Amazon CloudWatch Events

Learn via video courses

Overview

AWS CloudWatch Events provides a relatively close real-time stream of event logs describing changes to  AWS resources. One may compare events and channel these with more than one destination function or stream employing basic rules that are simple to set up. AWS CloudWatch Events detects modifications as events happen. CloudWatch Events reacts to changes occurring and performs remedial action as needed by delivering the message, triggering operations, making modifications, and recording system information.

What are Amazon CloudWatch Events?

Amazon CloudWatch Events provides a near-real-time stream of system events describing changes to Amazon Web Services (AWS) resources. You may match events and route them to one or more destination functions or streams using basic rules that are easy to set up.

CloudWatch Events detects operational changes as they occur. CloudWatch Events reacts to operational changes and takes remedial action as needed by delivering messages, activating functions, making modifications, and recording state information.

  • You may construct event rules to execute a procedure when the event happens. In an event rule, you designate such events as targets. For example, similar to the alarm actions, you may provide SNS topics as the event destination and have the event rules send a notification to a certain topic to notify you.

  • Whenever their statuses alter or a particular event happens inside that service, several AWS services transmit the event to AWS CloudWatch Events. For illustration, if an AWS CodeDeploy installation fails, it sends an event to AWS CloudWatch Events.

  • Custom events, like CloudWatch metrics, may be generated and sent to CloudWatch Events. Then, write a rule and use Lambda Functions to do customized filtering. By connecting your apps to EventBridge, you may create activity-driven frameworks.

  • There is an additional sort of CloudWatch Event in addition to these: scheduled events. The scheduled CloudWatch events, as the title suggests, are triggered on a set schedule using cron expressions. For illustration, you may set up a scheduled event that runs every day and triggers AWS Lambda functions to perform some automation.

  • An app can send a custom event, and then another app can reply to that event by performing something different. Whenever an order is placed for illustration, an online store app may send an event, which might also initiate the delivery process.

Features of CloudWatch Events

  • AWS EC2 Integration When specific events occur, you may utilize Amazon CloudWatch Events to launch AWS Systems Manager Run Command and conduct operations on AWS EC2 instances. Run Command may be configured to run shell code and configure every new instance deployed in an AWS EC2 Auto Scaling cluster.

  • AWS Lambda Functions You may use AWS Lambda to record an event when an Auto Scaling cluster starts or finishes an EC2 instance, and whether the launching or termination event was successful.

  • Scheduling the CloudWatch Events CloudWatch Events rule can be executed on a schedule. On such a regular basis, you may produce an automatic snapshot of an existent AWS EBS volume. You may provide a constant rate to produce a snapshot every several minutes, or you can have used a cron expression to make the snapshot at a certain period during the day.

  • Sending and Receiving of Events in AWS Accounts You may configure the AWS account to transmit events to or accept events from those other AWS accounts. This is beneficial if the accounts are from the same organization or from entities that are collaborators or have a close association. When you configure the accounts to receive or send events, simply define which AWS account can receive or send events with yours. You may define an organization and allow permission to every account in that organization by using the AWS Organisations functionality.

  • Tagging Your Amazon CloudWatch Events Resources Identify and arrange your Amazon Web Services resources. Many AWS services enable tagging, so you may use the same tag to signal that resources from multiple services are connected. Keep track of your AWS expenses. These tags are enabled using the Amazon Billing and Cost Management dashboards. AWS categorizes your expenditures using tags and sends you a monthly allocation report.

CloudWatch Events Concepts

Before you start utilizing CloudWatch Events, you should be comfortable with the following concepts:

  • Events An event signals that something has changed in the AWS environment. When the status of an AWS resource alters, it can create events. For illustration, whenever an EC2 instance's status goes from waiting to operating, Amazon EC2 creates an event, and AWS EC2 Auto Scaling produces events whenever it deploys or ends instances. Whenever your made API requests, AWS CloudTrail reports events. Custom app-level events can be created and published to CloudWatch Events. You may also configure scheduled events to be created on a routine basis.

  • Rules Incoming events are matched by a rule and sent to destinations for evaluation. A single rule could propagate to several targets, each of which is handled concurrently. Rules are not handled in any certain sequence. This allows different components of organizations to search for and analyze events of relevance to them. A rule can modify the JSON delivered to the destination by providing just certain sections of it or rewriting with a constant.

  • Targets A target handles events. AWS EC2 instances, Lambda functions, Kinesis streams, ECS jobs, Step Functions automata, SNS topics, SQS queues, and designed targets are examples of targets. Events are delivered to a destination in JSON format.

Getting Started

To add and remove CloudWatch Events rules, follow the steps in this subsection. These are generic processes that may be used for any event source or target.

