I'm looking at triggering a lambda when a new automated DB Snapshot is available in RDS (System ones instead of Manual ones). Although after digging in CloudTrail, I don't see any events marked as follow (AWS Sample):
{
"version": "0",
"id": "844e2571-85d4-695f-b930-0153b71dcb42",
"detail-type": "RDS DB Snapshot Event",
"source": "aws.rds",
"account": "123456789012",
"time": "2018-10-06T12:26:13Z",
"region": "us-east-1",
"resources": ["arn:aws:rds:us-east-1:123456789012:db:mysql-instance-2018-10-06-12-24"],
"detail": {
"EventCategories": ["creation"],
"SourceType": "SNAPSHOT",
"SourceArn": "arn:aws:rds:us-east-1:123456789012:db:mysql-instance-2018-10-06-12-24",
"Date": "2018-10-06T12:26:13.882Z",
"SourceIdentifier": "rds:mysql-instance-2018-10-06-12-24",
"Message": "Automated snapshot created"
}
}
Thanks again if you know which AWS Events I should lookup for :)
Oli
Cloudtrail won't give you such information. I would go with the flow highlighted bellow
RDS (event notification) -> SNS -> Lambda
You need to have an SNS topic as source of your lambda, because RDS fans out its events to this service
Check what RDS document states
Amazon RDS uses the Amazon Simple Notification Service (Amazon SNS) to provide notification when an Amazon RDS event occurs
Regarding the notification itself, I could see that the DB snapshot event event bellow might be the one that you're looking for
Category
RDS event ID
Description
creation
RDS-EVENT-0091
An automated DB snapshot is being created.
Related
I have created a Lambda which is triggered by an EventBridge rule that I created.
The purpose is for the Lambda to send a slack notification when an OpenSearch Service Upgrade is available.
I've tested the Lambda manually with a sample event and it works well, but I want to test it "for real" by getting a real OpenSearch instance to send a notification.
The OpenSearch domain I created is not sending notifications like I would expect it to.
I've created a new OpenSearch domain and used an old version of OpenSearch (1.0).
When I look at the OpenSearch domain I created in the AWS console, it shows the Version is OpenSearch 1.0 and there is an Upgrade Available (to 1.3).
However, this did not trigger a notification.
How do notifications get triggered? Would a notification only get triggered if a new Upgrade becomes available (e.g. 1.4) when my OpenSearch domain is already up and running?
Is there any way to force OpenSearch to trigger the notification?
I want OpenSearch to trigger a notification, which in turn is captured by EventBridge, and triggers my Lambda with an event like:
`
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "Amazon OpenSearch Service Software Update Notification",
"source": "aws.es",
"account": "123456789012",
"time": "2016-11-01T13:12:22Z",
"region": "us-east-1",
"resources": [
"arn:aws:es:us-east-1:123456789012:domain/test-domain"
],
"detail": {
"event": "Service Software Update",
"status": "Available",
"severity": "Informational",
"description": "Service software update [R20200330-p1] available."
}
}
`
In AWS Glue, I am executing a couple of ETL jobs using workflow, Now I want to inform business via email on the failure of any of the ETL jobs. I need help to get name of failed job and pass it to job which would trigger an email.
Step 1: Create a topic in Amazon SNS, with Protocol as Email as well as Create subscription and confirm subscription
Step 2: Create new CloudWatch Events rule with following custom event pattern under Event Source section;
{
"source": [
"aws.glue"
],
"detail-type": [
"Glue Job Run Status"
],
"detail": {
"state": [
"FAILED",
"ERROR",
"TIMEOUT"
]
}
}
Step 3: For Cloud Watch Event Rule, under the Targets section, choose Add targets, and then change the default Lambda function to SNS topic and choose name of SNS topic created in Step 1. Finish creation of this CloudWatch event rule.
tI want to send a Cloudtrail log (Specifically when an secrets manager key rotates) to an S3 bucket. We already have the logs in Cloudtrail, is there an easy way to configure Cloudtrail to send these logs to S3 as soon as it happens? I was thinking of setting up a Lambda function that runs on a CRON schedule to do this for me, but would there be an easier way?
