This article shows how to configure logging of your AWS Health events in JSON to a CloudWatch log group. New events appear in your log group which you can use for reference when building and testing event patterns to match.
When you notice an event in your AWS Health Dashboard and want to create a notifications for similar events using AWS User Notifications, how do you get started? For instance, you want to match service issue events for AWS Lambda similar to one you see in the AWS Health Dashboard. and want to confirm the properties of the event you received so you can configure a filter to match them.
When you are getting started creating filters, it is helpful to understand the Health event schema and also to have the Health event JSON available when creating and testing your filters. By following these steps, you will configure a CloudWatch log group and an Amazon EventBridge rule to store new Health events. Then, when you receive a new Health event and want to view the event JSON, you can refer to your CloudWatch log group for a copy. Using this copy in the EventBridge Sandbox, you can create and test your filter, confirm it matches events, and use it as a advanced filter for AWS User Notifications or in EventBridge rules.
For example, with this configuration in place, you could retrieve the Health event JSON for the event displayed in the dashboard.
{
"version": "0",
"id": "6b4676f6-a16a-5532-3178-fc7bbda2a6f9",
"detail-type": "AWS Health Event",
"source": "aws.health",
"account": "685569933008",
"time": "2024-09-04T19:11:59Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventArn": "arn:aws:health:us-east-1::event/LAMBDA/AWS_LAMBDA_INVOKE_ISSUE/AWS_LAMBDA_INVOKE_ISSUE_844eec7a-8ccc-5cc1-83c6-bffbf55e3fdf",
"service": "LAMBDA",
"eventTypeCode": "AWS_LAMBDA_INVOKE_ISSUE",
"eventTypeCategory": "issue",
"eventScopeCode": "ACCOUNT_SPECIFIC",
"communicationId": "9d958ea13ecd72fddea5d57b5367b968bb798f45-1",
"startTime": "Wed, 4 Sep 2024 16:46:00 GMT",
"endTime": "Wed, 4 Sep 2024 17:53:00 GMT",
"lastUpdatedTime": "Wed, 4 Sep 2024 18:31:58 GMT",
"statusCode": "closed",
"eventRegion": "us-east-1",
"eventDescription": [{
"language": "en_US",
"latestDescription": "[11:13 AM PDT] We are investigating increased invoke error rates in the US-EAST-1 Region.\n\n[11:31 AM PDT] Between 9:46 AM and 10:53 AM PDT, we experienced increased invoke error rates in the US-EAST-1 Region. Our engineering teams were automatically engaged to investigate this issue at 9:58 AM. At 10:14 AM we had identified the root cause of the issue and completed the deployment of mitigations at 10:28 AM, with full recovery observed at 10:53 AM. We can confirm that during this issue, retries would have succeeded. The issue has been resolved and the service is operating normally."
}],
"affectedEntities": [],
"affectedAccount": "048122297024",
"page": "1",
"totalPages": "1"
}
}
Walkthrough - Logging AWS Health events using CloudWatch Logs
Step 1: Create a CloudWatch Log group
Note: If you have a log group already created for this purpose, continue to Step 2: Create an EventBridge rule
-
Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
-
In the navigation pane, choose Log groups.
-
Choose Actions, and then choose Create log group.
-
Enter a name for the log group. For example: /aws/events/AWSHealthEvents
. (ensure your log group includes the prefix /aws/events/
)
-
Choose a Retention setting (example: 1 month)
-
Choose Create log group.
Step 2: Create an EventBridge Rule
Define the rule
-
Open the Amazon EventBridge console at https://console.aws.amazon.com/events/.
-
In the navigation pane, choose Rules.
-
Choose Create rule.
-
Enter a Name (example: Send-AWS-Health-events-to-CloudWatch)
-
For Event bus, choose default. When an AWS Health emits an event, it always goes to your account’s default event bus.
-
For Rule type, choose Rule with an event pattern.
Specify the event pattern
- Scroll down to Event pattern and choose Edit pattern
- Enter the following in the Event pattern box
{
"source": ["aws.health"]
}
- Select Next
Select targets
- For Select a target, choose CloudWatch log group
- Choose your log group from the list.
- Choose Next
Configure tags and review rule
- On the Configure tags screen you can optionally add tags, then choose Next
- On the Review and create screen, choose Create rule
Step 3: View your Health events in CloudWatch Logs
Since you just completed the configuration, your log group will be empty. As new events appear, you can view them in CloudWatch logs.
-
Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
-
In the navigation pane, choose Log groups.
-
For Log Groups, choose the name of your log group
-
Select Search log group
The AWS Health events in the log group are displayed
-
Expand the log entry to display the event JSON. An individual entry is displayed for each update to the event. Note the event first being open with a brief description, then closed with an expanded description.
CloudWatch logs also allows searching for matching terms in JSON log events. For instance {$.detail.service = "LAMBDA"}
matches Health events for AWS Lambda
You can now use these events with the EventBridge Sandbox to create and test filters for use with AWS User Notifications and EventBridge rules. To explore this topic, refer to How to create and test AWS Health event advanced filters for AWS User Notifications
CLEANUP
If you want to stop logging events and avoid incurring unintended charges, proceed with the following steps to clean up the resources you created in this tutorial:
Remove the EventBridge rule
- Open the Amazon EventBridge console at https://console.aws.amazon.com/events/.
- In the navigation pane, choose Rules.
- Choose the rule you created
- Choose Delete.
- Type delete in the text field and choose Delete
Remove the CloudWatch log group
- Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
- In the navigation pane, choose Log groups.
- Choose the log group you created.
- Choose Actions then choose Delete log group.
- Confirm the log group name is correct and choose Delete.