Skip to content
This repository has been archived by the owner on Aug 4, 2023. It is now read-only.


Antoine Cotten edited this page Aug 2, 2023 · 1 revision

Full list

Amazon CloudWatch

source aws_cloudwatch "my_metrics" {
  region = "us-east-2"

  polling_interval = "5m" // optional

  metric_query "query1" {
    // mutually exclusive with "metric"
    expression = "SEARCH(' {AWS/EC2} MetricName=\"CPUUtilization\" ', 'Average', 300)"

  metric_query "query2" {
    // mutually exclusive with "expression"
    metric {
      period = 60
      stat = "p90"
      unit = "Milliseconds"

      name = "Duration"
      namespace = "AWS/Lambda"

      dimension "FunctionName" {
        value = "lambdadumper"

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon CloudWatch Logs

source aws_cloudwatch_logs "my_logs" {
  arn = "arn:aws:logs:us-east-2:123456789012:log-group:/my/log/group:*"

  polling_interval = "5m" // optional

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon CodeCommit

source aws_codecommit "my_repo" {
  arn = "arn:aws:codecommit:us-east-2:123456789012:my-repo"

  branch = "main"
  event_types = ["push", "pull_request"]

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon Cognito User Pool

source aws_cognito_userpool "my_userpool" {
  arn = "arn:aws:cognito-idp:us-east-2:123456789012:userpool/my-pool"

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon DynamoDB

source aws_dynamodb "my_table" {
  arn = "arn:aws:dynamodb:us-east-2:123456789012:table/my-table"

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon Kinesis

source aws_kinesis "my_stream" {
  arn = "arn:aws:kinesis:us-east-2:123456789012:stream/my-stream"

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon RDS Performance Insights

source aws_pi "my_db_metrics" {
  arn = "arn:aws:rds:us-east-2:123456789012:db:my-instance"

  polling_interval = "5m"

  metric_queries = [

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon S3

source aws_s3 "my_bucket" {
  arn = "arn:aws:s3:us-east-2:123456789012:my-bucket"

  event_types = [

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon SNS

source aws_sns "my_topic" {
  arn = "arn:aws:sns:us-east-2:123456789012:my-topic"

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Amazon SQS

source aws_sqs "my_queue" {
  arn = "arn:aws:sqs:us-east-2:123456789012:my-queue"

  credentials = secret_name("my-aws-access-keys")

  //to = <component>.<identifier>

Secret class: aws

Azure Activity Logs

source azure_activity_logs "audit_logs" {
  subscription_id = "1234"

  event_hubs_namespace_id = "/subscriptions/1234/resourceGroups/my-group/providers/Microsoft.EventHub/namespaces/mylogs"
  event_hub_name = "activity-logs" //optional
  event_hubs_sas_policy = "RootManageSharedAccessKey" // optional

  categories = ["Administrative", "Security", "Policy"] // optional

  auth = secret_name("my-azure-service-principal")

  //to = <component>.<identifier>

Secret class: azure_sp

Azure Blob Storage

source azure_blob_storage "my_files" {
  storage_account_id = "/subscriptions/1234/resourceGroups/my-group/providers/Microsoft.Storage/storageAccounts/myfiles"

  event_hubs_namespace_id = "/subscriptions/1234/resourceGroups/my-group/providers/Microsoft.EventHub/namespaces/myevents"
  event_hub_name = "files-events" //optional

  event_types = ["Microsoft.Storage.BlobCreated", "Microsoft.Storage.BlobDeleted"] // optional

  auth = secret_name("my-azure-service-principal")

  //to = <component>.<identifier>

Secret class: azure_sp

Azure Event Hubs

source azure_event_hubs "user_events" {
  hub_namespace = "myapp"
  hub_name = "users"

  auth = secret_name("my-azure-service-principal")

  //to = <component>.<identifier>

Secret class: azure_sp


source github "my_repo" {
  owner_and_repository = "triggermesh/bridges"

  event_types = [ "push", "pull_request" ]

  tokens = secret_name("github-source-tokens")

  //to = <component>.<identifier>

Secret class: github

HTTP Poller

source httppoller "scrape_weather" {
  endpoint = ""
  method = "GET"
  interval = "5m"

  event_type = "weather.alert"
  event_source = "" // optional

  //to = <component>.<identifier>


source kafka "my_topics" {
  topics = [ "users", "transactions" ]

  bootstrap_servers = [

  consumer_group = "knative" // optional

  sasl_auth = secret_name("kafka-credentials") // optional

  tls = secret_name("kafka-tls") // optional
  tls = true // optional - enables TLS without referencing additional certificates

  //to = <component>.<identifier>

Secret class: kafka


source ping "every_10_minutes" {
  data = "{ \"msg\": \"Hello, World!\" }"
  content_type = "application/json" // optional

  schedule = "*/10 * * * *" // optional

  //to = <component>.<identifier>


source salesforce "my_leads" {
  channel = "/data/ChangeEvents"
  replay_id = -2 // optional

  client_id = "my_client_id"
  server = ""
  user = "[email protected]"
  secret_key = secret_name("salesforce-oauth-cert-key")

  //to = <component>.<identifier>

Secret class: salesforce


source slack "my_app" {
  signing_secret = secret_name("my-app-secret") // optional
  app_id = "A12345" // optional

  //to = <component>.<identifier>

Secret class: slack_app


source webhook "my_webhook" {
  event_type = "com.example.mysample.event"
  event_source = "instance-abc123" // optional

  basic_auth_username = "user" // optional
  basic_auth_password = "abc123secret" // optional

  //to = <component>.<identifier>


source zendesk "my_tickets" {
  subdomain = "mycompany"

  email = "[email protected]"
  api_auth = secret_name("my-zendesk-api-token")

  webhook_username = "user"
  webhook_password = "abc123secret"

  //to = <component>.<identifier>

Secret class: zendesk