Open3
AWSログイン通知・SwitchRole通知をするためのCFn
sonzaiReceiver側
---
AWSTemplateFormatVersion: "2010-09-09"
Description: "EventBridge Cross-Region Routing (Receiver)"
# https://dev.classmethod.jp/articles/eventbridge-cross-region-iac/
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: "General Information"
Parameters:
- SystemName
- EnvironmentName
Parameters:
SystemName:
Type: String
Default: example
EnvironmentName:
Type: String
AllowedValues: [prd, stg, dev]
Default: dev
Resources:
ReceiverEventBus:
Type: AWS::Events::EventBus
Properties:
Name: !Sub "${SystemName}-${EnvironmentName}-eventbridge-bus-receiver"
ReceiverEventRule:
Type: AWS::Events::Rule
Properties:
Name: !Sub "${SystemName}-${EnvironmentName}-eventbridge-rule-receiver"
Description: "Publish event notificatons to SNS"
EventBusName: !Ref ReceiverEventBus
EventPattern: |
{
"source": ["aws.signin"],
"detail-type": ["AWS Console Sign In via CloudTrail"],
"detail": {
"eventSource": ["signin.amazonaws.com"],
"eventName": ["SwitchRole"]
}
}
Targets:
- Id: "SNSTopic1"
Arn: !Ref SNSTopic
SNSTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: !Sub "${SystemName}-${EnvironmentName}-sns-topic"
SNSTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
Topics:
- !Ref SNSTopic
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "events.amazonaws.com"
Action:
- "sns:Publish"
Resource: !Ref SNSTopic
IAMRoleEventBridge:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${SystemName}-${EnvironmentName}-eventbridge-role"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "events.amazonaws.com"
Action:
- "sts:AssumeRole"
IAMPolicyEventBridge:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Sub "${SystemName}-${EnvironmentName}-eventbridge-policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "events:PutEvents"
Resource:
- !GetAtt ReceiverEventBus.Arn
Roles:
- !Ref IAMRoleEventBridge
Outputs:
ReceiverEventBusARN:
Value: !GetAtt ReceiverEventBus.Arn
Export:
Name: !Sub "${AWS::StackName}::ReceiverEventBusARN"
IAMRoleEventBridgeARN:
Value: !GetAtt IAMRoleEventBridge.Arn
Export:
Name: !Sub "${AWS::StackName}::IAMRoleEventBridgeARN"
sender側
---
AWSTemplateFormatVersion: "2010-09-09"
Description: "EventBridge Cross-Region Routing (Sender)"
# https://dev.classmethod.jp/articles/eventbridge-cross-region-iac/
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: "General Information"
Parameters:
- SystemName
- EnvironmentName
- Label:
default: "EventBridge Target Reference"
Parameters:
- TargetEventBusARN
- IAMRoleARN
Parameters:
SystemName:
Type: String
Default: example
EnvironmentName:
Type: String
AllowedValues: [prd, stg, dev]
Default: dev
TargetEventBusARN:
Type: String
IAMRoleARN:
Type: String
Resources:
SenderEventRule:
Type: AWS::Events::Rule
Properties:
Name: !Sub "${SystemName}-${EnvironmentName}-eventbridge-rule-sender"
Description: "Send events to receiver EventBridge"
EventPattern: |
{
"source": ["aws.signin"],
"detail-type": ["AWS Console Sign In via CloudTrail"],
"detail": {
"eventSource": ["signin.amazonaws.com"],
"eventName": ["SwitchRole"]
}
}
Targets:
- Id: "ReceiverEventBus"
Arn: !Ref TargetEventBusARN
RoleArn: !Ref IAMRoleARN
Thanks to classmethod