Resource: awsBudgetsBudgetAction
Provides a budget action resource. Budget actions are cost savings controls that run either automatically on your behalf or by using a workflow approval process.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsBudgetsBudgetExample = new aws.budgetsBudget.BudgetsBudget(
this,
"example",
{
budgetType: "USAGE",
limitAmount: "10.0",
limitUnit: "dollars",
name: "example",
timePeriodStart: "2006-01-02_15:04",
timeUnit: "MONTHLY",
}
);
const dataAwsIamPolicyDocumentExample =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example_1", {
statement: [
{
actions: ["ec2:Describe*"],
effect: "Allow",
resources: ["*"],
},
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentExample.overrideLogicalId("example");
const dataAwsPartitionCurrent = new aws.dataAwsPartition.DataAwsPartition(
this,
"current",
{}
);
const awsIamPolicyExample = new aws.iamPolicy.IamPolicy(this, "example_3", {
description: "My example policy",
name: "example",
policy: dataAwsIamPolicyDocumentExample.json,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamPolicyExample.overrideLogicalId("example");
const dataAwsIamPolicyDocumentAssumeRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"assume_role",
{
statement: [
{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [
{
identifiers: [`budgets.\${${dataAwsPartitionCurrent.dnsSuffix}}`],
type: "Service",
},
],
},
],
}
);
const awsIamRoleExample = new aws.iamRole.IamRole(this, "example_5", {
assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
name: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleExample.overrideLogicalId("example");
const awsBudgetsBudgetActionExample =
new aws.budgetsBudgetAction.BudgetsBudgetAction(this, "example_6", {
actionThreshold: {
actionThresholdType: "ABSOLUTE_VALUE",
actionThresholdValue: 100,
},
actionType: "APPLY_IAM_POLICY",
approvalModel: "AUTOMATIC",
budgetName: awsBudgetsBudgetExample.name,
definition: {
iamActionDefinition: {
policyArn: awsIamPolicyExample.arn,
roles: [awsIamRoleExample.name],
},
},
executionRoleArn: awsIamRoleExample.arn,
notificationType: "ACTUAL",
subscriber: [
{
address: "example@example.example",
subscriptionType: "EMAIL",
},
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsBudgetsBudgetActionExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
accountId
- (Optional) The ID of the target account for budget. Will use current user's account_id by default if omitted.budgetName
- (Required) The name of a budget.actionThreshold
- (Required) The trigger threshold of the action. See Action Threshold.actionType
- (Required) The type of action. This defines the type of tasks that can be carried out by this action. This field also determines the format for definition. Valid values areAPPLY_IAM_POLICY
,APPLY_SCP_POLICY
, andRUN_SSM_DOCUMENTS
.approvalModel
- (Required) This specifies if the action needs manual or automatic approval. Valid values areautomatic
andmanual
.definition
- (Required) Specifies all of the type-specific parameters. See Definition.executionRoleArn
- (Required) The role passed for action execution and reversion. Roles and actions must be in the same account.notificationType
- (Required) The type of a notification. Valid values areactual
orforecasted
.subscriber
- (Required) A list of subscribers. See Subscriber.
Action Threshold
actionThresholdType
- (Required) The type of threshold for a notification. Valid values arepercentage
orABSOLUTE_VALUE
.actionThresholdValue
- (Required) The threshold of a notification.
Subscriber
address
- (Required) The address that AWS sends budget notifications to, either an SNS topic or an email.subscriptionType
- (Required) The type of notification that AWS sends to a subscriber. Valid values aresns
oremail
.
Definition
iamActionDefinition
- (Optional) The AWS Identity and Access Management (IAM) action definition details. See IAM Action Definition.ssmActionDefinition
- (Optional) The AWS Systems Manager (SSM) action definition details. See SSM Action Definition.scpActionDefinition
- (Optional) The service control policies (SCPs) action definition details. See SCP Action Definition.
IAM Action Definition
policyArn
- (Required) The Amazon Resource Name (ARN) of the policy to be attached.groups
- (Optional) A list of groups to be attached. There must be at least one group.roles
- (Optional) A list of roles to be attached. There must be at least one role.users
- (Optional) A list of users to be attached. There must be at least one user.
SCP Action Definition
policyId
- (Required) The policy ID attached.targetIds
- (Optional) A list of target IDs.
SSM Action Definition
actionSubType
- (Required) The action subType. Valid values areSTOP_EC2_INSTANCES
orSTOP_RDS_INSTANCES
.instanceIds
- (Required) The EC2 and RDS instance IDs.region
- (Required) The Region to run the SSM document.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
actionId
- The id of the budget action.id
- ID of resource.arn
- The ARN of the budget action.status
- The status of the budget action.
Timeouts
create
- (Default5M
)update
- (Default5M
)
Import
Budgets can be imported using accountId:actionId:budgetName
, e.g.,
$TerraformImportAwsBudgetsBudgetActionMyBudget123456789012:someId:myBudget