I have an OpenShift cluster running in AWS that dynamically creates volumes for projects. I need all my resources (EC2 instances, EBS Volumes, etc.) to have some required and enforced tags. However, volumes created by OpenShift/Kubernetes only come with a few default tags and I cannot, from the OpenShift side, add custom tags.
I would like, when volumes are attached to an instance, to have volumes inherit the tags from the instance they are attached to. I already have a lambda script which can do this, but the CloudWatch event for attachVolume only triggers when a volume FAILS to attach. Is there a way to trigger a CloudWatch event to trigger when a volume successfully attaches to an instance?
My Useless CloudWatch Event:
{
"source": [
"aws.ec2"
],
"detail-type": [
"EBS Volume Notification"
],
"detail": {
"event": [
"attachVolume"
]
}
}
This CloudWatch Event Rule will be triggered when an EBS AttachVolume occurs:
{
"source": [
"aws.ec2"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ec2.amazonaws.com"
],
"eventName": [
"AttachVolume"
]
}
}
Related
I want to create a cloud watch alarm to monitor secrets rotation and triggers if RotationFailed.
I have checked the aws documentation about RotationFailed. This document says,
RotationFailed event - a mechanism to inform you that secret rotation failed for an application.
but I cant find how to use RotationFailed event to trigger alarm. please help me to create metric filter and alarm for secret rotation failed.
Try this cloudwatch event
{
"source": [
"aws.secretsmanager"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"secretsmanager.amazonaws.com"
],
"eventName": [
"RotationFailed"
]
}
}
I want to create a cloudwatch event to monitor the change in the state of all the EC2 instances in a specific region. This should work for both existing as well as for new instances.
If not via cloudwatch, can we create a cloudformation template or Boto3 script for the same?
You can use the below event pattern for state change off all resources
{
"source": [
"aws.ec2"
],
"detail-type": [
"EC2 Instance State-change Notification"
]
}
I have cloud monitoring turned on for my EBS Volumes that gives me metrics such as
BurstBalance, VolumeWriteOpS, VolumeQueueLengts etc.
I would like to find out how can I find out whether someone is trying to mount the volume or Copy the EBS volumes. Would I need to integrate with Cloud Trail?
mount the volume
This is done from the instance. I don't think you can detect any mount attempts that after the EBS volume is already attached to the instance.
Would I need to integrate with Cloud Trail?
You can use CloudWatch Events as well, don't need trial for that. For example, the event could be:
{
"source": [
"aws.ec2"
],
"detail-type": [
"EBS Snapshot Notification"
],
"detail": {
"event": [
"copySnapshot"
]
}
}
or
{
"source": [
"aws.ec2"
],
"detail-type": [
"EBS Volume Notification"
],
"detail": {
"event": [
"attachVolume"
]
}
}
I am trying to setup CI/CD with AWS codepipeline and now I am stuck with pipeline autostart.
Looks like cloudwatch does not detect ECR events so does not start a pipeline.
Target and role configured correctly, but in access advisor for role I don`t see any role invocations.
Region us-west-2.
Here is event pattern that I use:
{
"detail": {
"eventName": [
"PutImage"
],
"requestParameters": {
"imageTag": [
"service.develop.latest"
],
"repositoryName": [
"repository"
]
}
},
"source": [
"aws.ecr"
]
}
I can see PutImage events in cloudtrail but this rule does not work. Any help appreciated, thanks.
Well, magically this thing started to work.
Looks like an AWS bug as I did not fixed it somehow.
I am trying to make a rule trigger on any API call for creation, but I haven't had any success.
I have another rule that triggers whenever and ec2 instance is running which works, but this rule does not trigger for RunInstances although I see the cloudtrail logs with RunInstances in the API log.
I have made a CloudWatch log from the cloudtrail and see the events that should be triggering it, but they don't. Is there a step I am missing? What are the necessary components to have CloudWatch properly trigger on API calls?
The rule mentioned:
{
"source": [
"aws.cloudtrail"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"cloudtrail.amazonaws.com"
],
"eventName": [
"CreateUserPool",
"CreateImage",
"CreateCacheCluster",
"RunInstances",
"CreateActivation",
"RunJobFlow ",
"CreateVault",
"CreateDeliveryStream",
"CreateStream",
"CreateCluster",
"CreateDBInstance",
"CreateHostedZone",
"CreateBucket",
"CreateLaunchConfiguration",
"CreateStack",
"CreateEnvironment",
"CreateWorkspaces"
]
}
}
To add more detail here is the other rule I used to test CloudWatch
{
"source": [
"aws.ec2"
],
"detail-type": [
"EC2 Instance State-change Notification"
],
"detail": {
"state": [
"running"
]
}
}
This is the log of the startInstances and the following Lambda function running.
Cloudtrail of the the lambda function specifically which functions normally.
Here is the API call which should also initiate it according to the rule, but it does not.
Hopefully these images make it clearer as to what I am having trouble with.
P.S. I didn't know how much info I should consider confidential, so I over censored
I misunderstood the rule I created. I thought "AWS API calls from Cloudtrail" when using the cloudtrail Service meant all the information stored in Cloudtrail. That does not seem to be the case.
As I mention in my comment, I am looking for other solutions for my problem, but I will make a separate question for that. Thanks!