Rules:

Creating a Rule That Triggers an Event

  1. To access the AWS CloudWatch click on.

Rule That Triggers on an Event

  1. Select Events and then Create a rule from the navigation pane as shown in the image.

Rule That Triggers on an Event

  1. For the Event Source, follow the following steps:

Rule That Triggers on an Event

  • Select Event Pattern, then create an event trend to correlate events by services.
  • Under Service Name, select the services which produce the event that will cause the rules to be triggered.
  • Under Event Type, select the precise event which will set off the rules. If AWS API Calling through CloudTrail is indeed the sole choice, the chosen services don't generate events and you may primarily build rules upon API calls made towards these services. 
  • You may see choices for Any... and Specific.... based on the services sending the event. Pick Any... for the events activate regardless of the chosen event kinds, or Select... to select one or even more particular event categories.

Rule That Triggers on an Event

  1. In the Targets section, click Add Target and pick the AWS services that will be triggered whenever an event of the chosen kind is identified.

Rule That Triggers on an Event

  1. Fill in whatever parameters inside this section with data particular to this target type.

Rule That Triggers on an Event

  1. AWS CloudWatch Events requires authorization to transmit events to numerous target categories. CloudWatch Events may establish the IAM role required for the event to operate in such cases:
    • Select Make a new role for this given resource to automatically generate an IAM role.
    • Select Utilize existing role to utilize an IAM role that you've already generated.
  2. Steps were repeated 4-6 if you want to add a target to this rule.
  3. Select Configure details. Fill up the blanks with the rule's title and summary.

Rule That Triggers on an Event

  1. Select Create rules.

Rule That Triggers on an Event

Creating a Rule That Triggers on an AWS API Call Via CloudTrail

  1. To access the AWS CloudWatch click on.

Rule That Triggers on an AWS API Call Via CloudTrail

  1. Select Events and then Create a rule from the navigation pane as shown in the image.

Rule That Triggers on an AWS API Call Via CloudTrail

  1. For the Event Source, follow the following steps:

Rule That Triggers on an AWS API Call Via CloudTrail

  • Select Event Pattern, then create an event trend to correlate events by services.
  • In the Service Name field, enter the name of the service that will be used as the trigger. 
  • Select AWS API Call via CloudTrail as the Event Type. 
  • Choose Any operation to have your rule triggered whenever any API activity for this service is called. Select Specific operation(s), put the name of an operation in the next box, and then hit ENTER to trigger your rule only when specified API activities are invoked. Select + to add additional operations.

Rule That Triggers on an AWS API Call Via CloudTrail

  1. In the Targets section, click Add Target and pick the AWS service that will be triggered when an event of the chosen kind is detected.

Rule That Triggers on an AWS API Call Via CloudTrail

  1. Fill in any additional fields in this section with information particular to this target type.

Rule That Triggers on an AWS API Call Via CloudTrail

  1. CloudWatch Events need the authorization to transmit events to numerous target types. CloudWatch Events may establish the IAM role required for your event to operate in these cases:
    • Select Generate a new role for this specific resource to automatically create an IAM role.
    • Choose to Utilize the existing role to use an IAM role that you already generated.

Rule That Triggers on an AWS API Call Via CloudTrail

  1. Steps were repeated 4-6 if you want to add a target to this rule.
  2. Select Configure details. Fill up the blanks with the rule's title and summary.

Rule That Triggers on an AWS API Call Via CloudTrail

  1. Select Create rules.

Rule That Triggers on an AWS API Call Via CloudTrail

Creating a Rule That Triggers on a Schedule

  1. Go to https://console.aws.amazon.com/cloudwatch/ to access the CloudWatch console.

Rule That Triggers on a Schedule

  1. Select Events, and Create rule from the navigation pane.

Rule That Triggers on a Schedule

  1. Select Schedule as the event source.

Rule That Triggers on a Schedule

  1. Select the Fixed rate and state how frequently the job should run, or select Cron expression and give a cron expression defining when the task should be initiated.

Rule That Triggers on a Schedule

  1. In the Targets section, choose Add Target and then pick the AWS service that will be triggered when an event of the chosen kind is detected.

Rule That Triggers on a Schedule

  1. Fill in any additional fields in this section with information particular to this target type.
  2. To broadcast events to numerous target types, CloudWatch Events requires permissions. CloudWatch Events may establish the IAM role required for your event to operate in these cases:
    • Select Generate a new role for this specific resource to automatically create an IAM role.
    • Select Utilize existing role to use an IAM role that you already generated.
  3. Repeat steps 5-7 if you want to add another target to this rule.
  4. Select Configure details. Fill up the blanks with the rule's name and description.

Rule That Triggers on a Schedule

  1. Select Create rule.

Rule That Triggers on a Schedule

Deleting or Disabling a Rule

To remove or deactivate a CloudWatch Events rule, follow the steps below.

How to Remove or Deactivate a Rule:

Deleting or Disabling a Rule

  • Select Rules from the navigation pane.
  • Managed rules are identified by a box icon beside their names.

Deleting or Disabling a Rule

  • Complete any of the following:
    • For deleting the rules, click on the button next to it and then select Action then to Delete on Delete. If somehow the rule is managed, then one should type its name to accept that it is a managed rule and also that removing it may cause functionalities in the services that originated the rule to cease. To proceed, input the rule's name and select Force deletion.
    • To momentarily deactivate a rule, pick the rule's icon and select Actions to  Disable on Disable.

