Skillmix Logo
Workflow
Login Sign Up

EventBridge to CloudWatch

Interactive Mode

About this Architecture

Here is some information about this architecture.

The AWS architecture using EventBridge to receive incoming events is a great way to process events in a reliable and secure manner.

This architecture works by having EventBridge receive incoming events and then check if there is a match. If there is a match, EventBridge will log the event in CloudWatch. This architecture is beneficial because it allows for easy monitoring and tracking of events, as well as providing a secure and reliable way to process events.

Additionally, CloudWatch can be used to set up alarms and notifications for when certain events occur.

How to Build This Solution

Here are the steps you can follow to build this solution on your own.

Here are the steps needed to build this architecture.

If you're using the Skillmix lab feature, here are the instructions to follow:

Start the Lab

On the right sidebar, click on the Lab button to open the lab environment window. When the sidebar opens, click on the Start Lab button. Wait for all of the credentials to appear.

Configure the AWS CLI Profile

Once the lab credentials are ready, you can configure the AWS CLI profile. Here is how you can do it on various operating systems.

  • Linux/Mac: open this file with a text editor ~/.aws/credentials

  • Windows: open this file with a text editor %USERPROFILE%.aws credentials

Once you have the file open, add this profile to it. Use the keys from the lab session you started.

# ...other profiles

[smx-lab]
aws_access_key_id=<lab access key>
aws_secret_access_key=<lab secret key>

Create the Terraform File

We'll be doing all of our work in one Terraform file. Create a new directory on your computer somewhere, and then create a file named main.tf in it.

Create the Terraform & Provider Block

Next, we will create a Terraform configuration that will allow us to use the AWS provider. This configuration will require us to specify the version of the AWS provider that we want to use, as well as the version of Terraform that we are using. We will also specify the AWS profile and region that we want to use. This code will ensure that the correct versions of Terraform and the AWS provider are used, and that the AWS provider is configured correctly.

Append this code to the main.tf file:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.27"
    }
  }

  required_version = ">= 0.14.9"
}

provider "aws" {
  profile = "smx-lab"
  region  = "us-west-2"
}

Create the Data Resource

Next, we will create a data source that will allow us to access information about the current AWS caller identity. This data source is created using the data "aws_caller_identity" "current" {} Terraform code. This code will allow us to access information such as the AWS account ID, user ID, and ARN of the current caller identity. This data source can be used to create resources that are specific to the current caller identity.

Append this code to the main.tf file:

data "aws_caller_identity" "current" {}

Create the CloudWatch Log Group Resource

Next, we will create an AWS CloudWatch Log Group. This code will create a log group with the name prefix "/aws/events/terraform". This log group will be used to store log events related to Terraform, such as when Terraform is run, when resources are created or destroyed, and other related events.

Append this code to the main.tf file:

resource "aws_cloudwatch_log_group" "MyLogGroup" {
  name_prefix = "/aws/events/terraform"
}

Create the CloudWatch Log Resource Policy

Next, we will create an AWS CloudWatch Log Resource Policy. This policy will allow the services 'events.amazonaws.com' and 'delivery.logs.amazonaws.com' to create log streams and put log events in the log group specified in the 'Resource' field. The 'Condition' field ensures that the source of the log events is the CloudWatch Event Rule specified in the 'aws:SourceArn' field.

Append this code to the main.tf file:

resource "aws_cloudwatch_log_resource_policy" "MyCloudWatchLogPolicy" {
  policy_name     = "Terraform-CloudWatchLogPolicy-${data.aws_caller_identity.current.account_id}"
  policy_document = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "CWLogsPolicy",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [ 
          "events.amazonaws.com",
          "delivery.logs.amazonaws.com"
          ]
      },
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents"
        ],
      "Resource": "${aws_cloudwatch_log_group.MyLogGroup.arn}",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "${aws_cloudwatch_event_rule.MyEventRule.arn}"
        }
      }
    }
  ]
}
POLICY  
}

Create the EventBridge (CloudWatch) Event Rule Resource

Next, we will create an AWS CloudWatch Event Rule. This rule will be used to trigger an action when certain conditions are met. The code above defines the event pattern for the rule, which specifies the account and source that will be monitored for events. The account is set to the current account ID, and the source is set to "demo.logs". This rule will be used to trigger an action when an event is detected from the specified account and source.

Append this code to the main.tf file:

resource "aws_cloudwatch_event_rule" "MyEventRule" {
  event_pattern = <<PATTERN
{
  "account": ["${data.aws_caller_identity.current.account_id}"],
  "source": ["demo.logs"]
}
PATTERN
}

Create the Event Target Resource

Next, we will create an AWS CloudWatch Event Target. This code will create a target for the CloudWatch Event Rule that we created in the previous step. The target will be associated with the Amazon Resource Name (ARN) of the CloudWatch Log Group that we created. This will allow us to send events from the CloudWatch Event Rule to the CloudWatch Log Group.

Append this code to the main.tf file:

resource "aws_cloudwatch_event_target" "MyRuleTarget" {
  rule = aws_cloudwatch_event_rule.MyEventRule.name
  arn  = aws_cloudwatch_log_group.MyLogGroup.arn
}

Create the Terraform Output

Let's output the name of the log group. Append this code to the main.tf file:

output "CW-Logs-Stream-Name" {
  value       = aws_cloudwatch_log_group.MyLogGroup.id
  description = "The CloudWatch Log Group Name"
}

Deploying the Project

Now that we have all of our code written, we can deploy the project. Open a terminal, navigate to the project, and run these commands.

# initialize the project 
$ terraform init 

# plan the project 
$ terraform plan 

# apply the project 
$ terraform apply

Add the Event File

To test our solution we need a file named event.json in our project directory. In your working directory, create a file named event.json and add this text:

[
  {
    "DetailType": "message",
    "Source": "demo.logs",
    "Detail": "{\"message\":\"Hello From EventBridge!\"}"
  }
]

Testing the Solution

We will test this solution using the AWS CLI. If you don't have that installed, go do that now and come back.

To test the solution, enter this command. Note that the --profile should be your named AWS CLI profile.

$ aws events put-events --entries file://event.json --profile smx-lab

Source

This project was sourced from the AWS Repo: https://github.com/aws-samples/serverless-patterns