4.2 - PaulDuvall/aws-compliance-workshop GitHub Wiki
4.2 Describe CloudWatch Event Rules
About Amazon CloudWatch
"Amazon CloudWatch is a near real-time monitoring and logging service provided by AWS. You can use CloudWatch to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly." Source
About Amazon CloudWatch Events
"Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams. CloudWatch Events becomes aware of operational changes as they occur. CloudWatch Events responds to these operational changes and takes corrective action as necessary, by sending messages to respond to the environment, activating functions, making changes, and capturing state information.
You can also use CloudWatch Events to schedule automated actions that self-trigger at certain times using cron or rate expressions. For more information, see Schedule Expressions for Rules." Source
You can also configure the many AWS services as targets for CloudWatch Events. These services include Amazon EC2, AWS Lambda functions, Amazon ECS tasks, Amazon SNS Topics, and any more. See CloudWatch Events Event Examples From Supported Services for examples.
Create an Amazon SNS Topic
- Go to Amazon Simple Notification Service (SNS) Console.
- Select Topics and then Create topic.
- Enter a Name and then click Create topic.
- Click Create subscription.
- Choose Email as the endpoint and click Create subscription.
- Confirm the subscription when you receive the email.
Create an Amazon CloudWatch Event Rule
- Go to Amazon CloudWatch.
- Select Rules under Event.
- Click Create rule.
- From Event Source, choose Event Pattern.
- Enter AWS Console Sign In for the Service Name.
- Enter Sign-In Events for the Event Type.
- This will generate the following command:
{
"detail-type": [
"AWS Console Sign In via CloudTrail"
]
}
- From the Targets section, click on Add target.
- Select SNS Topic for the Target.
- Choose the Topic you created from the SNS Console.
- Click Configure details.
- Enter a Name in the Configure rule details page.
- Click Create rule.
Test the CloudWatch Event Rule
- From a separate browser, login to the AWS Management Console.
- Check your email to confirm you received an SNS Notification.
Example CloudWatch Event Rule
Additional Resources
- Event Patterns in CloudWatch Events
- CloudWatch Events Event Examples From Supported Services
- Troubleshooting CloudWatch Events
- How can I tell when CloudWatch Events rules are broken
- Sending and Receiving Events Between AWS Accounts
- Creating a CloudWatch Events Rule That Triggers on an AWS API Call Using AWS CloudTrail