Questions tagged with Amazon EventBridge
Content language: English
Sort by most recent
I have programmatically defined a eventbridge rule to send an event when a crawler completes.
response = event_client.put_rule(
Name="newmyrule",
EventPattern='{"detail-type": ["Glue Crawler State Change"],"source": ["aws.glue"],"detail": {"crawlerName":["'+crawler_name+'"],"state": ["Succeeded"]}}'
)
print("put_rule="+str(response))
put_target_response = event_client.put_targets(
Rule='newmyrule',
Targets=[{
'Id': 'mylambdafn',
'Arn': 'arn:aws:lambda:us-west-1:xxxxxxxxxxxxx:function:mylambdafn'
}]
)
enable_rule_response = event_client.enable_rule(Name='newmyrule')
I have also defined the crawler through boto3.
create_crawler_response =glue.create_crawler(
Name=crawler_name,
Role='arn:aws:iam::xxxxxxxxxx:role/ravi-glue-access',
DatabaseName='noah-ingest',
#TablePrefix="",
Targets={'S3Targets': [{'Path': s3_target}]},
SchemaChangePolicy={
'UpdateBehavior': 'UPDATE_IN_DATABASE',
'DeleteBehavior': 'DELETE_FROM_DATABASE'
}
)
It looks similar to rules defined through the console but results in failedinvocations. How do I fix this.
thanks,
Ravi.
Here is the code:
```js
import { EventBridgeClient, PutEventsCommand } from "@aws-sdk/client-eventbridge";
import { fromCognitoIdentityPool } from '@aws-sdk/credential-provider-cognito-identity';
import { CognitoIdentityClient } from '@aws-sdk/client-cognito-identity';
const IDENTITY_POOL_ID = 'us-east-1:xxx';
const REGION = 'us-east-1';
const ebClient = new EventBridgeClient({
region: REGION,
credentials: fromCognitoIdentityPool({
client: new CognitoIdentityClient({ region: REGION }),
identityPoolId: IDENTITY_POOL_ID
})
});
async function sendEvent() {
const events = {
Entries: [
{
DetailType: 'SubmitOrder',
Detail: JSON.stringify({
orderId: 'abc',
// ...
}),
Source: 'com.org.app1',
},
],
};
try {
const data = await ebClient.send(new PutEventsCommand(events));
console.log("Success, event sent; requestID:", data);
} catch (err) {
console.log('Error', err);
}
}
```
The permissions for the Unauthorized Cognito Identity Pool role:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "events:PutEvents",
"Resource": "arn:aws:events:us-east-1:xxxx:event-bus/default"
}
]
}
```
Trust policy:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "us-east-1:xxxx"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
}
]
}
```
The error:
```
AccessDeniedException: User: arn:aws:sts::xxxx:assumed-role/Cognito_XXXidentitypoolUnauth_Role/CognitoIdentityCredentials is not authorized to perform: events:PutEvents on resource: arn:aws:events:us-east-1:xxxx:event-bus/default because no session policy allows the events:PutEvents action
```
Error: **botocore.exceptions.ClientError: An error occurred (InvalidArgument) when calling the PutBucketNotificationConfiguration operation**
Hello AWS,
I am currently working on a project where I am working with a third party team. The team has an SQS that all of our buckets have an event notification for. I currently added a new bucket and I am receiving this error when I try to deploy it via CDK.
The team does not seem to be to well familiar with AWS but I asked if I have permissions to call the SQS and they said yes. Is there a way to confirm this on my end? Or is is there documentation on the configuration the team needs to set up for their SQS Que? If so, is there any other problems that could cause this error message?
I'm confident it's on the third party team ends because this is done through our CDK stack and everything else works fine. But I do want to know I am updating an existing stack, before our bucket did not send via event notifications but was created.
Any solutions or troubleshooting will help.
One source I found on stackoverflow except it's for lambda: https://stackoverflow.com/questions/36973134/cant-add-s3-notification-for-lambda-using-boto3
I want to create EventBridge event to trigger Glue job, but when I create glue trigger there is no option for EventBridge (on legacy page it is but is blocked). I have CloudTrail enabled. Where is the problem? Is this option still available?
I have an EventBridge API Destination Connection running and in use for several weeks (used in EventBridge Pipes). It uses an API Key for authorization. A few days ago I noticed that it said deauthorized. The API key was still good as expected. I was able to reauthorize the api connection using the same key (copy and paste) by simply resaving the key. I'm at a loss as to why it would seemingly randomly deauthorize. There were no issues that I could find with the api in question. I thought maybe the api went down and that caused the deauthorization so I tested it in a lower env by taking the api down, but that didn't impact the authorization at all (which is what I would expect, but wanted to rule out any funny business).
Has anyone else run into this before?
