AWS Monitoring with EventBridge | cloudonaut

In terms of AWS monitoring, you most likely consider Amazon CloudWatch first. That’s proper, however there may be one other supply of details about the well being of your cloud infrastructure: Amazon EventBdrige. On this weblog put up, you’ll discover ways to faucet into EventBridge to get vital details about working your cloud infrastructure.

The right way to configure AWS Monitoring based mostly on EventBridge?

The next diagram exhibits what is required to increase your AWS monitoring with the assistance of EventBridge.

1. Providers like AWS Backup, Amazon EC2, and AWS Well being publish occasions when issues go incorrect or human intervention is important to EventBridge.
2. EventBridge guidelines filter these occasions based mostly on a sample and ahead matching occasions to an SNS subject.
3. The SNS subject sends occasions to on-call engineers through Electronic mail, SMS, or HTTPS.

I’ve compiled some examples of EventBridge guidelines and occasion patterns for AWS monitoring within the following. The code snippets are written in Terraform configuration syntax, however the occasion patterns will also be used with CloudFormation and even within the AWS Administration Console.

Monitoring AWS account root consumer login with EventBridge

The next EventBridge rule (previously referred to as CloudWatch occasion rule) outlined in Terraform configuration syntax ensures you’re notified every time somebody makes use of the AWS account root consumer to log in.

useful resource "aws_cloudwatch_event_rule" "root_user_login" {
  title          = "aws-monitoring-root-user-login"
  event_pattern = 
{
  "detail-type": [
    "AWS Console Sign In via CloudTrail"
  ],
  "element": {
    "userIdentity": {
      "arn": [
        "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
      ]
    }
  }
}
JSON
}

information "aws_partition" "present" {}

information "aws_caller_identity" "present" {}

Monitoring AWS Well being bulletins with EventBridge

Over the previous years, AWS improved the AWS Well being Dashboard and is utilizing this channel to speak outages in addition to breaking adjustments to companies. Getting notified about new points helps guarantee your cloud infrastructure’s continuity.

useful resource "aws_cloudwatch_event_rule" "health_issue" {
  title          = "aws-monitoring-health-issue"
  event_pattern = JSON
{
  "supply": [ 
    "aws.health"
  ],
  "detail-type": [
    "AWS Health Event"
  ]
}
JSON
}

Monitoring EC2 Auto Scaling with EventBridge

EC2 Auto Scaling launches cases, for instance, so as to add capability to a fleet. It’s essential to get notified if Auto Scaling fails to launch or terminate an occasion, as human intervention is more than likely required to repair the issue.

useful resource "aws_cloudwatch_event_rule" "auto_scaling_failed" {
  title          = "aws-monitoring-auto-scaling-failed"
  event_pattern = JSON
{
  "supply": [ 
    "aws.autoscaling"
  ],
  "detail-type": [
    "EC2 Instance Launch Unsuccessful",
    "EC2 Instance Terminate Unsuccessful",
    "EC2 Auto Scaling Instance Refresh Failed"
  ]
}
JSON
}

Monitoring EBS Snapshots with EventBridge

Do you depend on creating EBS snapshots for backing up information? In that case, it’s best to keep watch over failed EBS snapshots by utilizing the next EventBridge rule.

useful resource "aws_cloudwatch_event_rule" "ebs_failed" {
  title          = "aws-monitoring-ebs-failed"
  event_pattern = JSON
{
  "supply": [ 
    "aws.ec2"
  ],
  "detail-type": [
    "EBS Snapshot Notification",
    "EBS Multi-Volume Snapshots Completion Status"
  ],
  "element": {
    "outcome": [
      "failed"
    ]
  }
}
JSON
}

Monitoring SSM Automation with EventBridge

The Programs Supervisor supplies a toolkit to automate the administration of EC2 cases. However will you discover when automation fails in the course of the evening? The next EventBridge rule will maintain you posted.

useful resource "aws_cloudwatch_event_rule" "ssm_automation_failed" {
  title          = "aws-monitoring-ssm-automation-failed"
  event_pattern = JSON
{
  "supply": [ 
    "aws.ssm"
  ],
  "detail-type": [
    "EC2 Automation Execution Status-change Notification"
  ],
  "element": {
    "standing": [
      "Failed",
      "TimedOut"
    ]
  }
}
JSON
}

