pulumi-aws-kotlin/com.pulumi.aws.cloudwatch.kotlin/EventPermissionArgs

EventPermissionArgs

data class EventPermissionArgs(val action: Output<String>? = null, val condition: Output<EventPermissionConditionArgs>? = null, val eventBusName: Output<String>? = null, val principal: Output<String>? = null, val statementId: Output<String>? = null) : ConvertibleToJava<EventPermissionArgs>

Provides a resource to create an EventBridge permission to support cross-account events in the current account default event bus.

Note: EventBridge was formerly known as CloudWatch Events. The functionality is identical. Note: The EventBridge bus policy resource (aws.cloudwatch.EventBusPolicy) is incompatible with the EventBridge permission resource (aws.cloudwatch.EventPermission) and will overwrite permissions.

Example Usage

Account Access

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const devAccountAccess = new aws.cloudwatch.EventPermission("DevAccountAccess", {
    principal: "123456789012",
    statementId: "DevAccountAccess",
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
dev_account_access = aws.cloudwatch.EventPermission("DevAccountAccess",
    principal="123456789012",
    statement_id="DevAccountAccess")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var devAccountAccess = new Aws.CloudWatch.EventPermission("DevAccountAccess", new()
    {
        Principal = "123456789012",
        StatementId = "DevAccountAccess",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudwatch.NewEventPermission(ctx, "DevAccountAccess", &cloudwatch.EventPermissionArgs{
			Principal:   pulumi.String("123456789012"),
			StatementId: pulumi.String("DevAccountAccess"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.EventPermission;
import com.pulumi.aws.cloudwatch.EventPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var devAccountAccess = new EventPermission("devAccountAccess", EventPermissionArgs.builder()
            .principal("123456789012")
            .statementId("DevAccountAccess")
            .build());
    }
}
Content copied to clipboard
resources:
  devAccountAccess:
    type: aws:cloudwatch:EventPermission
    name: DevAccountAccess
    properties:
      principal: '123456789012'
      statementId: DevAccountAccess
Content copied to clipboard

Organization Access

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const organizationAccess = new aws.cloudwatch.EventPermission("OrganizationAccess", {
    principal: "*",
    statementId: "OrganizationAccess",
    condition: {
        key: "aws:PrincipalOrgID",
        type: "StringEquals",
        value: example.id,
    },
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
organization_access = aws.cloudwatch.EventPermission("OrganizationAccess",
    principal="*",
    statement_id="OrganizationAccess",
    condition=aws.cloudwatch.EventPermissionConditionArgs(
        key="aws:PrincipalOrgID",
        type="StringEquals",
        value=example["id"],
    ))
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var organizationAccess = new Aws.CloudWatch.EventPermission("OrganizationAccess", new()
    {
        Principal = "*",
        StatementId = "OrganizationAccess",
        Condition = new Aws.CloudWatch.Inputs.EventPermissionConditionArgs
        {
            Key = "aws:PrincipalOrgID",
            Type = "StringEquals",
            Value = example.Id,
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudwatch.NewEventPermission(ctx, "OrganizationAccess", &cloudwatch.EventPermissionArgs{
			Principal:   pulumi.String("*"),
			StatementId: pulumi.String("OrganizationAccess"),
			Condition: &cloudwatch.EventPermissionConditionArgs{
				Key:   pulumi.String("aws:PrincipalOrgID"),
				Type:  pulumi.String("StringEquals"),
				Value: pulumi.Any(example.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.EventPermission;
import com.pulumi.aws.cloudwatch.EventPermissionArgs;
import com.pulumi.aws.cloudwatch.inputs.EventPermissionConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var organizationAccess = new EventPermission("organizationAccess", EventPermissionArgs.builder()
            .principal("*")
            .statementId("OrganizationAccess")
            .condition(EventPermissionConditionArgs.builder()
                .key("aws:PrincipalOrgID")
                .type("StringEquals")
                .value(example.id())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  organizationAccess:
    type: aws:cloudwatch:EventPermission
    name: OrganizationAccess
    properties:
      principal: '*'
      statementId: OrganizationAccess
      condition:
        key: aws:PrincipalOrgID
        type: StringEquals
        value: ${example.id}
Content copied to clipboard

Import

Using pulumi import, import EventBridge permissions using the event_bus_name/statement_id (if you omit event_bus_name, the default event bus will be used). For example:

$ pulumi import aws:cloudwatch/eventPermission:EventPermission DevAccountAccess example-event-bus/DevAccountAccess
Content copied to clipboard

Constructors

Link copied to clipboard
fun EventPermissionArgs(action: Output<String>? = null, condition: Output<EventPermissionConditionArgs>? = null, eventBusName: Output<String>? = null, principal: Output<String>? = null, statementId: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): EventPermissionArgs

Properties

Link copied to clipboard
val action: Output<String>? = null

The action that you are enabling the other account to perform. Defaults to events:PutEvents.

Link copied to clipboard
val condition: Output<EventPermissionConditionArgs>? = null

Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below.

Link copied to clipboard
val eventBusName: Output<String>? = null

The name of the event bus to set the permissions on. If you omit this, the permissions are set on the default event bus.

Link copied to clipboard
val principal: Output<String>? = null

The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify * to permit any account to put events to your default event bus, optionally limited by condition.

Link copied to clipboard
val statementId: Output<String>? = null

An identifier string for the external account that you are granting permissions to.