If you want to get specific events from CT in real-time as they happen, then you should setup CloudWatch Event rule for them:
Creating a CloudWatch Events Rule That Triggers on an AWS API Call Using AWS CloudTrail
The rule could be:
{
"source": [
"aws.secretsmanager"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"secretsmanager.amazonaws.com"
],
"eventName": [
"RotateSecret"
]
}
}
With a target of Firehose delivery stream set for S3 bucket of your choise.
There is a slightly easier way, although not necessarily cost-effective (depends on your case) and you won't avoid using Lambda. Instead of setting up a cron, you can enable CloudWatch export for your trail, from where you can set a Lambda subscription filter. This way you can export to S3 exactly the events you want (don't have to code the filters into function) as soon as they come. But - you have to pay extra for the CloudWatch Logs, so it's not a good option if you have a large trail.
I'm doing large number of AMI copying to different regions, and calling describe image from image waiter at the end of copying to make sure successful copying, the large number of describe image calls are being heavily rate limited. I know there are EC2 instance state change events, I wonder if it is possible to generate AMI available/ready event, if yes I can use the event to trigger a message to my SQS, from which I can get notification and avoid making the describe image calls.
My search so far does not find any AMI events, in case I missed something, does anyone know if it is possible to generate AMI available/ready events? Thanks.
I'm answering my owner question.
AMi ready events can be generated in CloudWatch:
rules->create new rule
Service name: EC2
Event Type: EBS Snapshot Notification
Specific event(s): copySnapshot
Specific result(s): succeeded
Hope this helps someone with similar need.
{
"source": [
"aws.ec2"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ec2.amazonaws.com"
],
"eventName": [
"CreateImage"
]
}
}
this will capture ami create event if cloudtrail enabled
I use a CF Template to create Beanstalk environments. I would like to trigger a Lambda code via SNS when an environment gets created so I can use the lambda to trigger a jenkins job with integration tests for the new environment.
Is there a way to send an SNS message after an env gets successfully created in Beanstalk? I already defined a topic the lambda code is subscribed to.
The beanstalk API allows you to define a notification endpoint.
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.sns.html
But what is this for if I can only specify an email address and I have to confirm subscription? How can I use it to trigger an SNS message automatically?
{
"OptionName": "Notification Endpoint",
"Namespace": "aws:elasticbeanstalk:sns:topics",
"Value": "no-reply#example.com"
},
{
"OptionName": "Notification Protocol",
"Namespace": "aws:elasticbeanstalk:sns:topics",
"Value": "email"
},
A workaround I found is a bit hacky. I create an EC2 instance at the end of the stack creation process and run some AWS commands to send an SNS notification via UserData shell. Is this the only way?
I'm answering my own question. I managed to figure out how to use SNS to trigger lambda code after a new Beanstalk env gets created.
I created an sns topic service-configurator
and added its ARN and name to the template.
{
"OptionName": "Notification Topic ARN",
"Namespace": "aws:elasticbeanstalk:sns:topics",
"Value": "arn:aws:sns:us-east-1:273218181234:service-configurator"
},
{
"OptionName": "Notification Topic Name",
"Namespace": "aws:elasticbeanstalk:sns:topics",
"Value": "service-configurator"
}
Next, I set the sns topic to be an event source for my lambda code.
Now, lambda gets triggered every time something happens to an environment ( instances added/removed, env created etc.)
While Configuring Notifications with Elastic Beanstalk does not provide a specific example for sending Amazon SNS notifications, email is simply the default for the resp. AWS Elastic Beanstalk option setting and you can also create subscriptions for most/all other protocols, see option aws:elasticbeanstalk:sns:topics:
Valid Values: http https email email-json sqs
Obviously AWS Lambda is not referenced there yet, but it is just another SNS protocol, so I would assume/hope that the table has simply not been updated yet and something like the following should just work accordingly (haven't tried it myself yet though):
{
"OptionName": "Notification Endpoint",
"Namespace": "aws:elasticbeanstalk:sns:topics",
"Value": "<Your Lambda function ARN>"
},
{
"OptionName": "Notification Protocol",
"Namespace": "aws:elasticbeanstalk:sns:topics",
"Value": "lambda"
},