Monitoring ECS Duties with EventBridge

The Elastic Container Service (ECS) orchestrates containers. However typically containers fail and exit with an exit code > 0. The next EventBridge rule will guarantee you’re getting notified in regards to the concern.

useful resource "aws_cloudwatch_event_rule" "ecs_task_failed_non_zero" {
  title          = "aws-monitoring-ecs-task-failed-non-zero"
  event_pattern = JSON
{
  "supply": [ 
    "aws.ecs"
  ],
  "detail-type": [
    "ECS Task State Change"
  ],
  "element": {
    "group": [{"anything-but": {"prefix": "service:"}}],
    "lastStatus": ["STOPPED"],
    "stopCode": ["EssentialContainerExited"],
    "containers": {
      "exitCode": [{"anything-but": 0}]
    }
  }
}
JSON
}

Monitoring ECR Picture Scan with EventBridge

The Elastic Container Registry (ECR) comes with the potential to scan container photographs for recognized vulnerabilities. However how do you guarantee you’re notified about extreme findings? Right here you go.

useful resource "aws_cloudwatch_event_rule" "ecr_image_scan_finding" {
  title          = "aws-monitoring-ecr-image-scan-finding"
  event_pattern = JSON
{
  "supply": [
    "aws.ecr"
  ],
  "detail-type": [
    "ECR Image Scan"
  ],
  "element": {
    "scan-status": ["COMPLETE"],
    "finding-severity-counts": {
      "$or": [
        {"CRITICAL": [{"numeric": [">", 0]}]},
        {"HIGH": [{"numeric": [">", 0]}]},
        {"MEDIUM": [{"numeric": [">", 0]}]},
        {"UNDEFINED": [{"numeric": [">", 0]}]}
      ]
    }
  }
}
JSON
}

Monitoring Amazon Certificates Supervisor (ACM) with EventBridge

Now we have all skilled downtimes brought on by expired SSL/TLS certificates. This doesn’t need to be the case. Monitor the Amazon Certificates Supervisor (ACM) and get notified when certificates expire.

useful resource "aws_cloudwatch_event_rule" "acm_certificate_approaching_expiration" {
  title          = "aws-monitoring-acm-certificate-expiration"
  event_pattern = 
{
  "supply": [ 
    "aws.acm"
  ],
  "detail-type": [
    "ACM Certificate Approaching Expiration"
  ],
  "element": {
    "DaysToExpiry": [1, 2, 3, 7, 14, 21, 28, 35, 42, 49, 56, 63, 70]
  }
}
JSON
}

Monitoring AWS Backup with EventBridge

Typically backup companies like AWS Backup present false safety. In spite of everything, what occurs if AWS Backup runs into errors when creating vital backups? You should use the next EventBridge rule to catch backup errors.

useful resource "aws_cloudwatch_event_rule" "backup_failed" {
  title          = "aws-monitoring-backup-failed"
  event_pattern = JSON
{
  "supply": [ 
    "aws.backup"
  ],
  "detail-type": [
    "Backup Job State Change",
    "Copy Job State Change",
    "Restore Job State Change"
  ],
  "element": {
    "state": [
      "FAILED"
    ]
  }
}
JSON
}

Monitoring Elastic Beanstalk with EventBridge

Elastic Beanstalk is a well-liked service for deploying internet functions on AWS. It could assist when you had been the primary to find out about an issue together with your utility. The next EventBridge rule notifies you about points together with your Elastic Beanstalk functions.

useful resource "aws_cloudwatch_event_rule" "elastic_beanstalk_failed" {
  title          = "aws-monitoring-elastic-beanstalk-failed"
  event_pattern = JSON
{
  "supply": [
    "aws.elasticbeanstalk"
  ],
  "detail-type": [
    "Elastic Beanstalk resource status change",
    "Other resource status change",
    "Health status change",
    "ManagedUpdateStatusChangeEnabled"
  ],
  "element": {
    "Severity": [
      "WARN",
      "ERROR"
    ]
  }
}
JSON
}

Abstract

In terms of AWS monitoring, EventBridge is an important supply of knowledge. Guarantee you’re utilizing EventBridge guidelines forwarding occasions to an SNS subject to get notified about points together with your cloud infrastructure.

All examples from this weblog put up originate from marbot-io/terraform-aws-marbot-monitoring-basic.

Additionally, please take a look at our product marbot to roll out monitoring based mostly on CloudWatch and EventBridge with ease.