Restrictions

  • The targets associated with a rule must be located within the same Region as the policy. Some target kinds may not be available in all regions.
  • Only the AWS Management Dashboard supports the creation of rules using built-in targets.
  • If you construct a rule with just an encoded AWS SQS queue as a goal, the KMS major policy must contain the following part. It enables the events to be sent to the encryption queues properly.

AWS CloudWatch Events have been used in combination with the various services:

  • AWS CloudTrail allows you to track calls to the AWS CloudWatch Events API for the accounts, such as those performed by Management Console, AWS Command Line Interface, as well as other programs. CloudWatch Events publishes log files to the S3 bucket if CloudTrail monitoring is enabled. Based on the number of operations that are taken to fulfil a request, every log file includes more than one record. 

  • AWS CloudFormation allows users to design and configure Aws services. You construct a template that outlines the AWS resource that you require, and CloudFormation handles the deployment and configuration. CloudWatch Events rules may be used in the CloudFormation template.

  • AWS Config allows you to record modifications to the AWS resources setting. This covers why resources link to each other and how they have been previously designed, allowing you to understand how configuration and associations change over time. You may also use AWS Configuration rules to see if the resources comply with your group's regulations.

  • AWS IAM enables users to safely govern their clients' accessibility to Aws services. IAM may be used to govern who really can access their Aws services (authorization), what services users can access, and how they have access to those (authorization).

  • AWS Kinesis Data Streams offers near-constant data input and aggregation. IT infrastructure logging data, server logs, social networking sites, trade data feeds, and online click-stream data are all utilized. Processing is often lightweight since the reaction time for data input and execution is in real-time

  • AWS Lambda allows you to create apps that adapt swiftly to fresh data. Publish the application's code in the form of a Lambda function that will run on high-availability computing architecture. Lambda handles all computing resources management, including that server and OS maintenance, capacities provision, automated scalability, program and vulnerability patch installation, and code debugging and monitoring.

Amazon CloudWatch Events vs Alarms

No.Amazon CloudWatch EventsAmazon CloudWatch Alarms
1.Amazon CloudWatch Events provides a near-real-time stream of system events describing changes to Amazon Web Services (AWS) resources.CloudWatch Alarm may be set to monitor a single CloudWatch statistic or the output of math expressions based on CloudWatch data.
2.Once it is created, a regular CloudWatch event is fired. When it is a scheduled event, it is activated at the specified time. When you create rules that execute an action for such an event, that action is indeed executed, exactly like an alarming activity.A CloudWatch alert monitors a metric for a set period and triggers if it surpasses or falls under a level you specify. If you specified a response for the alarm, it also is carried out.
3.As event rule targets, AWS CloudWatch Events is connected with hundreds of AWS services. For example, trigger an AWS Lambda function, run the script on the AWS EC2 instance, use an SSM automation documentation to accomplish anything else, and also can use third-party apps as event targets on AWS CloudWatch Events.The AWS CloudWatch alarm, on the other hand, has a restricted set of action types. You may post to an SNS subject, conduct EC2 operations like halting, halting, booting, or restoring an EC2 instance, or manage an EC2 Auto Scaling cluster.
4.In the CloudWatch alarms, users may create event rules for state transitions. Alarms send CloudWatch Events state change alerts. If you think of an alarm's trigger as an event, you may respond to it in near real-time. Of all, these are extremely useful for automating your reactions when issues emerge.However, CloudWatch alerts may also be used as a proactive mechanism to avoid certain occurrences from happening. The most typical situation in which CloudWatch alerts are used is while growing their EC2 auto-scaling group.
5.CloudWatch Events enables you to trigger a variety of events depending on a predefined schedule or an event in our AWS account. For example, suppose you want to send an SNS message every time an individual login into the Aws Management console.CloudWatch Alarms gathers common metrics from your instances, S3 buckets, and nearly all AWS services. You can define a threshold that will cause an action to be taken. For example, if the number of items in your S3 bucket exceeds 100, invoke a Lambda function to handle the objects
6.You may match events and channel them to one or even more destination functions or streams using basic rules that are easy to set up. CloudWatch Events detects operational changes as they happen. An AWS EC2 activity, an EC2 Auto Scaling action, or a notice delivered to an Amazon SNS topic can be used as the action.Depending on the value of a metric or expression compared to a threshold across several periods, the alert takes one or more actions.

Conclusion

  • AWS CloudWatch Events enables you to trigger a variety of events based on a specific schedule or an event in your AWS account. For example, suppose you want to send an SNS notification every time a user logs into the AWS Console.
  • When an AWS CloudWatch Event is produced, it is triggered. If it is a scheduled event, it is activated at the specified time.
  • You can set up the AWS account to send or receive events from other AWS accounts. This is advantageous if the accounts are from the same organization or from companies that collaborate or have a tight relationship.
  • When it is created, a standard CloudWatch event is triggered. It is activated at the stated time when it is a scheduled event.