[Bug]: Resource: aws_cloudwatch_event_target not behaving as expected with API Gateway as target

[victoruyy]

Terraform Core Version

1.2.4

AWS Provider Version

5.7.0

Affected Resource(s)

Hi, I found that I needed to implement the usage of AWS EventBridge rules to trigger an API Gateway that I've deployed, found that manually there is no problems selecting the API Gateway service as a target for the rule and then selecting the stage and the method for it.
The problem comes when I tried to do it through terraform, found that first: there is no arguments like "Target types" like you see in the UI or any similar option to select specifically an AWS Service, leaving this problem aside I've tried pointing to the ARN of my API Gateway, but what Terraform understand is that I am calling an API Gateway from outside of my account, when I am using one inside my account, and also I can't set up headers for that API in that manner, since is taking me like if this target comes from an "EventBridge event bus"

So I am not able to select which Service I want to point the target to, in this case is API Gateway, by default is falling under this option, I don't know why, but I think this resource lacks of flexibility

Images attached below

Below I will paste my TF code as well to check:

resource "aws_cloudwatch_event_rule" "trigger" {
  for_each            = var.api_trigger
  name                = "${var.environment}-${each.value.name}-trigger"
  description         = each.value.description
  schedule_expression = "rate(10 minutes)"
  role_arn            = aws_iam_role.api[each.key].arn
  is_enabled          = each.value.enabled
}

resource "aws_cloudwatch_event_target" "target" {
  for_each  = var.api_trigger
  rule      = aws_cloudwatch_event_rule.trigger[each.key].name
  target_id = "${each.value.name}-target"
  # arn       = "${aws_api_gateway_rest_api.api[each.key].execution_arn}/${aws_api_gateway_stage.stage[each.key].stage_name}/${aws_api_gateway_method.api[each.key].http_method}"
  arn       = "${aws_api_gateway_stage.stage[each.key].execution_arn}/${aws_api_gateway_method.api[each.key].http_method}"
  http_target {
    header_parameters = {
      X-API-KEY = "testing1234"
    }
  }

  # dead_letter_config {
  #   arn = aws_sqs_queue.dlq-message-received-alarm.arn
  # }
}

I had to tweak the ARN attribute in order to get the ARN that I needed because there was no possibility to select the API Gateway ARN as the ARN there, since it was exploding in errors

Thank you so much in advance,
Victor

Expected Behavior

Expected behavior:

Actual Behavior

Actual behavior (bug):

Look at type

The import is not working as well... see the output, tried with different target-ids but still the same error, I am running out of ideas here, checked with some teammates and we can't get to the point, any ideas here?

Due to this problem I tried a workaround and I thought, what If I import the actual resource that I manually create then I see with a terraform plan the output of it and try to replicate it in the code ... but the import is not working as well apparently something is messed up with the attribute target_id, is taking some random ID or I am not figuring out where this target_id comes from and again ... faced a new bug apparently,

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Steps to Reproduce

Set up these two resources (aws_cloudwatch_event_rule, aws_cloudwatch_event_target) on terraform and try to use API Gateway endpoint as a target for the AWS EventBridge events

Problem is on the target resource

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[victoruyy]

Update: useful information found, regarding importing step

https://gist.github.com/MatthewJDavis/985f5e6dec08b7f70d3b87327f5ac546

[justinretzolk]

Hey @victoruyy 👋 Thank you for taking the time to raise this! So that we have the necessary information in order to look into this, can you supply debug logs (redacted as needed) as well?

[victoruyy]

Hi Justin, debug logs like what exactly? where can I find them to share it with you? Could you please explain me a little bit more?

Also please, let me know if this information is enough and if it is understandable

[justinretzolk]

Hey @victoruyy 👋 Information on setting Terraform to output debug logs may be found in our Debugging Terraform documentation.

One thing that was of interest to me on a second look at this was the import errors you received, along with your mention that the target type defaulted to "Event bus in a different account or region". This suggests to me that the issue might be related to:

• The region argument of the AWS Provider being set to a region that differs from where these resources are deployed (in the case of attempting to import existing resources)
• The credentials being supplied to the AWS Provider being for a different account than you're attempting to create resources in.

Can you check these two things and verify whether either of those may be a factor, and if not, use the documentation above to generate debug logging to attach to this issue?