Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

CloudWatch Rule for ECR "PutImage" event not triggering CodePipeline

0

Hello -
I have not been able to automatically trigger a CodePipeline when a particular ECR "PutImage" event is generated.

Scenario: I have a working CodeBuild project that generates an ECR image successfully and I would like that event (PutImage) to trigger CodePipeline for deployment. The flow works perfectly if I Release the CodePipeline manually. The ECR image is generated correctly, CloudTrail indicates the PutImage event was generated correctly, but for some reason the CloudWatch Rule is not picking up the event and triggering CodePipeline.

I have referenced the following forums:
https://forums.aws.amazon.com/thread.jspa?messageID=890694
https://forums.aws.amazon.com/thread.jspa?messageID=908140

As well as the documentation:
https://docs.aws.amazon.com/codepipeline/latest/userguide/create-cwe-ecr-source-console.html

But it does not work. My CloudWatch rule is as follows:
{
"source": [
"aws.ecr"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ecr.amazonaws.com"
],
"requestParameters": {
"repositoryName": [
"repo-name"
],
"imageTag": [
"latest"
]
},
"eventName": [
"PutImage"
]
}
}

The recorded CloudTrail event looks like this (short snippet):
"responseElements": {
"image": {
"registryId": "xxxxxxxxxxxxxx",
"repositoryName": "repo-name",
"imageId": {
"imageDigest": "sha256:xxxxxxxxxxxxxxxx",
"imageTag": "latest"
},
"imageManifest": "xxxxxxxxxxxxxxxx"
}
}

Appreciate any help. Thanks

Edited by: rosarifj on Jan 12, 2020 3:17 PM

Temas
Gestión y gobierno
Etiquetas
Amazon CloudWatch
Idioma
English
rosarifj
preguntada hace 4 años1051 visualizaciones
3 Respuestas
1

In case it can help anyone else, I was able to find my answer on this forum:
https://www.reddit.com/r/aws/comments/cdgi9y/ecr_putimage_cloudwatch_event_rule_codepipeline/

General things to check:

  1. Check if CloudTrail has been enabled for the region. If yes, for what event types is it enabled for? Ensure that it logs 'All' event types, not 'Read' or 'Write' events alone.

  2. Check the CloudWatch metrics for the event rule. Specifically, check the 'Invocations' metric to see if it had been invoked, and if so, check 'FailedInvocations' to see if there have been failures.

My problem was in #1 above - my CloudTrail trail had "Read/Write events" set to "None" and should have been "All".

Closing this issue.

rosarifj
respondido hace 4 años
0

Hi Amazonians,
is it required to have CloudTrail trail created in order to use ECR events for CodePipeline?

It doesn't work till you enable it.

Goran

profile picture
EXPERTO
goranopacic
respondido hace 4 años
0

I've found a work around.
Modify your CWE rule like following

{
  "source": [
    "aws.ecr"
  ],
  "detail-type": [
    "ECR Image Action"
  ],
  "detail": {
    "action-type": [
      "PUSH"
    ],
    "repository-name": [
      "repo-name"
    ],
    "image-tag": [
      "latest"
    ]
  }
}

thanks.

t-kitame
respondido hace 4 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante