3

I am trying to write a custom CloudWatch Event Pattern that will trigger an SSM Run Command. The problem I am having is I am not sure how I am supposed to write this event pattern. I've looked at the documentation and I am just not understanding how to do this. The documentation gave an example such as:

{
 "source": [ "aws.ec2"]
}

which will watch for all events from the EC2 service, that I understand. But how would I watch for, say... a specific message in a CloudWatch Logs Log Group?

KoalaKey
  • 252
  • 3
  • 11
  • As far as I am aware, those events have nothing to do with Cloudwatch Log Groups. Events have to be actively put on an event bus by _someone_. There are a lot of events that AWS puts onto the event bus for you (for example a new EC2 instance is started), but they don't put anything concerning the content of your Cloudwatch logs there. Therefore, you can not filter for Cloudwatch logs entries in those event pattern. What you can do, is create a Cloudwatch subscription that sends specific log entries to a Lambda and let the Lambda do something. – Jens Dec 13 '20 at 17:23
  • Hmm, okay. Well, what I am trying to do is wait for a Lambda Function to finish processing data before the SSM run command is invoked. Lambda does not have SSM as a target to trigger the SSM Run command. This is why I was trying to watch for a successful log entry from that specific lambda function in order to trigger the run command. Am I just going about this the wrong way? Should I instead just trigger a lambda function to invoke the run command after the previous Lambda finishes processing the data? – KoalaKey Dec 13 '20 at 17:33
  • 1
    Why not run the command at the end of the Lambda? SSM has an API that you can use to run commands etc. – Jens Dec 13 '20 at 17:37
  • Oh my gosh, I did not even think of that. That definitely would solve my problem. Thank you! – KoalaKey Dec 13 '20 at 17:41
  • 1
    Maybe you can also have a look at [AWS Step Functions](https://aws.amazon.com/step-functions). Step Functions allow you to run multiple Lambdas in a "workflow" and it already has some nice integrations with other AWS services. – Jens Dec 13 '20 at 17:57
  • I just got it working. It does exactly what I wanted it to. If you want to write up your comments as an answer I'd be more than happy to mark it correct. Again, thanks so much! I have not used step-functions yet but, I will take a look at them for sure! – KoalaKey Dec 13 '20 at 18:53

1 Answers1

2

Answering the original question. Here's a sample.

{
  "source": ["aws.ec2"],
  "detail-type": ["EC2 Instance State-change Notification"],
  "detail": {
    "state": ["running"]
  }
}

you can find a lot more at patterns within https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html. Definitely the Content-based Filtering with Event Patterns page like

{
  "time": [ { "prefix": "2017-10-02" } ],
  "detail": {
    "state": [ { "anything-but": "initializing" } ],
    "c-count": [ { "numeric": [ ">", 0, "<=", 5 ] } ],
    "d-count": [ { "numeric": [ "<", 10 ] } ],
    "x-limit": [ { "anything-but": [ 100, 200, 300 ] } ]
  }
}
blr
  • 908
  • 4
  • 8