Custom CloudWatch Events

Create rules to invoke Targets based on Events happening in your AWS environment.

Use event source with customize an Event Pattern

What’s In This Document

• Create custom cloudwatch event rule
• Create AWS Systems Manager Document
• Update IAM role to run SSM document from cloudwatch
• Put cloudwatch event to test

🚀 Create custom cloudwatch event rule

• Build custom event pattern

{
  "source": [
    "com.test.ssm.to.target"
  ]
}

• Target: SSM Run Command

🚀 Create AWS Systems Manager Document

• JSON Content: Write {{Message}} content to {{workingDirectory}}/testSSM.txt"

{
  "schemaVersion": "2.2",
  "description": "Run SSM command",
  "parameters": {
    "Message": {
      "type": "String",
      "description": "Parameter of SSM script",
      "default": ""
    },
    "workingDirectory": {
      "type": "String",
      "description": "Working dir",
      "default": "/tmp/"
    }
  },
  "mainSteps": [
    {
      "action": "aws:runShellScript",
      "name": "runSSMCommand",
      "inputs": {
        "runCommand": [
          "echo {{Message}} > {{workingDirectory}}/testSSM.txt"
        ]
      }
    }
  ]
}

• Target type: /AWS::EC2::Instance

🚀 Update IAM role to run SSM document from cloudwatch

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "ssm:SendCommand",
            "Effect": "Allow",
            "Resource": [
                "arn:aws:ec2:ap-northeast-1:111111111111:instance/i-0f4a1c3c2ca0a7dee",
                "arn:aws:ssm:ap-northeast-1:111111111111:document/testSSM"
            ]
        }
    ]
}

🚀 Put cloudwatch event to test

• Use python script to put event to cloudwatch rule

import boto3
import json
from datetime import datetime


def put_cloudwatch_event():
    try:
        client = boto3.client('events', region_name='ap-northeast-1')
        json_input = {"data": "{0} {1}".format('my-source', 'my-target')}
        response = client.put_events(
            Entries=[
                {
                    'Time': datetime.now(),
                    'Source': 'com.test.ssm.to.target',
                    'DetailType': 'MyDetailType',
                    'Resources': ['resource1', 'resource2'],
                    'Detail': json.dumps(json_input)
                }
            ]
        )
        if response['FailedEntryCount'] == 0:
            print(f"Result {json.dumps(json_input)} is in progress")
    except ValueError as err:
        print(str(err))


put_cloudwatch_event()

• Run script

Result {"data": "my-source my-target"} is in progress

Process finished with exit code 0

• Check result: Access to target instance

# cat /tmp/testSSM.txt 
my-source my-target

Mirror:

• https://github.com/vumdao/custom-cloudwatch-event
• https://vumdao.hashnode.dev/custom-cloudwatch-events

Read More

• Pelican-resume with docker-compose and AWS + CDK
• Using Helm Install Botkube Integrate With Slack On EKS
• Ansible AWS EC2 Dynamic Inventory Plugin
• How To List All Enabled Regions Within An AWS account
• Using AWS KMS In AWS Lambda
• Create AWS Backup Plan
• Techniques For Writing Least Privilege IAM Policies
• EKS Persistent Storage With EFS Amazon Service
• Create k8s Cronjob To Schedule Delete Expired Files
• Amazon ECR - Lifecycle Policy Rules
• Connect Postgres Database Using Lambda Function
• Using SourceIp in ALB Listener Rule
• Amazon Simple Systems Manager (SSM)
• Invalidation AWS CDN Using Boto3
• Create AWS Lambda Function Triggered By S3 Notification Event
• CI/CD Of Invalidation AWS CDN Using Gitlab Pipeline
• Create CodeDeploy
• Gitlab Pipeline With AWS Codedeploy
• Create AWS-CDK image container
• Deploy Python Lambda Functions With Container Image

🌠 Blog · Web · Linkedin · Group · Page · Twitter 🌠