By using AWS re:Post, you agree to the Terms of Use

CloudWatch Rule for ECR "PutImage" event not triggering CodePipeline

0

Hello -
I have not been able to automatically trigger a CodePipeline when a particular ECR "PutImage" event is generated.

Scenario: I have a working CodeBuild project that generates an ECR image successfully and I would like that event (PutImage) to trigger CodePipeline for deployment. The flow works perfectly if I Release the CodePipeline manually. The ECR image is generated correctly, CloudTrail indicates the PutImage event was generated correctly, but for some reason the CloudWatch Rule is not picking up the event and triggering CodePipeline.

I have referenced the following forums:
https://forums.aws.amazon.com/thread.jspa?messageID=890694
https://forums.aws.amazon.com/thread.jspa?messageID=908140

As well as the documentation:
https://docs.aws.amazon.com/codepipeline/latest/userguide/create-cwe-ecr-source-console.html

But it does not work. My CloudWatch rule is as follows:
{
"source": [
"aws.ecr"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ecr.amazonaws.com"
],
"requestParameters": {
"repositoryName": [
"repo-name"
],
"imageTag": [
"latest"
]
},
"eventName": [
"PutImage"
]
}
}

The recorded CloudTrail event looks like this (short snippet):
"responseElements": {
"image": {
"registryId": "xxxxxxxxxxxxxx",
"repositoryName": "repo-name",
"imageId": {
"imageDigest": "sha256:xxxxxxxxxxxxxxxx",
"imageTag": "latest"
},
"imageManifest": "xxxxxxxxxxxxxxxx"
}
}

Appreciate any help. Thanks

Edited by: rosarifj on Jan 12, 2020 3:17 PM

asked 3 years ago170 views
3 Answers
0

In case it can help anyone else, I was able to find my answer on this forum:
https://www.reddit.com/r/aws/comments/cdgi9y/ecr_putimage_cloudwatch_event_rule_codepipeline/

General things to check:

  1. Check if CloudTrail has been enabled for the region. If yes, for what event types is it enabled for? Ensure that it logs 'All' event types, not 'Read' or 'Write' events alone.

  2. Check the CloudWatch metrics for the event rule. Specifically, check the 'Invocations' metric to see if it had been invoked, and if so, check 'FailedInvocations' to see if there have been failures.

My problem was in #1 above - my CloudTrail trail had "Read/Write events" set to "None" and should have been "All".

Closing this issue.

answered 3 years ago
0

Hi Amazonians,
is it required to have CloudTrail trail created in order to use ECR events for CodePipeline?

It doesn't work till you enable it.

Goran

answered 3 years ago
0

I've found a work around.
Modify your CWE rule like following

{
  "source": [
    "aws.ecr"
  ],
  "detail-type": [
    "ECR Image Action"
  ],
  "detail": {
    "action-type": [
      "PUSH"
    ],
    "repository-name": [
      "repo-name"
    ],
    "image-tag": [
      "latest"
    ]
  }
}

thanks.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions