Trying to create a CloudWatch Event Configuration.

[getsec]

Description

Hi, this may be complete waste of time, and to be fair, I'm embarrassed to ask, but for the life of me, I cannot find how to create a CloudWatch Event based configuration for this module. Please send help 🛳

I have the following code

provider "aws" {
  region = "us-west-1"
}


module "lambda_function" {
  # https://registry.terraform.io/modules/terraform-aws-modules/lambda/aws/latest
  source = "terraform-aws-modules/lambda/aws"
  
  attach_policy_statements  = true # needed for policy_statements
  create_async_event_config = true # needed to create trigger
  function_name             = "menlo-tenable-automation-scanImage"
  description               = "Lambda function scans AMI, stores status in s3"
  handler                   = "index.handler"
  runtime                   = "python3.8"
  source_path               = "lambda/scan_ami"
  publish                   = true # https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/36
  policy_statements         = {
    read_ssm_param = {
      effect    = "Allow",
      actions   = ["ssm:GetParameter*"],
      resources = ["arn:aws:ssm:us-west-1:620951686071:parameter/x"]
    }
  }

  environment_variables    = {
    tenable_creds = var.aws_ssm_tenable_io_creds_parameter_name
  }
  allowed_triggers = {
    CloudWatchEventTrigger = {
      principal  = "events.amazonaws.com"
      source_arn = aws_cloudwatch_event_rule.scan_ami.arn
    }
  }
}

resource "aws_cloudwatch_event_rule" "scan_ami" {
    name = "EC2CreateImageEvent"
    description = "EC2 Create Image Event..."
    event_pattern = <<EOF
{
  "source": ["aws.ec2"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["ec2.amazonaws.com"],
    "eventName": ["CreateImage"]
  }
}
EOF
}

The code deploys fine, but I get the following error in the lambda config page

So I tried to add a CloudWatch event target block to my main.tf

resource "aws_cloudwatch_event_target" "scan_ami_target" {
    rule = aws_cloudwatch_event_rule.scan_ami.name
    target_id = "test"
    arn = lambda_function.arn
}

but it results in the error below

Versions

Terraform v0.14.7
+ provider registry.terraform.io/hashicorp/aws v3.31.0
+ provider registry.terraform.io/hashicorp/external v2.1.0
+ provider registry.terraform.io/hashicorp/local v2.1.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0

Terminal Output Screenshot(s)

Error: Reference to undeclared resource

  on main.tf line 55, in resource "aws_cloudwatch_event_target" "scan_ami_target":
  55:     arn = lambda_function.arn

A managed resource "lambda_function" "arn" has not been declared in the root
module.

Thanks for any help. Cheers!

[antonbabenko]

Hi @getsec !

You have done it almost right already. I have just added an example for this in #126.

Hopefully, it helps you.

[getsec]

@antonbabenko You are a god 🙏. Thank you so much.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.