Login Sign Up

Workflow

Login Sign Up

EventBridge to CloudWatch

Sign Up to Build

About this Architecture

Here is some information about this architecture.

The AWS architecture using EventBridge to receive incoming events is a great way to process events in a reliable and secure manner.

This architecture works by having EventBridge receive incoming events and then check if there is a match. If there is a match, EventBridge will log the event in CloudWatch. This architecture is beneficial because it allows for easy monitoring and tracking of events, as well as providing a secure and reliable way to process events.

Additionally, CloudWatch can be used to set up alarms and notifications for when certain events occur.

How to Build This Solution

Here are the steps you can follow to build this solution on your own.

Here are the steps needed to build this architecture.

Get Your AWS Credentials

If you're using the Skillmix Labs feature, open the lab settings (the beaker icon) on the right side of the code editor. Then, click the Start Lab button to start hte lab environment.

Wait for the credentials to load. Then run this in the terminal:

$ aws configure --profile smx-lab
AWS Access Key ID [None]: AKIA3E3W34P42CSHXDH5
AWS Secret Access Key [None]: vTmqpOqefgJfse8i6QwzgpjgswPjHZ6h/oiQq4zf
Default region name [None]: us-west-2
Default output format [None]: json

Be sure to name your credentials profile 'smx-lab'.

Note: If you're using your own AWS account you'll need to ensure that you've created and configured a named AWS CLI profile named smx-lab.

Create the Terraform File

We'll be doing all of our work in one Terraform file. Create a new directory on your computer somewhere, and then create a file named main.tf in it.

Create the Terraform & Provider Block

Next, we will create a Terraform configuration that will allow us to use the AWS provider. This configuration will require us to specify the version of the AWS provider that we want to use, as well as the version of Terraform that we are using. We will also specify the AWS profile and region that we want to use. This code will ensure that the correct versions of Terraform and the AWS provider are used, and that the AWS provider is configured correctly.

Append this code to the main.tf file:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.27"
    }
  }

  required_version = ">= 0.14.9"
}

provider "aws" {
  profile = "smx-lab"
  region  = "us-west-2"
}

Create the Data Resource

Next, we will create a data source that will allow us to access information about the current AWS caller identity. This data source is created using the data "aws_caller_identity" "current" {} Terraform code. This code will allow us to access information such as the AWS account ID, user ID, and ARN of the current caller identity. This data source can be used to create resources that are specific to the current caller identity.

Append this code to the main.tf file:

data "aws_caller_identity" "current" {}

Create the CloudWatch Log Group Resource

Next, we will create an AWS CloudWatch Log Group. This code will create a log group with the name prefix "/aws/events/terraform". This log group will be used to store log events related to Terraform, such as when Terraform is run, when resources are created or destroyed, and other related events.

Append this code to the main.tf file:

resource "aws_cloudwatch_log_group" "MyLogGroup" {
  name_prefix = "/aws/events/terraform"
}

Create the CloudWatch Log Resource Policy

Next, we will create an AWS CloudWatch Log Resource Policy. This policy will allow the services 'events.amazonaws.com' and 'delivery.logs.amazonaws.com' to create log streams and put log events in the log group specified in the 'Resource' field. The 'Condition' field ensures that the source of the log events is the CloudWatch Event Rule specified in the 'aws:SourceArn' field.

Append this code to the main.tf file:

resource "aws_cloudwatch_log_resource_policy" "MyCloudWatchLogPolicy" {
  policy_name     = "Terraform-CloudWatchLogPolicy-${data.aws_caller_identity.current.account_id}"
  policy_document = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "CWLogsPolicy",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [ 
          "events.amazonaws.com",
          "delivery.logs.amazonaws.com"
          ]
      },
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents"
        ],
      "Resource": "${aws_cloudwatch_log_group.MyLogGroup.arn}",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "${aws_cloudwatch_event_rule.MyEventRule.arn}"
        }
      }
    }
  ]
}
POLICY  
}

Create the EventBridge (CloudWatch) Event Rule Resource

Next, we will create an AWS CloudWatch Event Rule. This rule will be used to trigger an action when certain conditions are met. The code above defines the event pattern for the rule, which specifies the account and source that will be monitored for events. The account is set to the current account ID, and the source is set to "demo.logs". This rule will be used to trigger an action when an event is detected from the specified account and source.

Append this code to the main.tf file:

resource "aws_cloudwatch_event_rule" "MyEventRule" {
  event_pattern = <<PATTERN
{
  "account": ["${data.aws_caller_identity.current.account_id}"],
  "source": ["demo.logs"]
}
PATTERN
}

Create the Event Target Resource

Next, we will create an AWS CloudWatch Event Target. This code will create a target for the CloudWatch Event Rule that we created in the previous step. The target will be associated with the Amazon Resource Name (ARN) of the CloudWatch Log Group that we created. This will allow us to send events from the CloudWatch Event Rule to the CloudWatch Log Group.

Append this code to the main.tf file:

resource "aws_cloudwatch_event_target" "MyRuleTarget" {
  rule = aws_cloudwatch_event_rule.MyEventRule.name
  arn  = aws_cloudwatch_log_group.MyLogGroup.arn
}

Create the Terraform Output

Let's output the name of the log group. Append this code to the main.tf file:

output "CW-Logs-Stream-Name" {
  value       = aws_cloudwatch_log_group.MyLogGroup.id
  description = "The CloudWatch Log Group Name"
}

Deploying the Project

Now that we have all of our code written, we can deploy the project. Open a terminal, navigate to the project, and run these commands.

# initialize the project 
$ terraform init 

# plan the project 
$ terraform plan 

# apply the project 
$ terraform apply

Add the Event File

To test our solution we need a file named event.json in our project directory. In your working directory, create a file named event.json and add this text:

[
  {
    "DetailType": "message",
    "Source": "demo.logs",
    "Detail": "{\"message\":\"Hello From EventBridge!\"}"
  }
]

Testing the Solution

We will test this solution using the AWS CLI. If you don't have that installed, go do that now and come back.

To test the solution, enter this command. Note that the --profile should be your named AWS CLI profile.

$ aws events put-events --entries file://event.json --profile smx-lab

Source

This project was sourced from the AWS Repo: https://github.com/aws-samples/serverless-patterns