fix(forwarder): filter eventbridge triggers by source bucket (#175)

Terraform counterpart to observeinc/aws-sam-apps#307
observeinc · Jun 17, 2024 · d4d0197 · d4d0197
1 parent a885cc6
commit d4d0197
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/modules/forwarder/eventbridge.tf b/modules/forwarder/eventbridge.tf
@@ -1,14 +1,23 @@
 resource "aws_cloudwatch_event_rule" "this" {
+  # Ideally we'd only gate this resource on the source bucket names, i.e:
+  #
+  #   count = length(var.source_bucket_names) > 0 ? 1 : 0
+  #
+  # This formulation would potentially depend on resources that can only be
+  # determined at apply, so instead we adjust our event pattern to filter all
+  # events out if no source buckets are provided.
   name_prefix    = local.name_prefix
   description    = "Trigger copy for object created events"
   event_bus_name = "default"
 
-  event_pattern = jsonencode(
-    {
-      source      = ["aws.s3"]
-      detail-type = ["Object Created"],
-    },
-  )
+  event_pattern = jsonencode({
+    "source"      = ["aws.s3"]
+    "detail-type" = ["Object Created"],
+    "detail.bucket.name" = [
+      # list must have elements, so we introduce an empty match
+      for name in concat([""], var.source_bucket_names) : { "wildcard" : name }
+    ],
+  })
 }
 
 resource "aws_cloudwatch_event_target" "this" {