Questions tagged with Amazon EventBridge
Content language: English
Sort by most recent
I tried to find a solution somewhere but didn't find a response for my case.
I already have a Compute Environment, Job Queue, and Job Definition created with the required configuration.
I can successfully submit a job manually, and it works as wanted.
My Job Queue and Compute Environment go DISABLED automatically when they are Idle, I think that's how AWS Batch works to optimize costs (maybe ?)
I configured a rule (cron) in EventBridge to submit a job (using the job queue, and job definition mentioned above), and it works fine, but I have to ENABLE manually the Compute Environment and Job Queue every time (which is not something I wanted), I thought of creating another rule in EventBridge to run a lambda function that enables my resources before submitting the job, but I think that is overengineered for such a simple task, I think I'm missing something here, can you give me suggestions, or correct me if I'm missing something in this simple use case? Thanks!
I'm trying to write an Eventbridge event rule to detect a Security Group inbound rule change which allows ingress on SSH or RDP from 0.0.0.0/0. However, I'm getting error "Event pattern is not valid" for ipRanges on below rule:
```
AWSTemplateFormatVersion: '2010-09-09'
Description: SecurityAlerting
Resources:
SGEventRuleNew:
Type: 'AWS::Events::Rule'
Properties:
Name: detect-SG-insecure-inbound
Description: An Event Rule that triggers on SG changes.
State: ENABLED
EventBusName: default
EventPattern:
source:
- aws.ec2
detail-type:
- AWS API Call via CloudTrail
detail:
eventSource:
- ec2.amazonaws.com
eventName:
- AuthorizeSecurityGroupIngress
requestParameters:
ipPermissions:
items:
- fromPort:
numeric:
- 22
- 3389
toPort:
numeric:
- 22
- 3389
ipRanges:
items:
- cidrIp:
match: 0.0.0.0/0
```
A sample event is as below:
```
{
"version": "0",
"id": "xyzxyzxyz",
"detail-type": "AWS API Call via CloudTrail",
"source": "aws.ec2",
"account": "123456789123",
"time": "2023-03-31T13:44:17Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROA:XYZ",
"arn": "arn:aws:sts::123456789123:assumed-role/XYZ",
"accountId": "123456789123",
"accessKeyId": "XYZ",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "XYZ",
"arn": "arn:aws:sts::123456789123:assumed-role/XYZ",
"accountId": "123456789123",
"userName": "XYZ"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-03-31T13:15:37Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-03-31T13:44:17Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "AuthorizeSecurityGroupIngress",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.1.1.1",
"userAgent": "AWS Internal",
"requestParameters": {
"groupId": "sg-12346789456",
"ipPermissions": {
"items": [{
"ipProtocol": "tcp",
"fromPort": 22,
"toPort": 22,
"groups": {},
"ipRanges": {
"items": [{
"cidrIp": "0.0.0.0/0"
}]
},
"ipv6Ranges": {},
"prefixListIds": {}
}]
}
},
"responseElements": {
"requestId": "546416541321654654164",
"_return": true,
"securityGroupRuleSet": {
"items": [{
"groupOwnerId": "123456789123",
"groupId": "sg-12346789456",
"securityGroupRuleId": "sg-12346789456",
"isEgress": false,
"ipProtocol": "tcp",
"fromPort": 22,
"toPort": 22,
"cidrIpv4": "0.0.0.0/0"
}]
}
},
"requestID": "546416541321654654164",
"eventID": "546416541321654654164",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "123456789123",
"eventCategory": "Management",
"sessionCredentialFromConsole": "true"
}
}
```
Please suggest how I can correct the syntax to validate the rule and match the event.
I am trying to create new connection for a new api destination for an EventBridge rule. The api destination is to a service hosted in AWS. I am trying to setup Oauth Client Credentials. I am trying to re-use credentials that are in the AWS Secrets Manager.
I keep getting the following error:
Invalid target fields. Complete all required fields for the new connection correctly.
I am not being told what field is incorrect. Is there a way to know which connection field is wrong? Is trying to re-use credentials in the secrets manager possible?
I implemented an EventBridge Scheduler to target Lambda in a VPC. I placed the Lambda in three Availability Zones. How does EventBridge determine which Lambda to call?
Hi all,
I have a lambda function that i need to run every two minutes, i am just using the AWS interface, not using Serverless.
Via EventBridge, i have defined the following trigger with cron:
*/2 * * * ? *
This does not work as expected, the function runs sporadically every hour or so at odd times.
The EventBridge console shows a correct schedule:
- Thu, 30 Mar 2023 09:32:00 UTC
- Thu, 30 Mar 2023 09:34:00 UTC
- Thu, 30 Mar 2023 09:36:00 UTC
- Thu, 30 Mar 2023 09:38:00 UTC
- Thu, 30 Mar 2023 09:40:00 UTC
- Thu, 30 Mar 2023 09:42:00 UTC
- Thu, 30 Mar 2023 09:44:00 UTC
but on CloudWatch monitor i see the function is not running as expected:
- 2023-03-30 12:06:15 (UTC+03:00)
- 2023-03-30 11:54:15 (UTC+03:00)
- 2023-03-30 09:38:40 (UTC+03:00)
- 2023-03-30 09:38:14 (UTC+03:00)
- 2023-03-30 07:38:15 (UTC+03:00)
- 2023-03-30 05:12:15 (UTC+03:00)
- 2023-03-30 03:11:17 (UTC+03:00)
Any help would be appreciated, thank you
Hi,
i have 2 aws accounts and i use eventbridge to emit events from x account to y account.
i have configured the respective roles on both emitting side and receiving side and they work perfectly well.
