Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

EventBridge alerts not working with Service Catalog

0

Attempted to implment EventBridge alerts that triggers an SNS notification whenever an event from Service Catalog (SC) is received/occurs. I tried the following event rules and patterns in terraform:

resource "aws_cloudwatch_event_rule" "servicecatalog_event_rule" {
  name        = "servicecatalog-rule"
  description = "Event rule to trigger SNS topic on Service Catalog events"

  event_pattern = <<EOF
  {
    "source": ["aws.servicecatalog"]
  }
  EOF
}

Pattern 2: API calls through CloudTrail (found this on the AWS management console).

{
  "source": ["aws.servicecatalog"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["servicecatalog.amazonaws.com"]
  }
}

SNS topic is also attached to a resource-based policy. This policy worked for CodePipeline events and ECS events. I am not sure if this is enough for Service Catalog or if it needs more access:

resource "aws_sns_topic_policy" "servicecatalog_topic_policy" {
  arn = aws_sns_topic.servicecatalog_sns_topic.arn

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sns:Publish",
      "Resource": "${aws_sns_topic.servicecatalog_sns_topic.arn}"
    
    }
  ]
}
EOF
}

I have genereated test events by doing actions in Service Catalog but the SNS was not still getting triggered in any of the attempts. Am I missing something? Does the policy need more access or is this an issue with Service catalog? Thanks, appreciate any help.

Themen
ServerlosAnwendungsintegrationManagement & Unternehmensführung
Tags
Amazon EventBridgeAmazon Simple Notification Service (SNS)AWS Service Catalog
Sprache
English
Mihir Gosai
gefragt vor 9 Monaten340 Aufrufe
2 Antworten
0

Which actions are you doing in Service Catalog?

 "detail-type": ["AWS API Call via CloudTrail"]  will trigger the alert, only this action

More about CloudTrail events is here: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html

profile picture
myronix88
beantwortet vor 9 Monaten
  • Mihir Gosai
    vor 9 Monaten

    Random actions such as creating portfolio, provisioning product, etc. Interacting with Service Catalog in any way generates these events and I can see them in Event Histroy in CloudTrail.

0

Hi,

The event pattern for Cloud trail API - service catalog event has to be changed to below for the event bridge rule.

{
  "source": ["aws.servicecatalog"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["servicecatalog-appregistry.amazonaws.com"]
  }
}

If you want to restrict the event to any specific event name under action you can add the entry under "details" Json object.

The detailed event Json object/pattern for Cloud trail- Service catalog can be found here below section - "Understanding AWS Service Catalog log file entries"

Manoj Kumar S
beantwortet vor 9 Monaten
  • Mihir Gosai
    vor 9 Monaten

    Hi, thanks for your response. I tried this but unfortunately, it did not work either. I belive this checks for Service Catalog AppRegistry events which I am not configuring SNS for, this event notification is Service Catalog events. Thanks

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt