Skip to content

Instantly share code, notes, and snippets.

@nivleshc
nivleshc / blog-amazon-macie-custom-eventbridge-events_cloudwatch.tf
Created July 4, 2026 09:53
This gist contains code from cloudwatch.tf, which is part of the blog-amazon-macie-custom-eventbridge-events repository.
# CloudWatch Log Group where Macie publishes classification job events
# Macie automatically creates this log group and publishes events to it
# We manage it in Terraform to ensure proper configuration and to create the subscription filter
resource "aws_cloudwatch_log_group" "macie_jobs" {
name = local.macie_log_group_name
retention_in_days = 90
}
# CloudWatch Logs Subscription Filter
# This filter watches the Macie job log group for job status events
@nivleshc
nivleshc / blog-amazon-macie-custom-eventbridge-events_iam.tf
Last active July 4, 2026 09:48
This gist contains code from iam.tf, which is part of the blog-amazon-macie-custom-eventbridge-events repository.
# IAM role for the Lambda function
resource "aws_iam_role" "lambda_execution_role" {
name = "${local.lambda_function.function_name}-execution-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = {
Service = "lambda.amazonaws.com"
@nivleshc
nivleshc / blog-amazon-macie-custom-eventbridge-events_macie.tf
Created July 4, 2026 09:37
This gist contains code from macie.tf, which is part of the blog-amazon-macie-custom-eventbridge-events repository.
resource "aws_macie2_account" "this" {
finding_publishing_frequency = local.macie.finding_publishing_frequency
}
# Create the Macie classification job to scan the specified S3 buckets
resource "aws_macie2_classification_job" "this" {
name = local.classification_job.name
job_type = local.classification_job.job_type
s3_job_definition {
@nivleshc
nivleshc / blog-amazon-macie-custom-eventbridge-events_data.tf
Created July 4, 2026 09:29
This gist contains code from data.tf, which is part of the blog-amazon-macie-custom-eventbridge-events repository.
data "aws_caller_identity" "current" {}
data "aws_region" "current" {}
# Get the S3 bucket ARNs for the Macie classification job
data "aws_s3_bucket" "target_buckets" {
for_each = toset(var.s3_bucket_names)
bucket = each.value
}
@nivleshc
nivleshc / blog-amazon-macie-custom-eventbridge-events_locals.tf
Created July 4, 2026 09:18
This gist contains code from locals.tf, which is part of the blog-amazon-macie-custom-eventbridge-events repository.
locals {
aws_region = "ap-southeast-2"
default_tags = {
project-name = "Macie Custom EventBridge Events"
environment = var.environment
managed-by = "Terraform"
}
# Macie configuration
@nivleshc
nivleshc / blog-amazon-macie-custom-eventbridge-events_s3-backend.tf
Created July 4, 2026 08:48
This gist contains code from s3-backend.tf, which is part of the blog-amazon-macie-custom-eventbridge-events repository.
# terraform {
# backend "s3" {
# bucket = "my-terraform-state-bucket"
# key = "terraform/macie-custom-events/terraform.tfstate"
# region = "ap-southeast-2"
# encrypt = true
# use_lockfile = true
# }
# }
@nivleshc
nivleshc / blog-amazon-macie-custom-eventbridge-events_variables.tf
Created July 4, 2026 08:34
This gist contains code from variables.tf, which is part of the blog-amazon-macie-custom-eventbridge-events repository.
variable "environment" {
description = "Deployment environment (e.g., dev, staging, prod)"
type = string
default = "dev"
}
variable "s3_bucket_names" {
description = "List of S3 bucket names that Macie should scan for sensitive data"
type = list(string)
}
@nivleshc
nivleshc / blog-amazon-macie-custom-eventbridge-events_providers.tf
Created July 4, 2026 08:25
This gist contains code from providers.tf, which is part of the blog-amazon-macie-custom-eventbridge-events repository.
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
archive = {
source = "hashicorp/archive"
@nivleshc
nivleshc / blog-aws-service-catalog-for-terraform-products_variables.tf
Created September 20, 2025 09:34
This gist contains code from the file variables.tf, which is part of the blog-aws-service-catalog-for-terraform-products repository.
variable "aws_region" {
type = string
description = "The AWS Region that the resources will be deployed inot"
default = "ap-southeast-2"
}
variable "environment" {
type = string
description = "Deployment environment (e.g., dev, staging, prod)"
default = "dev"
@nivleshc
nivleshc / blog-aws-service-catalog-for-terraform-products_product-s3-bucket_variables.tf
Created September 13, 2025 09:08
This gist contains code from the file variables.tf inside the product-s3-bucket folder, which is part of the blog-aws-service-catalog-for-terraform-products repository.
variable "portfolio_id" {
type = string
description = "The id of the Service Catalog Portfolio to attach this Service Catalog Product to"
}
variable "artifacts_s3_bucket_name" {
type = string
description = "The name of the artifacts s3 bucket"
}