By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EventBridge alerts not working with Service Catalog

0

Attempted to implment EventBridge alerts that triggers an SNS notification whenever an event from Service Catalog (SC) is received/occurs. I tried the following event rules and patterns in terraform:

resource "aws_cloudwatch_event_rule" "servicecatalog_event_rule" {
  name        = "servicecatalog-rule"
  description = "Event rule to trigger SNS topic on Service Catalog events"

  event_pattern = <<EOF
  {
    "source": ["aws.servicecatalog"]
  }
  EOF
}

Pattern 2: API calls through CloudTrail (found this on the AWS management console).

{
  "source": ["aws.servicecatalog"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["servicecatalog.amazonaws.com"]
  }
}

SNS topic is also attached to a resource-based policy. This policy worked for CodePipeline events and ECS events. I am not sure if this is enough for Service Catalog or if it needs more access:

resource "aws_sns_topic_policy" "servicecatalog_topic_policy" {
  arn = aws_sns_topic.servicecatalog_sns_topic.arn

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sns:Publish",
      "Resource": "${aws_sns_topic.servicecatalog_sns_topic.arn}"
    
    }
  ]
}
EOF
}

I have genereated test events by doing actions in Service Catalog but the SNS was not still getting triggered in any of the attempts. Am I missing something? Does the policy need more access or is this an issue with Service catalog? Thanks, appreciate any help.

Topics
ServerlessApplication IntegrationManagement & Governance
Tags
Amazon EventBridgeAmazon Simple Notification Service (SNS)AWS Service Catalog
Language
English
Mihir Gosai
asked 9 months ago328 views
2 Answers
0

Which actions are you doing in Service Catalog?

 "detail-type": ["AWS API Call via CloudTrail"]  will trigger the alert, only this action

More about CloudTrail events is here: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html

profile picture
myronix88
answered 9 months ago
  • Mihir Gosai
    9 months ago

    Random actions such as creating portfolio, provisioning product, etc. Interacting with Service Catalog in any way generates these events and I can see them in Event Histroy in CloudTrail.

0

Hi,

The event pattern for Cloud trail API - service catalog event has to be changed to below for the event bridge rule.

{
  "source": ["aws.servicecatalog"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["servicecatalog-appregistry.amazonaws.com"]
  }
}

If you want to restrict the event to any specific event name under action you can add the entry under "details" Json object.

The detailed event Json object/pattern for Cloud trail- Service catalog can be found here below section - "Understanding AWS Service Catalog log file entries"

Manoj Kumar S
answered 9 months ago
  • Mihir Gosai
    8 months ago

    Hi, thanks for your response. I tried this but unfortunately, it did not work either. I belive this checks for Service Catalog AppRegistry events which I am not configuring SNS for, this event notification is Service Catalog events. Thanks

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content