I saw the sample implementation for scheduled event calling lambda function at https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/python/example_code/lambda/scheduled_lambda.py
I need to invoke lambda function when a crawler completes using boto3.
thanks,
Ravi.
FlexMatch sends various notifications described [here](https://docs.aws.amazon.com/gamelift/latest/flexmatchguide/match-events.html). I have a service getting these messages via SQS polling. The event payloads in the messages are serialized to JSON. Are there models defined for these events in the Java AWS SDK 2.0? I sure cannot find them.
Are you supposed to roll your own models to deserialize and work with these events?
I have an eventbridge rule with an SQS target, and the lambda function that puts the event on the bus is configured to use xray (traces lead up to eventbridge in xray, so this is working fine).
In the SQS messages (received with a ReceiveMessageCommand) there is no AWSTraceHeader attribute, so I cannot continue the trace downstream.
I have added an identical rule with lambda target with tracing to test if the trace is propagated correctly, and this is the case, I have a lambda node linked after the events node in the service map.
I read that eventbridge should propagate trace headers to SQS targets, mentioned here:
https://aws.amazon.com/about-aws/whats-new/2021/03/amazon-eventbridge-now-supports-propagation-of-x-ray-trace-context/?nc1=h_ls
Is this actually the case? If so, is there anything I am missing for this to work?
I am sharing my release message notification on Slack via SNS, EventBridge and Lambda functions. I have accomplished it successfully, but we do not get the commit message or PR link or the PR details which triggers the deploy. Is it possible already in someway? Or is there some feature in progress? Or is it not possible?
Also, my repository is in BitBucket.
Hello,
We're using EventBridge to trigger an application API on a periodic basis. It is public facing and hosted on our EC2 instances, which is behind a Load Balancer.
It had been working fine up until the day the domain name's SSL certificate expired. However, after SSL cert had been renewed and re-imported via Certificate Manager, the error still persists (from the deadletterqueue):
| Name | Value |
| --- | --- |
| ERROR_CODE | SDK_CLIENT_ERROR |
| ERROR_MESSAGE | Unable to invoke ApiDestination endpoint: API destination endpoint cannot be reached. |
| RULE_ARN | ... |
| TARGET_ARN | ... |
Connection is Authorized, API Destination has been checked and works when called in the browser. Everything seems to be in order. Have tried re-creating new connection/APIDestination/new rule but hitting same error.
What might cause such an error "SDK_CLIENT_ERROR" ?
Thanks in advance.
SCENARIO:
I have a cloudwatch alarm action that triggers an SNS topic.
The alarm metric is configured to filter CRITICAL events in a Lambda Log group.
The Lambda (invoked every 15 minutes) checks for CloudFormation stacks in 'error' states and logs the critical event for each stack in the error state.
```
Logs::MetricFilter
FilterPattern: '{$.level="CRITICAL"}'
MetricValue: 1
CloudWatch::Alarm
AlarmActions: Send to SNS Topic
Period: 600
TreatMissingData: notBreaching
ComparisonOperator: GreaterThanOrEqualToThreshold
Threshold: 1
EvaluationPeriods: 1
Statistic: Maximum
```
Cloudwatch alarm works as expected when 1 stack is in the error state:
* Picks the CRITICAL event
* ALARM changes state to 'In Alarm'
* SNS Topic triggered
CHALLENGE:
If any other stack goes into error (like 15 minutes later), and the initial stack is still in error, the Alarm doesn't act on it. i.e. trigger the SNS topic.
I understand from research that this is normal behavior because *" If your metric value is still in breach of your threshold, the alarm will remain in the ALARM state until it no longer breaches the threshold."*
I have also tested this and confirmed - I used boto3 to **set_alarm_state** back to OK, invoked the Lambda manually, the Alarm state was changed back to 'In Alarm', and the SNS topic triggered.
QUESTION:
is there any other suitable configuration or logic I can use to trigger the SNS topic for every stack in the error state?
asked a month ago
Dear Community,
Please imagine the following scenario:
* I have multiple long running computation tasks. I'm planning to package them as container images and use ECS Tasks to run them.
* I'm planning to have a server less part for administrating the tasks
Once a computation tasks starts, it takes the input data from a SQS queue and can start its computation. Also all results end up in an SQS queue for storage. So far, so good.
Now the tricky bit: The computation task needs some human input in the middle of its computation, based on intermediate results.
Simplified, the task says "I have the intermediate result of 42, should I resume with route A or route B?". Saving the state and resuming in a different container (based on A or B) is not an option, it just takes too long. Instead I would like to have a server less input form, which sends the human input (A or B) to this specific container. What is the best way of doing it?
My idea so far:
Each container creates his own SQS queue and includes the url in his intermediate result message. But this might result in many queues. Also potentially abandoned queues, should a container crash. There must be a better way to communicate with a single container. I have seen ECS Exec, but this seams more build for debugging purposes.