forked from trussworks/terraform-aws-config-notifications
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
54 lines (44 loc) · 1.44 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#
# SNS
#
data "aws_sns_topic" "main" {
name = var.sns_topic_name
}
#
# CloudWatch Event
#
resource "aws_cloudwatch_event_rule" "compliance_event" {
name = "awsconfig-compliance-events"
description = "AWS Config compliance events"
event_pattern = file("${path.module}/compliance-event-pattern.json")
}
resource "aws_cloudwatch_event_target" "compliance_event" {
rule = aws_cloudwatch_event_rule.compliance_event.name
target_id = "send-to-sns"
arn = data.aws_sns_topic.main.arn
input_transformer {
input_paths = {
rule = "$.detail.configRuleName"
resource = "$.detail.resourceId"
status = "$.detail.newEvaluationResult.complianceType"
}
input_template = "\"AWS Config Compliance Change: Rule <rule> triggered for resource <resource>. New Status: <status>.\""
}
}
resource "aws_cloudwatch_event_rule" "config_event" {
name = "awsconfig-events"
description = "AWS Config events"
event_pattern = file("${path.module}/config-event-pattern.json")
}
resource "aws_cloudwatch_event_target" "config_event" {
rule = aws_cloudwatch_event_rule.config_event.name
target_id = "send-to-sns"
arn = data.aws_sns_topic.main.arn
input_transformer {
input_paths = {
event = "$.detail.eventName"
parameters = "$.detail.requestParameters"
}
input_template = "\"AWS Config Change: Event <event> with request parameters: <parameters>.\""
}
}