Many DevOps teams use Terraform to manage AWS EventBridge. However, using AWS EventBridge to monitor Terraform events is less discussed. We'll review how Scalr's native integration with EventBridge allows you to build event-driven workflows based on Terraform events.
First, let’s review what AWS EventBridge is:
AWS EventBridge is a powerful serverless event bus that makes it easy to connect your applications with data from various event sources. It delivers real-time data from SaaS applications and AWS services and routes the data to targets like AWS Cloud Watch or Lambda. EventBridge is a key component of AWS event-driven architectures.
Key concepts in EventBridge include:
EventBridge integrates with over 90 AWS services as event sources, including CloudWatch, EC2, S3, and CodeCommit, and integrates with many third-party tools. It enables you to easily build event-driven workflows that react to state changes.
Terraform is an infrastructure-as-code tool that enables you to provision and manage your AWS and other providers, infrastructure, and resources through declarative configuration files. Terraform and OpenTofu support the AWS provider with resources for managing EventBridge components.
Here are a few examples of the provider and module usage, but full documentation can be found in library.tf
In this example, we’ll create an EventBridge bus with the supported module, create a rule, and then send it to target, in this case, AWS Cloudwatch:
module "eventbridge" {
source = "terraform-aws-modules/eventbridge/aws"
bus_name = "scalr-example"
rules = {
events = {
description = "Capture event data"
event_pattern = jsonencode({ "source" : ["scalr.events"] })
enabled = true
}
}
targets = {
events = [
{
name = "scalr-events-to-cloudwatch"
arn = aws_cloudwatch_log_group.this.arn
}
]
}
tags = {
Name = "scalr-example"
}
}
Now that we have covered both tools, let’s review how you can use AWS EventBridge to create an event-driven workflow based on a Terraform event, such as a Terraform apply failing. This is where the Scalr native integration with AWS EventBridge is key.
Scalr is a Terraform automation and collaboration tool that remotely executes your terraform code while also integrating with many third-party tools to tie your entire ecosystem together. Because the runs are actually executed in Scalr, Scalr can log events and trigger actions based on the events. Here are a couple of common use cases that are seen with the events triggered from Scalr to EventBridge:
The Scalr-EventBridge integration empowers organizations to create sophisticated workflow automation across their ecosystem. Users can design EventBridge rules that trigger specific actions in response to Scalr and Terraform events. For instance, a successful Terraform run could automatically initiate additional resource provisioning, while a failed run in a critical environment could trigger immediate notifications to the operations team. Completion of a large-scale infrastructure update might prompt automated testing routines.
Scalr not only can trigger calls to EventBridge based on events, but it can also stream user activity to EventBridge, which allows organizations to create a detailed audit log of all account actions. This comprehensive tracking covers changes made to resources across various Scalr services. Organizations can utilize this audit trail for multiple purposes, including:
This enhanced visibility into user activities and resource modifications helps maintain security, improve operational efficiency, and support decision-making processes.
Scalr has a pre-built event bus in AWS that can be used for this. The integration is started from the Scalr UI:
After any Terraform run event in Scalr, Scalr will automatically send information about the run to EventBridge. Here is a sample event:
{
"id": "run-1234567890",
"account": "test",
"version": 1,
"time": "2024-04-19T13:44:02Z",
"source": "aws.partner/scalr.com/account-name/integration-name",
"resources": [],
"region": "us-east-1",
"detail-type": "RunExecuted",
"detail": {
"title": "Scalr run execution completed on workspace 'workspace-name' (environment-name). Run ID: run-1234567890.",
"event": {
"run-id": "run-1234567890",
"source": "vcs",
"is-dry": false,
"is-destroy": false,
"is-agent": false,
"is-postponed": false,
"result": "applied",
"duration": 137000000000.0,
"account": "account-name",
"workspace": "workspace-name",
"environment": "environment-name",
"user-email": "[email protected]"
},
"tags": [
"scalr-environment:env-1234567890",
"scalr-workspace:ws-1234567890",
"scalr-environment-name:environment-name",
"scalr-workspace-name:workspace-name"
],
"event_type": "success"
}
}
An EventBridge bus captures the information, and a rule is created in AWS to determine what to do with the information. A common use case is to forward this information to AWS CloudWatch log group so that teams can set up alerts based on Terraform run event failures.
Scalr also provides the option to send audit logs to AWS EventBridge. Rather than run events, users can create EventBridge rules based on actions taken in Scalr such as a Terraform workspace deletion, a run being approved, and more. Here is an example of an audit log that is send to EventBridge and then likely forwarded to Cloudwatch or a SaaS solution such as Datadog:
{
"id": "63ddd008eced0487812b1005f06ddff4",
"version": 0,
"account": 123456789012,
"time": "2024-04-19T13:44:02Z",
"source": "aws.partner/scalr.com/account-name/integration-name",
"resources": [],
"region": "us-east-1",
"detail-type": "AuditLog",
"detail": {
"target": {
"id": "ws-1234567890",
"type": "workspaces",
"display-name": "workspace-name",
"context": {
"environment": {
"id": "env-1234567890",
"display-name": "environment-name"
},
"workspace": {
"id": "ws-1234567890",
"display-name": "workspace-name"
},
"account": {
"id": "acc-1234567890",
"display-name": "account-name"
}
}
},
"timestamp": "2024-04-19T13:44:02.335490",
"request": {
"id": "63ddd008eced0487812b1005f06ddff4",
"action": "create-workspace",
"ip-address": "10.21.0.30",
"source": "ui",
"user-agent": "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0"
},
"actor": {
"id": "user-1234567890",
"email": "[email protected]",
"type": "user",
"access-token": {
"id": null,
"type": "session",
"token": "...UlzZ-c"
}
},
"outcome": {
"result": "SUCCESS",
"status-code": 201
},
"tags": [
"scalr-action:create-workspace",
"scalr-user-email:[email protected]",
"scalr-environment:env-1234567890",
"scalr-environment-name:environment-name",
"scalr-workspace:ws-1234567890",
"scalr-workspace-name:workspace-name"
]
}
}
Would you prefer to see a demo of it? In the link below, we review how to integrate Scalr with AWS EventBridge to send audit logs and events in EventBridge:
Scalr Integration w/ AWS EventBridge for Terraform & OpenTofu
Terraform and Amazon EventBridge make a powerful combination, whether it is using Terraform to automate the creation of EventBridge resources or using Evetbridge to create an event-driven workflow. Up until now, Scalr was the missing piece that tied the two together so that you could actually receive Terraform events in EventBridge itself. This is now available on both free and paid plans; give it a try in Scalr today.