AWS Eventbridge doesn't trigger the targets which use input transformer - amazon-web-services

I have an Eventbridge rule which has two targets. One target is a CloudWatch log group and other is an SSM Automation (document). Rule triggers and both the targets show expected results.
But as soon as I change the input (Eventbridge > SSM Automation) from Constant to using Input Transformer, the SSM Automation is never triggered. I am sure Eventbridge rule gets triggered because the log group gets the log, but can't figure out why the SSM Automation isn't getting triggered with an input transformer.

Related

List & Remove an EventBridge Lambda trigger using the CLI

I need to fetch information from a lambda function and remove an existing trigger (EventBridge) from this lambda using CLI (script needs to do that).
Tried to use list-event-source-mappings or delete-event-source-mappings but without success.
Seems like EventBridge isn't supported yet (showing me only SQS,Kinesis,DynamoDB,MQ,MSK) but maybe I am wrong and there is a solution?
Edit:
I have a working lambda function that has associated trigger with an Eventbridge rule which was already deleted in the past. It no longer exists in my account, but, I still see it under my Lambda trigger (it also says that this rule cannot be found any more because it is deleted - again, it still appears in my Lambda trigger and I want to CLEAN it using CLI.) I wish to DELETE the association (trigger) from my Lambda, not to delete the EventBridge TARGET which is the Lambda.
The APIs you are looking for are in the EventBridge events client:
aws events list-rule-names-by-target --target-arn <lambda-arn>
aws events list-targets-by-rule --rule <rule-name-from-previous>
aws events remove-targets --rule <rule-name-from-previous> --ids <target-id-from-previous>
Note: The terminology is a bit confusing. An Event Source Mapping is the technical term for the particular polling-type Lambda integration pattern that handles the sources you mention. It is not related to EventBridge events.
You should be able to use events command:
aws events list-rule-names-by-target --target-arn <target_arn>
This will list the names of the rules that are associated with the specified target_arn. You can then use the aws events describe-rule command to get more information about each rule, including the rule id, schedule and pattern.
aws events describe-rule --name <rule_name>
Now to remove a trigger for a Lambda function in EventBridge:
aws events remove-targets --rule <rule_name> --ids <target_id>
The target_id is the unique identifier for the trigger that you want to remove, and the rule_name is the name of the rule that the trigger is associated with.

how do i stream codepipeline/codebuild stdout through an API?

so im trying to run Terraform through CodePipeline. I need to manage a fleet of clusters. It seems CodePipeline is one of the good ways to trigger certain pipelines on some conditions.
I have a very simple requirement - i want to see the terraform execution in real time. i want to expose the CodePipeline run in a way that i can stream this. Is this where EventBridge is used. I tried to look at an EventBridge example here - https://medium.com/hackernoon/monitoring-ci-cd-pipelines-with-amazon-eventbridge-32177e2f2c3e - but it doesnt seem to be streaming run output in real time.
Which event or hook to should i attach to? And is CodePipeline even the right thing to use here ?
Which event or hook to should I attach to?
You're looking at the wrong AWS service. EventBridge is not for streaming log output. It is for discrete events, not a stream.
Your CodePipeline would be using a CodeBuild task to execute Terraform. Your CodeBuild task will be configured to log to AWS CloudWatch Logs. You can view the CloudWatch Logs output in the AWS CloudWatch web console, with the option to poll for new log output.
You can also do the same in a command line console with the aws logs tail command, documented here.
To do the same thing in your own code you would have to write your code to poll the CloudWatch Logs API in an loop.
And is CodePipeline even the right thing to use here?
Yes absolutely

Can an aws target be triggered by multiple cloudwatch event rules

I'm trying to set up a scheduler system for our infrastructure that suppose to take care of all scheduled housekeeping tasks. Our proposal is to make it simple and scalable with one docker image. A Script of each task and cloudWatch event rule will be passed in as parameters. The scripts will be uploaded on an s3 bucket and will be downloaded when the job gets triggered. This way we can avoid redeploying every time a task gets added.
The only tricky park is to pass in cloudWatch event rule as parameter.
Can an event target be triggered by multiple rules? Am I too ambitious on this project? I use terraform to provision it.
Turn Cloud watch logs on
Create a metric filter
Assign a metric
Create alarm.
Here is a tutorial which you can modify to suit your needs.
https://aws.amazon.com/blogs/security/how-to-receive-notifications-when-your-aws-accounts-root-access-keys-are-used/

How to create a single AWS Lambda Function to monitor the health check of multiple ALB Target groups

Can we create a single AWS Lambda function to trigger the alarm for all unhealthy targets in all Target groups in an AWS Account ?
This link https://aws.amazon.com/blogs/networking-and-content-delivery/identifying-unhealthy-targets-of-elastic-load-balancer/ provides the information to create a single lambda function to monitor and trigger an alarm for single Target Group. I need to monitor and trigger alarms for multiple target groups using one lambda function and further I need the same lambda function to trigger the SNS to send the email. Can we achieve the same ?
Judging from blog post contents, it is achievable while using the proposed solution as a starting point. Although you would need to change a few things.
You will need to associate all of the alarms with the same SNS topic. Depending on the type of alarm you trigger, you will have different data available to you in incoming SNS message. To me the most logical would be to create UnHealthyHostCount alarm on target groups themselves
Lambda function code suggests that function was written with having only one target group for "AWS/ApplicationELB" and "AWS/NetworkELB" alarms in mind.
Remove this block:
else:
tg_arn = os.environ['TARGETGROUP_ARN'].strip()
tg_type = (os.environ['TARGETGROUP_TYPE'].strip()).lower()
Extract target group ARN (tg_arn) from alarm dimension TargetGroup from the incoming SNS
The rest should be more or less the same
Exact steps depend on your particular setup and goals, so treat this as a rough blueprint.

Calling SNS when AWS Step Function fails

I have implemented a state machine using AWS Step Functions which includes calling some Lambda functions, Spinning EMR cluster, Adding steps to EMR and Terminating EMR cluster. I want to call SNS Topic whenever any of above state fails.
You can create a cloudwatch event to capture the stepfunction failure or time out events and add SNS as the target for this rule.
to create a cloudwatch rule navigate to cloudwatch -> events -> rules -> create
this rule can be restricted to a specific stepfunction or a specific execution providing the corresponding ARN