Creating Eventarc triggers with Terraform

Terraform is increasingly the preferred tool for building, changing, and versioning infrastructure in Google Cloud and across clouds. In an earlier post, I showed how to create Eventarc triggers using Google Cloud Console or via the command line with gcloud. In this post, I show how to create the same triggers with the google_eventarc_trigger Terraform resource. See eventarc-samples/terraform on GitHub for the prerequisites and main.tf for full Terraform configuration. Define a Cloud Run service as an event sinkBefore you can create a trigger, you need to create a Cloud Run service as an event sink for the trigger. You can use Terraform’s google_cloud_run_service resource to define a Cloud Run service: code_block[StructValue([(u'code', u'resource "google_cloud_run_service" "default" {\r\n name = "cloudrun-hello-tf"\r\n location = var.region\r\n\r\n template {\r\n spec {\r\n containers {\r\n image = "gcr.io/cloudrun/hello"\r\n }\r\n }\r\n }\r\n\r\n traffic {\r\n percent = 100\r\n latest_revision = true\r\n }\r\n}'), (u'language', u'')])]Define a Pub/Sub triggerA Pub/Sub trigger connects a Pub/Sub topic to a Cloud Run service. As a reminder, here’s how you can create a Pub/Sub trigger using gcloud:code_block[StructValue([(u'code', u'gcloud eventarc triggers create trigger-pubsub \\\r\n --destination-run-service=$SERVICE_NAME \\\r\n --destination-run-region=$REGION \\\r\n --event-filters="type=google.cloud.pubsub.topic.v1.messagePublished"'), (u'language', u'')])]The same Pub/Sub trigger looks like this as a Terraform resource:code_block[StructValue([(u'code', u'resource "google_eventarc_trigger" "trigger-pubsub-tf" {\r\n name = "trigger-pubsub-tf"\r\n location = var.region\r\n matching_criteria {\r\n attribute = "type"\r\n value = "google.cloud.pubsub.topic.v1.messagePublished"\r\n }\r\n destination {\r\n cloud_run_service {\r\n service = google_cloud_run_service.default.name\r\n region = var.region\r\n }\r\n }\r\n\r\n depends_on = [google_project_service.eventarc]\r\n}'), (u'language', u'')])]Note: There’s a slight difference in how events are filtered in gcloud vs. Terraform. In gcloud, events are filtered with the --event-filters flag; whereas in Terraform, matching_criteria is used. This is for legacy reasons and hopefully will be corrected in the future.Define an Audit Log triggerAn Audit Log trigger connects various Google Cloud services with Audit Logs to a Cloud Run service. Here’s what an Audit Log trigger for the Cloud Storage storage.object.create event looks like in Terraform:code_block[StructValue([(u'code', u'resource "google_eventarc_trigger" "trigger-auditlog-tf" {\r\n name = "trigger-auditlog-tf"\r\n location = var.region\r\n matching_criteria {\r\n attribute = "type"\r\n value = "google.cloud.audit.log.v1.written"\r\n }\r\n matching_criteria {\r\n attribute = "serviceName"\r\n value = "storage.googleapis.com"\r\n }\r\n matching_criteria {\r\n attribute = "methodName"\r\n value = "storage.objects.create"\r\n }\r\n destination {\r\n cloud_run_service {\r\n service = google_cloud_run_service.default.name\r\n region = var.region\r\n }\r\n }\r\n service_account = "${data.google_project.project.number}[email protected]"\r\n\r\n depends_on = [google_project_service.eventarc]\r\n}'), (u'language', u'')])]Deploy with TerraformDeploying resources with Terraform usually involves three steps:1. Initialize Terraform:terraform init2. See the planned changes:terraform plan -var="project_id=YOUR-PROJECT-ID" -var="region=YOUR-GCP-REGION"3. Create resources:terraform apply -var="project_id=YOUR-PROJECT-ID" -var="region=YOUR-GCP-REGION"After a few minutes, all the resources (a Cloud Run service and two2 Eventarc triggers) will be created. You can double-check the list of triggers:gcloud eventarc triggers list --location YOUR-GCP-REGIONThis was a quick overview of how to create Eventarc triggers with Terraform. As always, feel free to reach out to me on Twitter @meteatamel for any questions or feedback.Related ArticleA closer look at locations in EventarcBack in August, we announced more Eventarc locations, taking the total number to more than 30. An Eventarc location usually refers to the...Read Article

Creating Eventarc triggers with Terraform

Terraform is increasingly the preferred tool for building, changing, and versioning infrastructure in Google Cloud and across clouds. In an earlier post, I showed how to create Eventarc triggers using Google Cloud Console or via the command line with gcloud. In this post, I show how to create the same triggers with the google_eventarc_trigger Terraform resource. 

See eventarc-samples/terraform on GitHub for the prerequisites and main.tf for full Terraform configuration. 

Define a Cloud Run service as an event sink

Before you can create a trigger, you need to create a Cloud Run service as an event sink for the trigger. You can use Terraform’s google_cloud_run_service resource to define a Cloud Run service: 

code_block
[StructValue([(u'code', u'resource "google_cloud_run_service" "default" {\r\n name = "cloudrun-hello-tf"\r\n location = var.region\r\n\r\n template {\r\n spec {\r\n containers {\r\n image = "gcr.io/cloudrun/hello"\r\n }\r\n }\r\n }\r\n\r\n traffic {\r\n percent = 100\r\n latest_revision = true\r\n }\r\n}'), (u'language', u'')])]

Define a Pub/Sub trigger

A Pub/Sub trigger connects a Pub/Sub topic to a Cloud Run service. 

As a reminder, here’s how you can create a Pub/Sub trigger using gcloud:

code_block
[StructValue([(u'code', u'gcloud eventarc triggers create trigger-pubsub \\\r\n --destination-run-service=$SERVICE_NAME \\\r\n --destination-run-region=$REGION \\\r\n --event-filters="type=google.cloud.pubsub.topic.v1.messagePublished"'), (u'language', u'')])]

The same Pub/Sub trigger looks like this as a Terraform resource:

code_block
[StructValue([(u'code', u'resource "google_eventarc_trigger" "trigger-pubsub-tf" {\r\n name = "trigger-pubsub-tf"\r\n location = var.region\r\n matching_criteria {\r\n attribute = "type"\r\n value = "google.cloud.pubsub.topic.v1.messagePublished"\r\n }\r\n destination {\r\n cloud_run_service {\r\n service = google_cloud_run_service.default.name\r\n region = var.region\r\n }\r\n }\r\n\r\n depends_on = [google_project_service.eventarc]\r\n}'), (u'language', u'')])]

Note: There’s a slight difference in how events are filtered in gcloud vs. Terraform. In gcloud, events are filtered with the --event-filters flag; whereas in Terraform, matching_criteria is used. This is for legacy reasons and hopefully will be corrected in the future.

Define an Audit Log trigger

An Audit Log trigger connects various Google Cloud services with Audit Logs to a Cloud Run service. Here’s what an Audit Log trigger for the Cloud Storage storage.object.create event looks like in Terraform:

code_block
[StructValue([(u'code', u'resource "google_eventarc_trigger" "trigger-auditlog-tf" {\r\n name = "trigger-auditlog-tf"\r\n location = var.region\r\n matching_criteria {\r\n attribute = "type"\r\n value = "google.cloud.audit.log.v1.written"\r\n }\r\n matching_criteria {\r\n attribute = "serviceName"\r\n value = "storage.googleapis.com"\r\n }\r\n matching_criteria {\r\n attribute = "methodName"\r\n value = "storage.objects.create"\r\n }\r\n destination {\r\n cloud_run_service {\r\n service = google_cloud_run_service.default.name\r\n region = var.region\r\n }\r\n }\r\n service_account = "${data.google_project.project.number}[email protected]"\r\n\r\n depends_on = [google_project_service.eventarc]\r\n}'), (u'language', u'')])]

Deploy with Terraform

Deploying resources with Terraform usually involves three steps:

1. Initialize Terraform:

terraform init

2. See the planned changes:

terraform plan -var="project_id=YOUR-PROJECT-ID" -var="region=YOUR-GCP-REGION"

3. Create resources:

terraform apply -var="project_id=YOUR-PROJECT-ID" -var="region=YOUR-GCP-REGION"

After a few minutes, all the resources (a Cloud Run service and two2 Eventarc triggers) will be created. You can double-check the list of triggers:

gcloud eventarc triggers list --location YOUR-GCP-REGION


This was a quick overview of how to create Eventarc triggers with Terraform. As always, feel free to reach out to me on Twitter @meteatamel for any questions or feedback.

Related Article

A closer look at locations in Eventarc

Back in August, we announced more Eventarc locations, taking the total number to more than 30. An Eventarc location usually refers to the...

Read Article