I am trying to set up a cloudwatch event that triggers a lambda when the permissions on the EBS snapshot are changed.
For now, the cloudwatch event is limited to the following:
createSnapshot
copySnapshot
shareSnapshot
But obviously, by using any of these, my Lambda is not triggered.
This is the event pattern I am currently using:
{
"source": [
"aws.ec2"
],
"detail-type": [
"EBS Snapshot Notification"
]
}
Does anyone have a suggestion on how the venet patten should look like to trigger my Lambda on a a change on the Permissions?
Related
I have the following pattern in event bridge:
{
"source": [
"aws.secretsmanager"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"secretsmanager.amazonaws.com"
],
"eventName": [
"CreateSecret",
"UpdateSecret",
"DeleteSecret",
"PutSecretValue",
"GetSecretValue",
"ListSecrets",
"RotationFailed",
"RotationSucceeded",
"DescribeSecret"
]
}
}
it is pointing to a Lambda that prints the event to Cloudwatch. Works just fine but when i try to capture events like:
"ListSecrets",
"RotationFailed",
"RotationSucceeded",
"DescribeSecret"
They never get capture by the event system filter i created. Other actions like Update/Create/Delete works just fine.
Is there any steps i am missing to get those?
Documentation Reference: https://docs.amazonaws.cn/en_us/secretsmanager/latest/userguide/retrieve-ct-entries.html
Thanks
All events that are delivered via CloudTrail have AWS API Call via CloudTrail as the value for detail-type. Events from API actions that start with the keywords List, Get, or Describe are not processed by EventBridge, with the exception of events from the following STS actions: GetFederationToken and GetSessionToken. Data events (for example, for Amazon S3 object level events, DynamoDB, and AWS Lambda) must have trails configured to receive those events. Learn more.
Warning from AWS at EventBridge page about Secrets Manager
I want to create a cloudwatch event to monitor the change in the state of all the EC2 instances in a specific region. This should work for both existing as well as for new instances.
If not via cloudwatch, can we create a cloudformation template or Boto3 script for the same?
You can use the below event pattern for state change off all resources
{
"source": [
"aws.ec2"
],
"detail-type": [
"EC2 Instance State-change Notification"
]
}
How can I trigger a lambda when a log group is created in cloudwatch? What I am thinking the easiest way to do is to create a cloudwatch rule to send cloudtrail event to lambda. Is it reasonable to do? If yes, how can I filter out other events but only trigger lambda when a log group is created?
The only event type supported by CloudWatch Events (CWE) for CW Logs (CWL) is:
AWS API Call via CloudTrail
Therefore, you can catch the events of interests when you enabled CloudTrail (CT) trail. Once enable, API events would be available in CWE. Then, you would have to create CWE rule which captures CreateLogGroup API call. The rule would trigger your lambda function.
An example CWE rule could be:
{
"source": [
"aws.logs"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"logs.amazonaws.com"
],
"eventName": [
"CreateLogGroup"
]
}
}
My end goal is to start an ECS (fargate) task/Lambda based on API call (manually).
When creating the CloudWatch Rule I have to select a service to listen events on. I'm not sure what service I should use for my purpose.
What is the best thing to do? Should I create a CloudWatch alarm that I manually trigger?
Thanks
So you want to trigger a lambda function/ECS task based on an API call.This cloudwatch event rule service will depend on the type of API call you are running.
For example if there is a S3 Put event ,then you will select the S3 as the service and then the specific S3 operation you are running
{
"source": [
"aws.s3"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"PutObject"
]
}
}
If this a non-aws API call then you can use cloudwatch logs to trigger the Cloudwatch event rule.
We have a lambda function we want to use to remove systems from our monitoring system when they are being terminated due to AutoScaling lifecycle events. The function works as expected when we run it manually but we do not see it being called when an instance is terminated. We've setup the following cloudwatch event with a target of the lambda function. We've been testing manually by scaling down an ASG and the instances terminate but the function is never called. Does anyone know what we're missing or where to look for logs of the issue.
{
"source": [
"aws.autoscaling"
],
"detail-type": [
"EC2 Instance-terminate Lifecycle Action"
],
"detail": {
"AutoScalingGroupName": [
"ASG_NAME"
]
}
}
Realized I didn't have a Lifecycle Hook on the ASG, after adding it it's working as expected.