As a security measure i want to use an external id when giving access to resources for other accounts, which is recommended in aws iam docs.
i have surfed the internet for a while but couldn't find any examples or guides that helps me in achieving this.
i know that i can add a condition on receiving role policy with that external id from docs but unable to figure out how to send the external id when calling the put events.
i use python with boto3 sdk. the answer need not by language specific. i would be glad if an approach is suggested.
So I have a lambda function that's the following:
def lambda_handler(event, context):
http = urllib3.PoolManager()
return {
"statusCode": 200,
"headers": {
"Content-Type": "application/json"
},
"body": "{\"message\": \"Hello from Lambda!\"}",
"test": event
}
If I test run the event with some event JSON, it returns what I want. But...
when I test to run the lambda through my rest API I created I either get the error 502 when "Use Lambda Proxy integration" is enabled. Or when it's disabled event is always empty. I have tried to setup a link the following way:
https://something.execute-api.eu-north-1.amazonaws.com/test/test/{id}
Where you enter an {id} for example and I can catch it in the event. But how can I fix so event is an actual thing and actually getting any information?
If you feel like im missing some information that might be important just ask, I don't know what could be useful.
Hello everyone,
I am facing an odd situation here.
I have some events since a few days that are fired 2 times in the same bus (default). They are exactly the same : content and id.
And so they triggered some lambdas two times messing with our event process.
I thought it should be impossible.
I assume that if there are two logs in events/debug, there are two event fired.
Look at the photo. You can see the same id in the JSON at the same hour.
If you have any idea about what can cause that.
Thanks for your help.
EDIT 1 : The events are generated by a lambda using aws sdk for nodeJs and method putEvents.
Hi all,
as a **Security Requirement** we need to setup a **notification system** using **SNS** to notify our **Security Team** when someone access an AWS Account using a specific SSO PermissionSet "for example : **AdministratorAccess** " as shown in the image below :
I'm trying to setup a simple **EventBridge Rule** based on the **IAM Identity Center** **Federate** Event on **Cloudtrail** with an **SNS topic** as a target but I can't get it working.
**CloudTrail Event** :
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "xxxx-43ce-996a-0530772c083a",
"accountId": "xxxxxxxxxxx",
"userName": "userName"
},
"eventTime": "2023-03-23T00:07:29Z",
"eventSource": "sso.amazonaws.com",
"eventName": "Federate",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.1.1.1",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0",
"requestParameters": null,
"responseElements": null,
"requestID": "c99b-48ea-a9e4-fc2194bc0f27",
"eventID": "415e-b57e-99764a0f0fdf",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"recipientAccountId": "xxxxxxxxxx",
"serviceEventDetails": {
"role_name": "AWSAdministratorAccess",
"account_id": "xxxxxxxx"
},
"eventCategory": "Management"
}
```
**EventBridge Event Pattern** is the Following :
```
{
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["sso.amazonaws.com"],
"eventName": ["Federate"]
}
}
```
anyone could help on how to get this working ?
Thanks in advance
Hi, We would like to trigger events based on when an instance (EC2 or OnPrem) is registered in Systems Manager, an example, would be to trigger an instance tagging mechanism so that tags are applied as soon as the instance is registered.
I can see PutInventory in Cloudtrail gets created on registration and then occurs every 12h thereafter, but we dont need anything that cyclical. We are considering an Association that is configured without a Schedule, but this triggers runCommand on the instance which is unnecessary data transit across the WAN. It would be good if the event could trigger eventBridge to then trigger a StepFunction, but we're looking for the best trigger.
Does anyone have any suggestions on the best trigger for this?
Use case : New documents are added through a web application on ongoing basis to S3. I am trying to build a document search for the documents stored in S3 that can display documents uploaded in near real time. Does Kendra sync data source with index based on an event trigger?
I set up the resources to trigger glue job through eventbridge. But when I tested in console, Invocations == FailedInvocations == TriggeredRules == 1.
What can I do to fix it?
```
######### AWS Glue Workflow ############
# Create a Glue workflow that triggers the Glue job
resource "aws_glue_workflow" "example_glue_workflow" {
name = "example_glue_workflow"
description = "Glue workflow that triggers the example_glue_job"
}
resource "aws_glue_trigger" "example_glue_trigger" {
name = "example_glue_trigger"
workflow_name = aws_glue_workflow.example_glue_workflow.name
type = "EVENT"
actions {
job_name = aws_glue_job.example_glue_job.name
}
}
######### AWS EventBridge ##############
resource "aws_cloudwatch_event_rule" "example_etl_trigger" {
name = "example_etl_trigger"
description = "Trigger Glue job when a request is made to the API endpoint"
event_pattern = jsonencode({
"source": ["example_api"]
})
}
resource "aws_cloudwatch_event_target" "glue_job_target" {
rule = aws_cloudwatch_event_rule.example_etl_trigger.name
target_id = "example_event_target"
arn = aws_glue_workflow.example_glue_workflow.arn
role_arn = local.example_role_arn
}
```