feat: Add EventBridge bus logging configuration

[tiagovmvieira]

Description

Adds support for EventBridge bus logging configuration through the new bus_log_config variable. This functionality allows users to configure the detail level and logging level for EventBridge buses.

The bus_log_config variable is an optional object with two fields:

• include_detail: Controls the level of detail in logs (accepts "NONE" or "FULL")

• level: Controls the logging level (accepts "OFF", "ERROR", "INFO", or "TRACE")

Motivation and Context

#182

This change adds essential functionality for monitoring and debugging EventBridge buses. The logging configuration enables users to:

• Configure the level of detail in EventBridge logs
• Define the severity level of logs (OFF, ERROR, INFO, TRACE)
• Improve observability and troubleshooting of events
• Control logging costs through appropriate detail level configuration

This functionality was missing from the module and is a native AWS EventBridge capability that should be available through the Terraform module.

Breaking Changes

No breaking changes. The new bus_log_config variable has an empty default value {} and all fields are optional, maintaining compatibility with existing implementations.

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects

• I have executed pre-commit run -a on my pull request

[tiagovmvieira]

@svenlito and @magreenbaum can I have a review from you on this one?

Thanks in advance

[alavec]

@tiagovmvieira Good job, how about specifying log group and place to store?

[tiagovmvieira]

@magreenbaum Thanks for your review ;)

I have applied your suggestions. May I get your approval?

[tiagovmvieira]

Hi @alavec . Thanks for raising such an important pointing that was missing in my initial implementation.

So,

I've updated my PR to consider the supported destinations for the EventBridge Bus logs (CloudWatch Log Group, S3 Bucket, Firehose). I've followed the example described in here. Actually, I've adapted it a bit to fit in this EventBridge module, specifically I haven't considered the CloudWatch Log Group, S3 Bucket and Firehose stream resource management in the module, but their required metadata is provided as an input instead.

I've also included a new example in the examples folder (with-bus-logging) where I attempt to provide an example on how to configure the Event Bus logging with such destinations. As I haven't found a Terraform module belonging to terraform-aws-modules organization that manages a Firehose Stream, I haven't considered this specific destination in my example.

A review from you is much appreaciated ;)

[atty303]

It looks like you forgot to remove "? 1 : 0".

╷
│ Error: Incorrect condition type
│ 
│   on .terraform/modules/eventbus.eventbridge/main.tf line 168, in resource "aws_cloudwatch_log_delivery_destination" "firehose":
│  168:   count = (
│  169:     var.create &&
│  170:     var.create_bus &&
│  171:     var.bus_log_config != null &&
│  172:     var.bus_log_config.firehose != null &&
│  173:     var.bus_log_config.firehose.enabled ? 1 : 0
│  174:   ) ? 1 : 0
│     ├────────────────
│     │ var.bus_log_config is object with 5 attributes
│     │ var.bus_log_config.firehose is object with 2 attributes
│     │ var.bus_log_config.firehose.enabled is false
│     │ var.create is true
│     │ var.create_bus is true
│ 
│ The condition expression must be of type bool.

[tiagovmvieira]

Thanks for the suggestion. I have applied it accordingly

[tiagovmvieira]

@antonbabenko could you please review this one? It's a big one, however these functionality is in demand I believe :)

[graphite-app]

While the count condition checks var.bus_log_config.cloudwatch != null, there's a potential null reference issue with accessing var.bus_log_config.cloudwatch.log_group_arn. Terraform's evaluation order might still attempt to access this property even when the resource isn't created.

Consider using a more defensive approach:

destination_resource_arn = try(var.bus_log_config.cloudwatch.log_group_arn, null)

Or explicitly check for null values:

destination_resource_arn = var.bus_log_config.cloudwatch != null ? var.bus_log_config.cloudwatch.log_group_arn : null

This pattern should be applied to similar references in the S3 and Firehose configurations as well.

Suggested change

	destination_resource_arn = var.bus_log_config.cloudwatch.log_group_arn
	destination_resource_arn = try(var.bus_log_config.cloudwatch.log_group_arn, null)

Spotted by Diamond



Is this helpful? React 👍 or 👎 to let us know.