Configuring CloudTrail with EventBridge
Manually setting AWS API calls to integrate with EventBridge
In this quick tutorial, I am going to walk you to how to configure CloudTrail with EventBridge from the AWS console directly.
This integration helps you create very useful event-driven systems where EventBridge could dynamically react to other AWS events through CloudTrail APIs.
EventBridge can easily integrate with many target services within AWS, with a fast daily growing expansion. The picture below represents some of the services EventBridge could work with.
The purpose of this post to manually configure EventBridge and CloudTrail when EC2 APIs are called. Furthermore, we are going to configure a Lambda function as target whenever the rule gets triggered.
This setup can be done in four steps:
- Rule details
- Build pattern
- Select targets
- Review and create
1. Rule Details
First thing would be to create a rule for the event. The name and description are required, as well as the Rule Type.
Rule Type
There are two different kind of Rule Types, one based on some event patterns, and another one based on schedule.
- Event Patterns: this type will match a specific event pattern. In this case, EC2 APIs that are captured through CloudTrail.
- Schedule: this type represents a cron expression for how often the rule should be triggered.
More about the cron expressions in AWS in the Reference section.
2. Build Pattern
Event Source
Second step is to define the source in which the event will come in. There are three different types: AWS events, others and all types.
- AWS events: these correspond to internal events that are happening inside of your AWS environment through APIs.
- Other: this could integrate with your internal system or another third party provider that generates events.
Event Pattern
This step is to setup the pattern to match the event that is going to trigger the rule. On Event Source, there are AWS services and also EventBridge Partners.
For the purpose of this post, we are going to select API calls via CloudTrail, but there are also other types such as EBS Volume Notification and AMI State Change for EC2.
This is a JSON example of what event through API call via CloudTrail may look like.
Notice that the source is “ec2,” meaning that only EC2 APIs will match this pattern and therefore use this rule. Furthermore, the “eventName” key can be any sort of EC2 API operation, in this case AttachVolume, but it could also RunInstances, TerminateInstance, DetachVolume to mention few.
Resources for creating event patterns can be found in the Reference section.
3. Select Targets
Targets are essentially the services EventBridge will invoke based on the event. As mentioned, there is a variety of AWS services that integrate with EventBridge. But you could also connect this with other external APIs that are not necessarily in AWS, like for example a payment system such as Stripe.
Lambda Function
When trying to configure EventBridge to work with Lambda, there are multiple settings that could be enabled in order to fully exploit the capabilities of both services.
You could configure a custom target input that is passed to the function. This custom target input could be extremely useful when moving key data points around the system in an event-driven fashion.
Additionally, there are also other settings with regards to the retry policies, such as the maximum age of event, the number of attempts and the dead-letter queues.
Configurations
4. Review and Create
Once you have made sure that the rule has been configured correctly, with the appropriate event pattern and the right targets, then go ahead and create this and wait until the next event that matches your rule!
Let me know if I can help in anything. Subscribe if you want to see more of this content.
Go Build 🔥
