Reputation: 258
Amazon EventBridge Policies for AWS Services as targets using CF/SAM
I'm using AWS CloudFormation to setup an EventBridge Bus + Rules + Targets (say SNS). For SNS as a target, per the doc at https://docs.aws.amazon.com/eventbridge/latest/userguide/resource-based-policies-eventbridge.html#sns-permissions, I need to apply resource policies outside of CloudFormation and I don't think CF supports this yet?
For CW Logs Group as a target, Im using the aws logs put-resource-policy to set this up in a script. Is there a better way to automate this?
Upvotes: 2
Views: 918
Answers (2)
Reputation: 258
Here is a snippet from my SAM:
{
"MyDevQueue": {
"Properties": {
"QueueName": "my-dev-queue",
"ReceiveMessageWaitTimeSeconds": 20,
"Tags": [
{
"Key": "env",
"Value": "dev"
}
],
"VisibilityTimeout": 300
},
"Type": "AWS::SQS::Queue"
},
"MyDevQueuePolicy": {
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"SQS:SendMessage"
],
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:events:<region>:<AccountID>:rule/my-dev-queue/my-dev-queue"
}
},
"Effect": "Allow",
"Principal": {
"Service": [
"events.amazonaws.com"
]
},
"Resource": [
{
"Fn::GetAtt": [
"MyDevQueue",
"Arn"
]
}
]
}
]
},
"Queues": [
"MyDevQueue"
]
},
"Type": "AWS::SQS::QueuePolicy"
}
}
Upvotes: 2
Reputation: 238051
The link you've provided refers to setting up permissions for SNS topic. Setting such permissions is supported by the CloudFormation by means of AWS::SNS::TopicPolicy.
However, you also state that you want to set resource-based policies on the CloudWatch Logs (aws logs put-resource-policy). If this is the case, then you are correct and it is not supported in CloudFormation.
You would have to use custom resource based on a lambda function to add such functionality to your templates.
Upvotes: 2
Related Questions
- How to set 'EC2 StopInstances' API call as EventBridge target using Cloudformation
- AWS EventBridge : multiple source events for 1 Target
- Update existing Eventbridge Rule to include a new target using CloudFormation script
- How to query EventBridge rules with config/advanced queries?
- AWS EventBridge Rule Event Pattern
- Adding lambda target role to AWS Eventbridge rule in Cloudformation fails
- Tag based policies for EventBridge PutEvents
- How do I specify another AWS account's Event Bus as a target of an EventBridge rule using CloudFormation or CDK?
- SAM template for an EventBridge that triggers SQS
- AWS EventBridge as Lambda destination