-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws-cf-template-health-forwarder-orgs-v1.0.yaml
67 lines (63 loc) · 2.01 KB
/
aws-cf-template-health-forwarder-orgs-v1.0.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
AWSTemplateFormatVersion: '2010-09-09'
Description: 'This CloudFormation Stack-sets template sends AWS Health events to the Data Collector account for each account managed through AWS Organizations. (StackSets version)'
Parameters:
Project:
Type: String
MinLength: '3'
MaxLength: '8'
Description: Project name (3-8 characters)
Default: 'cops'
CollectorEventBusArn:
Type: String
Description: 'ARN of the target event bus in the collector account'
Team:
Type: String
Description: Team name
Default: PEOps
Resources:
HealthEventForwardingRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Sub ${Project}HealthEventForwardingOrgRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: events.amazonaws.com
Action: 'sts:AssumeRole'
Policies:
- PolicyName: !Sub ${Project}EventBridgePutEventsOrgPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: 'events:PutEvents'
Resource: !Ref CollectorEventBusArn
Tags:
- Key: Name
Value: !Sub ${Project}HealthEventForwardingOrgRole
- Key: Project
Value: !Ref Project
- Key: Team
Value: !Ref Team
HealthEventRule:
Type: 'AWS::Events::Rule'
Properties:
Name: !Sub '${Project}-health-deliver-org-rule'
Description: 'Forward AWS Health events to Data Collector account'
EventPattern:
source:
- 'aws.health'
State: 'ENABLED'
Targets:
- Arn: !Ref CollectorEventBusArn
Id: 'ForwardToCollectorEventBus'
RoleArn: !GetAtt HealthEventForwardingRole.Arn
Outputs:
RuleArn:
Description: 'ARN of the created EventBridge rule'
Value: !GetAtt HealthEventRule.Arn
RoleArn:
Description: 'ARN of the IAM role for event forwarding'
Value: !GetAtt HealthEventForwardingRole.Arn