpoint.
- header
Parameters {[key: string]: string} Enables you to specify HTTP headers to add to the request.
- path
Parameter string[]Values The list of values that correspond sequentially to any path variables in your endpoint ARN (for example
arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*
).- query
String {[key: string]: string}Parameters Represents keys/values of query string parameters that are appended to the invoked endpoint.
- header_
parameters Mapping[str, str] Enables you to specify HTTP headers to add to the request.
- path_
parameter_ Sequence[str]values The list of values that correspond sequentially to any path variables in your endpoint ARN (for example
arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*
).- query_
string_ Mapping[str, str]parameters Represents keys/values of query string parameters that are appended to the invoked endpoint.
- header
Parameters Map<String> Enables you to specify HTTP headers to add to the request.
- path
Parameter List<String>Values The list of values that correspond sequentially to any path variables in your endpoint ARN (for example
arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*
).- query
String Map<String>Parameters Represents keys/values of query string parameters that are appended to the invoked endpoint.
EventTargetInputTransformer, EventTargetInputTransformerArgs
- Input
Template string Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes.
- Input
Paths Dictionary<string, string> Key value pairs specified in the form of JSONPath (for example, time = $.time)
- You can have as many as 100 key-value pairs.
- You must use JSON dot notation, not bracket notation.
- The keys can't start with "AWS".
- Input
Template string Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes.
- Input
Paths map[string]string Key value pairs specified in the form of JSONPath (for example, time = $.time)
- You can have as many as 100 key-value pairs.
- You must use JSON dot notation, not bracket notation.
- The keys can't start with "AWS".
- input
Template String Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes.
- input
Paths Map<String,String> Key value pairs specified in the form of JSONPath (for example, time = $.time)
- You can have as many as 100 key-value pairs.
- You must use JSON dot notation, not bracket notation.
- The keys can't start with "AWS".
- input
Template string Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes.
- input
Paths {[key: string]: string} Key value pairs specified in the form of JSONPath (for example, time = $.time)
- You can have as many as 100 key-value pairs.
- You must use JSON dot notation, not bracket notation.
- The keys can't start with "AWS".
- input_
template str Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes.
- input_
paths Mapping[str, str] Key value pairs specified in the form of JSONPath (for example, time = $.time)
- You can have as many as 100 key-value pairs.
- You must use JSON dot notation, not bracket notation.
- The keys can't start with "AWS".
- input
Template String Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes.
- input
Paths Map<String> Key value pairs specified in the form of JSONPath (for example, time = $.time)
- You can have as many as 100 key-value pairs.
- You must use JSON dot notation, not bracket notation.
- The keys can't start with "AWS".
EventTargetKinesisTarget, EventTargetKinesisTargetArgs
- Partition
Key stringPath The JSON path to be extracted from the event and used as the partition key.
- Partition
Key stringPath The JSON path to be extracted from the event and used as the partition key.
- partition
Key StringPath The JSON path to be extracted from the event and used as the partition key.
- partition
Key stringPath The JSON path to be extracted from the event and used as the partition key.
- partition_
key_ strpath The JSON path to be extracted from the event and used as the partition key.
- partition
Key StringPath The JSON path to be extracted from the event and used as the partition key.
EventTargetRedshiftTarget, EventTargetRedshiftTargetArgs
- Database string
The name of the database.
- Db
User string The database user name.
- Secrets
Manager stringArn The name or ARN of the secret that enables access to the database.
- Sql string
The SQL statement text to run.
- Statement
Name string The name of the SQL statement.
- With
Event bool Indicates whether to send an event back to EventBridge after the SQL statement runs.
- Database string
The name of the database.
- Db
User string The database user name.
- Secrets
Manager stringArn The name or ARN of the secret that enables access to the database.
- Sql string
The SQL statement text to run.
- Statement
Name string The name of the SQL statement.
- With
Event bool Indicates whether to send an event back to EventBridge after the SQL statement runs.
- database String
The name of the database.
- db
User String The database user name.
- secrets
Manager StringArn The name or ARN of the secret that enables access to the database.
- sql String
The SQL statement text to run.
- statement
Name String The name of the SQL statement.
- with
Event Boolean Indicates whether to send an event back to EventBridge after the SQL statement runs.
- database string
The name of the database.
- db
User string The database user name.
- secrets
Manager stringArn The name or ARN of the secret that enables access to the database.
- sql string
The SQL statement text to run.
- statement
Name string The name of the SQL statement.
- with
Event boolean Indicates whether to send an event back to EventBridge after the SQL statement runs.
- database str
The name of the database.
- db_
user str The database user name.
- secrets_
manager_ strarn The name or ARN of the secret that enables access to the database.
- sql str
The SQL statement text to run.
- statement_
name str The name of the SQL statement.
- with_
event bool Indicates whether to send an event back to EventBridge after the SQL statement runs.
- database String
The name of the database.
- db
User String The database user name.
- secrets
Manager StringArn The name or ARN of the secret that enables access to the database.
- sql String
The SQL statement text to run.
- statement
Name String The name of the SQL statement.
- with
Event Boolean Indicates whether to send an event back to EventBridge after the SQL statement runs.
EventTargetRetryPolicy, EventTargetRetryPolicyArgs
- Maximum
Event intAge In Seconds The age in seconds to continue to make retry attempts.
- Maximum
Retry intAttempts maximum number of retry attempts to make before the request fails
- Maximum
Event intAge In Seconds The age in seconds to continue to make retry attempts.
- Maximum
Retry intAttempts maximum number of retry attempts to make before the request fails
- maximum
Event IntegerAge In Seconds The age in seconds to continue to make retry attempts.
- maximum
Retry IntegerAttempts maximum number of retry attempts to make before the request fails
- maximum
Event numberAge In Seconds The age in seconds to continue to make retry attempts.
- maximum
Retry numberAttempts maximum number of retry attempts to make before the request fails
- maximum_
event_ intage_ in_ seconds The age in seconds to continue to make retry attempts.
- maximum_
retry_ intattempts maximum number of retry attempts to make before the request fails
- maximum
Event NumberAge In Seconds The age in seconds to continue to make retry attempts.
- maximum
Retry NumberAttempts maximum number of retry attempts to make before the request fails
EventTargetRunCommandTarget, EventTargetRunCommandTargetArgs
EventTargetSagemakerPipelineTarget, EventTargetSagemakerPipelineTargetArgs
- Pipeline
Parameter List<EventLists Target Sagemaker Pipeline Target Pipeline Parameter List> List of Parameter names and values for SageMaker Model Building Pipeline execution.
- Pipeline
Parameter []EventLists Target Sagemaker Pipeline Target Pipeline Parameter List List of Parameter names and values for SageMaker Model Building Pipeline execution.
- pipeline
Parameter List<EventLists Target Sagemaker Pipeline Target Pipeline Parameter List> List of Parameter names and values for SageMaker Model Building Pipeline execution.
- pipeline
Parameter EventLists Target Sagemaker Pipeline Target Pipeline Parameter List[] List of Parameter names and values for SageMaker Model Building Pipeline execution.
- pipeline_
parameter_ Sequence[Eventlists Target Sagemaker Pipeline Target Pipeline Parameter List] List of Parameter names and values for SageMaker Model Building Pipeline execution.
- pipeline
Parameter List<Property Map>Lists List of Parameter names and values for SageMaker Model Building Pipeline execution.
EventTargetSagemakerPipelineTargetPipelineParameterList, EventTargetSagemakerPipelineTargetPipelineParameterListArgs
EventTargetSqsTarget, EventTargetSqsTargetArgs
- Message
Group stringId The FIFO message group ID to use as the target.
- Message
Group stringId The FIFO message group ID to use as the target.
- message
Group StringId The FIFO message group ID to use as the target.
- message
Group stringId The FIFO message group ID to use as the target.
- message_
group_ strid The FIFO message group ID to use as the target.
- message
Group StringId The FIFO message group ID to use as the target.
Import
Using pulumi import
, import EventBridge Targets using event_bus_name/rule-name/target-id
(if you omit event_bus_name
, the default
event bus will be used). For example:
$ pulumi import aws:cloudwatch/eventTarget:EventTarget test-event-target rule-name/target-id
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.
Try AWS Native preview for resources not in the classic version.