Calling SNS when AWS Step Function fails - amazon-web-services

I have implemented a state machine using AWS Step Functions which includes calling some Lambda functions, Spinning EMR cluster, Adding steps to EMR and Terminating EMR cluster. I want to call SNS Topic whenever any of above state fails.

You can create a cloudwatch event to capture the stepfunction failure or time out events and add SNS as the target for this rule.
to create a cloudwatch rule navigate to cloudwatch -> events -> rules -> create
this rule can be restricted to a specific stepfunction or a specific execution providing the corresponding ARN

Related

AWS Eventbridge doesn't trigger the targets which use input transformer

I have an Eventbridge rule which has two targets. One target is a CloudWatch log group and other is an SSM Automation (document). Rule triggers and both the targets show expected results.
But as soon as I change the input (Eventbridge > SSM Automation) from Constant to using Input Transformer, the SSM Automation is never triggered. I am sure Eventbridge rule gets triggered because the log group gets the log, but can't figure out why the SSM Automation isn't getting triggered with an input transformer.

List & Remove an EventBridge Lambda trigger using the CLI

I need to fetch information from a lambda function and remove an existing trigger (EventBridge) from this lambda using CLI (script needs to do that).
Tried to use list-event-source-mappings or delete-event-source-mappings but without success.
Seems like EventBridge isn't supported yet (showing me only SQS,Kinesis,DynamoDB,MQ,MSK) but maybe I am wrong and there is a solution?
Edit:
I have a working lambda function that has associated trigger with an Eventbridge rule which was already deleted in the past. It no longer exists in my account, but, I still see it under my Lambda trigger (it also says that this rule cannot be found any more because it is deleted - again, it still appears in my Lambda trigger and I want to CLEAN it using CLI.) I wish to DELETE the association (trigger) from my Lambda, not to delete the EventBridge TARGET which is the Lambda.
The APIs you are looking for are in the EventBridge events client:
aws events list-rule-names-by-target --target-arn <lambda-arn>
aws events list-targets-by-rule --rule <rule-name-from-previous>
aws events remove-targets --rule <rule-name-from-previous> --ids <target-id-from-previous>
Note: The terminology is a bit confusing. An Event Source Mapping is the technical term for the particular polling-type Lambda integration pattern that handles the sources you mention. It is not related to EventBridge events.
You should be able to use events command:
aws events list-rule-names-by-target --target-arn <target_arn>
This will list the names of the rules that are associated with the specified target_arn. You can then use the aws events describe-rule command to get more information about each rule, including the rule id, schedule and pattern.
aws events describe-rule --name <rule_name>
Now to remove a trigger for a Lambda function in EventBridge:
aws events remove-targets --rule <rule_name> --ids <target_id>
The target_id is the unique identifier for the trigger that you want to remove, and the rule_name is the name of the rule that the trigger is associated with.

trigger lambda from SQS event on different VPC

I have my SQS URL which is configured in one VPC and want to trigger Lambda function from another VPC based on any new message that comes in SQS. How can i achieve it for real time analysis.
Amazon SQS is not associated with Amazon VPC. It exists "outside" of VPCs.
Therefore, you can simply configure the Lambda function to use the SQS queue as a trigger.

Terminate entire aws auto scaling group from cloudwatch alarm action

I have an AWS auto scaling group. From the instances I collect a variety of metrics and placed some cloud watch alarms on these metrics. In specific scenarios I would like to add a cloud watch alarm action that terminates the entire auto scaling group. Is this possible? I am going over aws documentation but does not seem to be possible.
Thanks!!
You can do this by invoking Lambda from your custom Cloudwatch event
You will need to write a Lambda that can use STS to assume a role that permits it to issue an EC2 Terminate command
The workflow would be:
Cloudwatch event triggers
Lambda function is invoked
Lambda function assumes role via STS
Lambda function retrieves list of instances in the ASG
Lambda function cycles through instances, issuing termination commands

Cloudwatch trigger to Aws lambda

I am using cloudwatch to trigger AWS Lambda. Now to create this trigger first of all I have to create rule then I need to add target and then I need to add permission policy to that lambda function. Now the problem is there is a policy length limit(20k) for each lambda function and each cloudwatch trigger increase policy length. So if there are around 60 cloudwatch rules my lambda can still handle all of those events as size is still less than 20k, but after that if rules increase I get http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html "policy length exceed exception error".
I know I can delete the policy by using removePermission method but that is not efficient because if there are around 100 rules present in cloudwatch which are triggering my lambda function then my lambda function can't handle that much amount of policy length.
This is how I solved it.
Cloudwatch Alerts --> SNS --> Lambda
No subscription, no permissions configuration needed. You can create multiple different SNS notifications if you want to isolate different team based on your alerts.
Steps:
Create SNS with a topic
Send Cloudwatch Alerts to SNS
Subscribe Lambda to that SNS Topic
Receive Alerts to Lambda!
Hope it helps.