Although AWS considers using git webhooks to be antiquated practice, the documentation on aws codestar connections seems to be a bit scarce. I want to create a generic pipeline that can be triggered when a new repository is committed to for the first time (that it contains a folder of TF config). To do this, I need to be able to monitor when an aws codestar connection is used. I think that doing it this way will mean that I can build something that scales better.
But there doesn't appear to be a well documented way to monitor when 'anything' accesses a codestar connection:
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscodestarconnections.html#awscodestarconnections-actions-as-permissions
In the image above, one can see that there is an action that happens that needs a permission to work, but that is not directly accessible. In cloud trail, I found an action with a payload like this:
"eventTime": "2021-07-06T11:22:46Z",
"eventSource": "codestar-connections.amazonaws.com",
"eventName": "UseConnection",
"awsRegion": "us-east-1",
"sourceIPAddress": "codepipeline.amazonaws.com",
"userAgent": "codepipeline.amazonaws.com",
"requestParameters": {
"connectionArn": "arn:aws:codestar-connections:*:connection/",
"referenceType": "COMMIT",
"reference": {
"FullRepositoryId": "GitHub-User/Github-Repo",
"Commit": "SHA"
}
},
I believe that this is enough for me to use for what I want. I could create an SNS notification with a Lambda listener when this event triggers, but that requires setting up infrastructure to monitor CloudTrail events.
But while I was researching this, I noticed that AWS event bridge appears to know about codestar connections:
Note, if I take this a bit further, I can get something that looks like this:
{
"source": [
"aws.codestar-connections"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"codestar-connections.amazonaws.com"
]
}
}
... but I see no sample events, as it appears that I should, if they were there. And I'm unable to find documentation describing how to make codestar connections log the the UseConnection event to cloudwatch.
If this can be used, instead, then I can use a more direct approach without needing to build the infrastructure to monitor the CloudTrail events.
Can this be done?
Related
I was trying to get a notification, it doesn't matter how as though via email, sms, etc. The notification shouldn't be for state-changes only, which I have already done. Instead, I'd like to be notified when a EIP is disassociated, either network interface or volume is detached, or something bearing on affecting the Ec2 itself.
Is this possible?
I have been working with Amazon EventBridge rules, but I only get captured when is stopped, terminated or running.
I'd like to be notified when a EIP is disassociated, either network interface or volume is detached, or something bearing on affecting the Ec2 itself.
If you want to be notified of a specific event, such as when an EIP is disassociated, I would recommend you use EventBridge with a CloudTrail pattern (in this case, for the DisassociateAddress event).
If you want to be notified of any changes to the EC2 instance, I would recommend you use Config.
So, I figured it out as you said it #paolo. Basically, I have looked for the event on CloudTrail, and match it on Eventbridge; however, I had to do all the Event Patterns separately as follows to make them work.
For the detach network which is attach to the instance I want to monitor:
{
"source": ["aws.ec2"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ec2.amazonaws.com"],
"eventName": ["DetachNetworkInterface"],
"requestParameters": {"attachmentId": ["eni-attach-0671ffxxx10bxxx46"]}
}
And for the instance status
{
"source": ["aws.ec2"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ec2.amazonaws.com"],
"eventName": [
"RunInstances",
"StartInstances",
"StopInstances",
"TerminateInstances"
],
"requestParameters": {
"instancesSet": {
"items": {"instanceId": ["i-09513xxxd3xxxa04"]}
}
}
}
And so on for AIM roles, DetachVolumes, ModifyNetworkInterface, etc.
EventBridge/CloudTrail pass the below json string to my lambda function when the results get too long.
Is there anyway to view the responseElements like paginators or NextToken?
"responseElements":{
"omitted":true,
"originalSize":175918,
"reason":"responseElements too large"
}
I'm using the following EventBridge pattern
{
"source": ["aws.ec2"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ec2.amazonaws.com"],
"eventName": ["RunInstances"]
}
}
This is a limitation of CloudTrail, so at this time it's not be possible to pass that information from CloudTrail if it exceeds 100KB.
Potential work-around that may be useful to others with this message is to create an EventBridge rule to track EC2 instance state changes. So instead of monitoring the api call runinstances look for instances changing into the state running triggering from that as this should have a smaller response.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatch-Events-tutorial-CloudWatch-Logs.html
I have a Lambda function that I want to take action on a transit gateway when a new VPC is created, or when a VPC is updated. I've used CloudWatch Events for similar triggers in the past (such as when an EC2 instance was terminated) and was hoping to do something similar for this use case. What I've found is that VPC is not listed as one of the services available in Events, and the CloudTrail trail I have configured doesn't appear to be catching CreateVpc or DeleteVpc events, so I'm not sure that using the CloudTrail event pattern is possible either.
I was hoping to use an event similar to what's below, but have not had any luck -
{
"source": ["aws.cloudtrail"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["cloudtrail.amazonaws.com"],
"eventName": ["CreateVpc"]
}
}
Is it possible to catch a CreateVpc event for use as a Lambda trigger?
doesn't appear to be catching CreateVpc or DeleteVpc events
You have to double check your trail setup. CreateVpc and DeleteVpc are for sure captured by the CloudTrial.
However, it may be problem with your rule. The source should be aws.ec2:
{
"source": ["aws.ec2"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ec2.amazonaws.com"],
"eventName": ["CreateVpc"]
}
}
I need to trigger a Lambda function based on ELB Events.
I need to create the cloud watch event rule for ELB creation, deletion, register instances, deregister the instances. Based on this my lambda function should get trigger and call the appropriate functions based on the events i received.
can any one help me to accomplish this.
The only CloudWatch Events supported by ELB are AWS API Call Using AWS. For this to work however, you have to create a CloudTrial trial for the region you are interested, i.e. where your ALB is located.
Having CT trial enabled, you can then create a CW rule to catch ELB API events (e.g. for ALB they are listed here. For instance, the rule for CreateLoadBalancer and DeleteLoadBalancer would be:
{
"source": [
"aws.elasticloadbalancing"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"elasticloadbalancing.amazonaws.com"
],
"eventName": [
"CreateLoadBalancer",
"DeleteLoadBalancer"
]
}
}
I'm doing large number of AMI copying to different regions, and calling describe image from image waiter at the end of copying to make sure successful copying, the large number of describe image calls are being heavily rate limited. I know there are EC2 instance state change events, I wonder if it is possible to generate AMI available/ready event, if yes I can use the event to trigger a message to my SQS, from which I can get notification and avoid making the describe image calls.
My search so far does not find any AMI events, in case I missed something, does anyone know if it is possible to generate AMI available/ready events? Thanks.
I'm answering my owner question.
AMi ready events can be generated in CloudWatch:
rules->create new rule
Service name: EC2
Event Type: EBS Snapshot Notification
Specific event(s): copySnapshot
Specific result(s): succeeded
Hope this helps someone with similar need.
{
"source": [
"aws.ec2"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ec2.amazonaws.com"
],
"eventName": [
"CreateImage"
]
}
}
this will capture ami create event if cloudtrail enabled