CloudWatch Events

Basics

Delivers near real-time stream of events (description of resources changes); match rules & routing to targets;

Able to send/receive events cross accounts

Events

{

  "version": "0",

  "id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718",

  "detail-type": "EC2 Instance State-change Notification",

  "source": "aws.ec2",

  "account": "111122223333",

  "time": "2017-12-22T18:43:48Z",

  "region": "us-west-1",

  "resources": [

    "arn:aws:ec2:us-west-1:123456789012:instance/ i-1234567890abcdef0"

  ],

  "detail": {

    "instance-id": " i-1234567890abcdef0",

    "state": "terminated"

  }

}

• Represented by JSON
  • All have same top-level fields
  • "source"+"detail-type" decides contents of "detail"
• Types
  • AWS resource changes - generated by certain AWS resources (reference here)
  • CloudTrail published API calls (all services)(note: don't create a loop!)
  • Custom, application level events (pushed by applications with "PutEvents" API)
  • Scheduled events

Rules

Rule matches events and routes to targets. All rules are equal and processed in parallel. Rule can also transform the event.

Event Patterns

Example:

{

  "source": [ "aws.ec2" ],

  "detail-type": [ "EC2 Instance State-change Notification" ],

  "detail": {

    "state": [ "running" ]

  }

}

• select events, either match or not match
• rule of matching - see here

Targets

Various, including Lambda, SNS, etc., see documentation.

Others

Integrate with CloudWatch by providing metrics to CloudWatch

"Managed rules" are rules required by other services to operate properly. They can only be "force" deleted - do so carefully or risk service disruption.