Add support for CMK (encryption) for the EventBridge #4192
Labels
enhancement
New feature or request
Comments
stuartp44
changed the title
npalm
added a commit
that referenced
this issue
Oct 28, 2024
## Description This PR introduces the AWS EventBridge. The EventBridge can be enabled with the options `webhook_mode`, which can be set to either `direct` or `eventbridge`. In the direct mode the olds way of handling is still applied. When setting the mode to `eventbridge` events will publshed on the AWS EventBridge, which is not limited only to the event `workflow_job` with statues `queued` via a target rule events relevant for scaling a snet to the dispatcher lambda to distrute to a SQS queue for sacling. ## Todo - [x] Refactor lambda and add EventBridge - [x] Refactor webhook module (TF) to support EventBridge - [x] Test example default - [x] Test example multi runner - [x] Adjust docs - [x] Reduce permissions on webhook and dispatcher lambda for eventbridge mode - [x] Add configuration for allowed events on the EventBridge - [ ] Add support for CMK (encruption) to EventBridge #4192 ## MIgration directions The change is backwards compatible but will recreate resources managed by the internal module webhook. The only resource contianing data is the CloudWatch LogGroup. To retain the log geroup you can run a terraform state move. Or add a `moved` block to your deployemnt. ### Migrating to this version With module defaults or eventbridge is not eanavbled ```hcl # log group moved { from = module.<runner-module-name>.module.webhook.aws_cloudwatch_log_group.webhook to = module.<runner-module-name>.module.webhook.module.direct[0].aws_cloudwatch_log_group.webhook } # lambda moved { from = module.<runner-module-name>.module.webhook.aws_lambda_function.webhook to = module.<runner-module-name>.module.webhook.module.direct[0].aws_lambda_function.webhook } ``` Or with `webhook_mode = eventbridge` ```hcl # log group moved { from = module.<runner-module-name>.module.webhook.aws_cloudwatch_log_group.webhook to = module.<runner-module-name>.module.webhook.module.direct[0].aws_cloudwatch_log_group.webhook } # lambda moved { from = module.<runner-module-name>.module.webhook.aws_lambda_function.webhook to = module.<runner-module-name>.module.webhook.module.direct[0].aws_lambda_function.webhook } ``` ### When switching between direct and eventbridge When enable mode `eventbridge` ```hcl # log group moved { from = module.runners.module.webhook.module.direct[0].aws_cloudwatch_log_group.webhook to = module.runners.module.webhook.module.eventbridge[0].aws_cloudwatch_log_group.webhook } # lambda moved { from = module.runners.module.webhook.module.direct[0].aws_lambda_function.webhook to = module.runners.module.webhook.module.eventbridge[0].aws_lambda_function.webhook } ``` Or vice versa for moving from `eventbride` to `webhook` --------- Co-authored-by: philips-labs-pr|bot <philips-labs-pr[bot]@users.noreply.github.com> Co-authored-by: Marco Pas <[email protected]> Co-authored-by: Stuart Pearson <[email protected]>
|
Hi, |
|
By default messages on the eventbride are encrypted by AWS, but currently a CMK is not used for the EventBridge. For SQS a CMK can be applied to the module. I had no time to dig in futher. So for that reason this issue. Would be great to get community support here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See #4188
The text was updated successfully, but these errors were encountered: