Aws_cloudwatch_event_rule multiple "details" section that is OR instead of AND

Hi all i have the following code section that makes use of aws_cloudwatch_event_rule to fire an SNS if there is Critical, High or Medium findings in AWS ECR.

The problem w the script is that it will fire an SNS for each Critical, or High, or Medium. So if i have Crit, High and Medium findings, there will be 3 SNS.

How can I make it such that when there is either Critical, High, or Medium, it will trigger an SNS. Just 1 SNS for any finding in each of the categories?

As per Capture.PNG, I’ve combined the “details” into one event name, but it ended up as “AND”. Im looking for an “OR”.

Thks in adance.

#----------------------------------------------------------------------------------------

Creating Cloudwatch event rule for ECR Image push

#----------------------------------------------------------------------------------------

resource “aws_cloudwatch_event_rule” “checkImageScanHighSeverity” {
name = format(“cw-er-hs-%[1]s-%[2]s”,var.envName,var.appName)
description = “Check ECR scan result for high severity”
event_pattern = <<EOF
{
“source”: [
“aws.ecr”
],
“detail-type”: [
“ECR Image Scan”
],
“detail”: {
“repository-name”: [
“${var.repoName}”
],
“finding-severity-counts”: {
“HIGH”: [
{
“numeric”: [
“>”,
0
]
}
]
}
}
}
EOF
}

resource “aws_cloudwatch_event_rule” “checkImageScanMediumSeverity” {
name = format(“cw-er-ms-%[1]s-%[2]s”,var.envName,var.appName)
description = “Check ECR scan result for medium severity”
event_pattern = <<EOF
{
“source”: [
“aws.ecr”
],
“detail-type”: [
“ECR Image Scan”
],
“detail”: {
“repository-name”: [
“${var.repoName}”
],
“finding-severity-counts”: {
“MEDIUM”: [
{
“numeric”: [
“>”,
0
]
}
]
}
}
}
EOF
}

resource “aws_cloudwatch_event_rule” “checkImageScanCriticalSeverity” {
name = format(“cw-er-cs-%[1]s-%[2]s”,var.envName,var.appName)
description = “Check ECR scan result for critical severity”
event_pattern = <<EOF
{
“source”: [
“aws.ecr”
],
“detail-type”: [
“ECR Image Scan”
],
“detail”: {
“repository-name”: [
“${var.repoName}”
],
“finding-severity-counts”: {
“CRITICAL”: [
{
“numeric”: [
“>”,
0
]
}
]
}
}
}
EOF
}

#----------------------------------------------------------------------------------------

Creating cloudwatch event target to trigger sns

#----------------------------------------------------------------------------------------