How to Use Terraform to Define Cloundwatch Event Rules to Trigger StepFunction Statemachine

For this, we have to do following Terraform Configuration:

1. Define the rule for CloudWatch event:

resource "aws_cloudwatch_event_rule" "example" {
  name        = "trigger-stepfunction"
  description = "Rule to trigger Step Functions state machine"
  event_pattern = jsonencode({
    "source" : ["aws.s3"],
    "detail-type" : ["Object Created"],
    "detail" : {
      "bucket-name" : ["your-bucket-name"]
    }
  })
}

2. Create the IAM role for Cloudwatch event:

resource "aws_iam_role" "event_to_stepfunction" {
  name = "event-to-stepfunction-role"

  assume_role_policy = jsonencode({
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
          "Service": "events.amazonaws.com"
        }
      }
    ]
  })
}

resource "aws_iam_policy" "stepfunction_policy" {
  name        = "stepfunction-trigger-policy"
  description = "Policy to allow CloudWatch Events to trigger Step Functions"
  policy      = jsonencode({
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "states:StartExecution"
        ],
        "Resource": "arn:aws:states:REGION:ACCOUNT_ID:stateMachine:YOUR_STATE_MACHINE_NAME"
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "attach_policy" {
  role       = aws_iam_role.event_to_stepfunction.name
  policy_arn = aws_iam_policy.stepfunction_policy.arn
}

3. Create Target for the cloudwatch event

resource "aws_cloudwatch_event_target" "example" {
  rule      = aws_cloudwatch_event_rule.example.name
  target_id = "stepfunction-target"
  arn       = "arn:aws:states:REGION:ACCOUNT_ID:stateMachine:YOUR_STATE_MACHINE_NAME"

  role_arn = aws_iam_role.event_to_stepfunction.arn
}

4. Apply the above Terraform Configuration

• terraform init
• terraform plan
• terraform apply