Resource: awsCloudwatchEventPermission
Provides a resource to create an EventBridge permission to support cross-account events in the current account default event bus.
\~> Note: EventBridge was formerly known as CloudWatch Events. The functionality is identical.
\~> Note: The EventBridge bus policy resource (awsCloudwatchEventBusPolicy
) is incompatible with the EventBridge permission resource (awsCloudwatchEventPermission
) and will overwrite permissions.
Example Usage
Account Access
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudwatchEventPermission.CloudwatchEventPermission(
this,
"DevAccountAccess",
{
principal: "123456789012",
statementId: "DevAccountAccess",
}
);
Organization Access
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudwatchEventPermission.CloudwatchEventPermission(
this,
"OrganizationAccess",
{
condition: {
key: "aws:PrincipalOrgID",
type: "StringEquals",
value: "${aws_organizations_organization.example.id}",
},
principal: "*",
statementId: "OrganizationAccess",
}
);
Argument Reference
The following arguments are supported:
principal
- (Required) The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify*
to permit any account to put events to your default event bus, optionally limited bycondition
.statementId
- (Required) An identifier string for the external account that you are granting permissions to.action
- (Optional) The action that you are enabling the other account to perform. Defaults toevents:putEvents
.condition
- (Optional) Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below.eventBusName
- (Optional) The name of the event bus to set the permissions on. If you omit this, the permissions are set on thedefault
event bus.
condition
key
- (Required) Key for the condition. Valid values:aws:principalOrgId
.type
- (Required) Type of condition. Value values:stringEquals
.value
- (Required) Value for the key.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The statement ID of the EventBridge permission.
Import
EventBridge permissions can be imported using the eventBusName/statementId
(if you omit eventBusName
, the default
event bus will be used), e.g.,