By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can we trigger AWS Cloudwatch event bridge from AWS config aggregator?

0

We are trying to trigger a lambda when certain AWS Config rules are breached. Currently, we have linked AWS Config with AWS Cloudwatch event bridge and this triggers the lambda on any rule breach.

This works great for a single region, but for multiple regions, we will have to set up AWS config rules in that region and an event bridge integration, and a lambda handler in that region as well. This is a lot of additional setups to extend this trigger to multiple regions.

So, we set up an AWS Config aggregator which collects AWS config rule breaches from all regions and accounts and consolidates them in one place. If we can set up an AWS Cloudwatch event bridge trigger on the AWS Config Aggregator, it will solve our problem. I could not find anything regarding this.

Also, if there is any other way to solve this problem, please let us know. Any input is greatly appreciated. Thanks.

Topics
Management & GovernanceServerlessApplication Integration
Tags
AWS ConfigAmazon EventBridgeAmazon CloudWatch
Language
English
AWS-User-0150913
asked 2 years ago1129 views
3 Answers
0

Hello,

Unfortunately, the there is no integration in place yet between AWS Config Aggregator feature and AWS CloudWatch event rules. The reason for this is the AWS Config Aggregator feature is supporting Multi-account & Multi-region. However, AWS CloudWatch service (event rules) is a regional service. Therefore, at the moment we can't build Cloudwatch event rule based on the aggregated data received from multi-account & multi-region. Hence, as of now there is no out of the box solution.

However that there is an existing feature request in place for this functionality of including CloudWatch Event Delivery along with the Config Aggregation, As is the case with all feature requests, the internal team takes them seriously and evaluates every request, but we are unable to share any rough ETA for delivering this feature as inclusion of any new feature needs rigorous testing and shall be prioritized along with the team's additional workload. However, any new announcements will be made in our What's New page What's New page [https://aws.amazon.com/new/] and our Official Blog [https://aws.amazon.com/blogs/aws/].

AWS
SUPPORT ENGINEER
AWS-User-6158549
answered 2 years ago
  • victoria b
    2 years ago

    Hello AWS-User-6158549. Could it worked if the eventbridge rule is created in every region but only in one account with the config aggregator?

0

any update about this topic?

aortega
answered a year ago
0

Today, EventBridge Rules can only match on events published in the same account.

However, you can set as a target of that Rule an Event Bus in another account.

Meaning, you should be able to create rules that match events in each accounts where they're occurring, then route them to a central account and event bus, then process them all there.

AWS
NikPinski-AWSEventBridge
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content