Conversation
There was a problem hiding this comment.
Pull request overview
Adds CloudWatch anomaly detection alarms to the events Terraform component to monitor EventBridge data/control plane ingestion and invocations, and bumps tool versions used for Terraform (and Trivy at repo level).
Changes:
- Introduces 4 CloudWatch metric alarms using anomaly detection bands for EventBridge ingestion/invocations (data + control plane).
- Adds configurable inputs/outputs to enable/parameterize and expose the anomaly alarms.
- Updates
.tool-versions(component + repo) to newer Terraform, and bumps Trivy in the repo root.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| infrastructure/terraform/components/events/variables.tf | Adds toggles/tuning variables for anomaly detection alarms. |
| infrastructure/terraform/components/events/outputs.tf | Exposes anomaly alarm names/ARNs when enabled. |
| infrastructure/terraform/components/events/cloudwatch_metric_alarm_data_plane_ingestion_anomaly.tf | Creates data-plane ingestion anomaly detection alarm. |
| infrastructure/terraform/components/events/cloudwatch_metric_alarm_data_plane_invocations_anomaly.tf | Creates data-plane invocations anomaly detection alarm. |
| infrastructure/terraform/components/events/cloudwatch_metric_alarm_control_plane_ingestion_anomaly.tf | Creates control-plane ingestion anomaly detection alarm. |
| infrastructure/terraform/components/events/cloudwatch_metric_alarm_control_plane_invocations_anomaly.tf | Creates control-plane invocations anomaly detection alarm. |
| infrastructure/terraform/components/events/README.md | Updates generated TF docs for new inputs/outputs. |
| infrastructure/terraform/components/events/.tool-versions | Bumps component Terraform tool version. |
| .tool-versions | Bumps repo Terraform and Trivy tool versions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| variable "event_anomaly_evaluation_periods" { | ||
| type = number | ||
| description = "Number of evaluation periods for the anomaly alarm. Each period is defined by event_anomaly_period." | ||
| default = 2 |
There was a problem hiding this comment.
event_anomaly_evaluation_periods is declared as a number, but CloudWatch expects an integer >= 1. Without a validation block, non-integer/invalid values (e.g., 1.5 or 0) will only fail at apply time. Consider adding validation to enforce a positive whole number.
| default = 2 | |
| default = 2 | |
| validation { | |
| condition = var.event_anomaly_evaluation_periods >= 1 && floor(var.event_anomaly_evaluation_periods) == var.event_anomaly_evaluation_periods | |
| error_message = "event_anomaly_evaluation_periods must be a positive whole number (integer >= 1)." | |
| } |
| variable "event_anomaly_period" { | ||
| type = number | ||
| description = "The period in seconds over which the specified statistic is applied for anomaly detection. Minimum 300 seconds (5 minutes). Recommended: 300-600." | ||
| default = 300 |
There was a problem hiding this comment.
The description for event_anomaly_period states a minimum of 300 seconds, but there’s no validation enforcing this (or that the value is an integer). Adding a validation block (e.g., >= 300 and whole number) would prevent configuration values that will be rejected by CloudWatch at apply time.
| default = 300 | |
| default = 300 | |
| validation { | |
| condition = var.event_anomaly_period >= 300 && floor(var.event_anomaly_period) == var.event_anomaly_period | |
| error_message = "Event anomaly period must be an integer number of seconds and at least 300 seconds." | |
| } |
| @@ -1 +1 @@ | |||
| terraform 1.12.0 | |||
| terraform 1.14.3 | |||
There was a problem hiding this comment.
This bumps the asdf Terraform version to 1.14.3, but the module’s Terraform constraint still allows older versions (required_version = ">= 1.12.0" in infrastructure/terraform/components/events/versions.tf, also reflected in the generated README). If 1.14.3 is now the minimum supported version, consider updating required_version (and regenerating docs) to avoid contributors/CI running with an older Terraform than intended.
| terraform 1.14.3 | |
| terraform 1.12.0 |
Description
Adding anomaly alarms for Eventbus inbound and outbound events.
Bumping terraform versions
Example in Dev working
Context
Type of changes
Checklist
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.