I am using cloudwatch scheduled event to trigger my lambda function after specific time interval. I would like to use cloud-formation template to add this rule in cloudwatch. I have gone through cloudformation templates documentation but I am not able to find out way to configure events using cloud formation template. Can anyone please suggest how to implement it using cloud formation template.
I am using below template.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Provision environment specific",
"Resources": {
"lambdaScheduler": {
"Type": "AWS::CloudWatch::Event",
"Properties": {
"detail-type": "Scheduled Event",
"source": "aws.events",
"name": "TEST_EVENT_10_MINS_RULE",
"schedule-expression": "rate(5 minutes)"
}
}
}
}
I am getting A client error (ValidationError) occurred when calling the ValidateTemplate operation: Template format error: Unrecognized resource type: AWS::CloudWatch::Event error message when I validate it using aws cli.
Adding CloudWatch event rules and schedules in now available, see https://aws.amazon.com/about-aws/whats-new/2016/04/amazon-cloudwatch-events-now-supported-in-aws-cloudformation-templates/
I am pretty sure the CloudWatch Event is yet to be exposed via the CloudFormation API. There is normally some lag between new features in AWS and them being implemented/exposed by the CloudFormation team.
Here is the list of resources currently available via CloudFormation. http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
As one can see there is only one resource in the Cloudwatch namespace.
Have you tried laying out your design in the CloudFormation designer? It only creates stub code for each element, but it validates the overall design. You then have to transfer the outline code to an editor to do the real work, but it should avoid the error you quoted.
Related
I am trying to create a cloud formation stack using AWS Events to trigger an API call on a schedule. Most of the stack is working, however, the AWS::Events::ApiConnection is failing to create and I am not sure why.
This is the CF snippet that is failing: (Note, The API doesn't have any authentication yet, however, cloud formation requires the AuthParameters property)
"CronServerApiConnection": {
"Type": "AWS::Events::Connection",
"Properties": {
"Name": "api-connection",
"AuthorizationType": "API_KEY",
"AuthParameters": {
"ApiKeyAuthParameters": {
"ApiKeyName": "foo",
"ApiKeyValue": "bar"
}
}
}
},
In the cloud formation console this fails to create with the following error:
Resource handler returned message: "Error occurred during operation 'AWS::Events::Connection'." (RequestToken: xxxxxxxxxxxxxxxxx, HandlerErrorCode: GeneralServiceException)
I can't for the life of me figure this one out. from what I can see my CF snippet matches exactly what AWS specify in their docs here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.html
I ran into this issue myself a few weeks ago, and while looking for an answer I found this question unresolved so I thought I would share the answer. The events API is not descriptive at all with any of the errors, in my case the issues were permissions related. While is not clear in the documentation the AWS::Events::Connection not only needs permissions for the events API but also for the secretsmanager API since it will create some secrets for you under the hood. I solved this by adding full API permissions to the role creating the stack but of course I scoped the permissions by the resource to avoid security issues, something like:
effects: "Allow"
actions: [
"events:*",
"secretsmanager:*"
]
resources: [
"arn:aws:secretsmanager:<your region>:<your-account-id>:secret:events!connection/<yoursecretnameprefix>-*"
]
I will leave the addition of the event resource to you, but essentially is the same just scope by the arn of your resource. The above is just an example please replace the placeholders with the correct values.
So i wanted to create an eventbridge event pattern that would trigger my lambda for updating the ecs cluster LT ami's to the latest one when this param updates. I tried using something like this
{
"source": ["aws.ssm"],
"detail-type": ["Parameter Store Change"],
"detail": {
"operation": ["Update"],
"name": ["/aws/service/ecs/optimized-ami/amazon-linux-2/recommended"]
}
}
The problem is this never triggers.
Does know how the event looks like when this parameter get's updated.
Also would also like to know for events similiar like this where i could find the source events.
I had a haunch i could get it from aws cli with describing past changes but this doesn't work for public ssm params.
I expected the above event pattern to trigger my lambda when the /aws/service/ecs/optimized-ami/amazon-linux-2/recommended param get's changed.
I have a lambda function deployed in us-east-1 which runs every time an EC2 instance is started.
The lambda function is triggered with the following EventBridge configuration:
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"source": [
"aws.ec2"
],
"detail": {
"eventName": [
"RunInstances"
]
}
}
The lambda function is working great. Now, I'm looking to extend this so that my lambda function is triggered even when an EC2 instance is launched in a different region (e.g. us-east-2).
How can I achieve this?
One option is to put SNS as an event target and subscribe the lambda to the SNS topic. SNS supports cross region subscriptions.
Another option is to use cross region event busses. You create a rule that forwards the event to another region and create another event rule in that region that invokes a lambda. More info here: https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/
There was a recently announced new functionality that can help with cross region use cases with aws lambda: https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/
Amazon eventBridge is a great way for cross region (and cross-account) event processing
I have lambda which is triggered by cloudwatch event when VPN tunnels are down or up. I searched online but can't find a way to trigger this cloudwatch event.
I see an option for test event but what can I enter in here for it to trigger an event that tunnel is up or down?
You can look into CloudWatchEventsandEventPatterns
Events in Amazon CloudWatch Events are represented as JSON objects.
For more information about JSON objects, see RFC 7159. The following
is an example event:
{
"version": "0",
"id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718",
"detail-type": "EC2 Instance State-change Notification",
"source": "aws.ec2",
"account": "111122223333",
"time": "2017-12-22T18:43:48Z",
"region": "us-west-1",
"resources": [
"arn:aws:ec2:us-west-1:123456789012:instance/ i-1234567890abcdef0"
],
"detail": {
"instance-id": " i-1234567890abcdef0",
"state": "terminated"
}
}
Also log based on event, you can pick your required event from AWS CW EventTypes
I believe in your scenario, you don't need to pass any input data as you must have built the logic to test the VPN tunnels connectivity within the Lamda. You can remove that JSON from the test event and then run the test.
If you need to pass in some information as part of the input event then follow the approach mentioned by #Adiii.
EDIT
The question is more clear through the comment which says
But question is how will I trigger the lambda? Lets say I want to
trigger it when tunnel is down? How will let lambda know tunnel is in
down state? – NoviceMe
This can be achieved by setting up a rule in Cloudwatch to schedule the lambda trigger at a periodic interval. More details here:
Tutorial: Schedule AWS Lambda Functions Using CloudWatch Events
Lambda does not have an invocation trigger right now that can monitor a VPN tunnel, so the only workaround is to poll the status through lamda.
Is there a way to get event information, specifically the ARN of the service causing the event, to a lambda function?
In my previous question, I asked for some help with using Cloudwatch and Cloudtrail to get the info. I think it was mostly just an misunderstanding of the rules, but now I'm concerned if there is anyway to make a generalized solution.
I know I could do it for a specific service successfully, but I wish to have a generalized rule to trigger the function. Cloudwatch logs or events seem to be the right answer for this, but I'm no longer confident about that with my trouble with my Cloudwatch Cloudtrail rule.
Just to fully lay out my goal, I wish to have a lambda function trigger at the creation of any service and get access to that new services' ARN, so that I may do verification of the process.
Yes, it is possible, however, each event has different event properties, and you need to check where to get this information.
For example, if your lambda is triggered by CloudFormation, you can get the Stack Id (ARN) with event['StackId'].
{
"StackId": stackidarn,
"ResponseURL": "http://pre-signed-S3-url-for-response",
"ResourceProperties": {
"StackName": "stack-name",
"List": [
"1",
"2",
"3"
]
},
"RequestType": "Create",
"ResourceType": "Custom::TestResource",
"RequestId": "unique id for this create request",
"LogicalResourceId": "MyTestResource"
}
You can see details about each event generated in http://docs.aws.amazon.com/lambda/latest/dg/eventsources.html.
If you want to debug in real time to check the event content, you can find some solution like lambda-toolkit