AWS CloudWatch Event Rules
AWS CloudWatch Events delivers a near real-time stream of system events that describe changes in AWS resources. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams.
Route detailed alerts from AWS CloudWatch Event Rules to the right users in Incident Response.
How to integrate AWS CloudWatch Event Rules with Incident Response
-
Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.
-
Select Amazon CloudWatch Event Rules. Copy the displayed Webhook URL to configure it within Amazon CloudWatch Event Rules. Finish by clicking Add Alert Source -> Done.
When an alert source turns Active, it’ll show up under Configured Alert Sources. You can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source.
An Alert Source is active if there is a recorded incident via that Alert Source for the Service.
In AWS: Configure SNS Endpoint
-
Log in to your AWS account and proceed to SNS
-
Click on Create topic
-
Within the dialog box, fill in the details as per your requirements and then click on Create topic
-
Inside the topic, click on Create Subscription
-
Select the protocol as HTTPS and in the endpoint enter the URL you obtained from the previous step
-
Finally, click on Create Subscription to create the subscription
The Subscription ID for the subscription should immediately change to Confirmed from PendingConfirmation. Click on the refresh button to verify the same.
In AWS: Configure CloudWatch Event Rules
-
Go to CloudWatch and click on Rules under Events
-
Click on Create Rule
-
Select desired Service Name and Event Type In this example, we're selecting
Service Name: EC2andEvent Type: All Events -
Under Targets click on Add Target
-
Select SNS Topic and your topic name from the dropdown In this example, we're selecting
Topic: Instance-state-change -
Click on Configure rule details. Enter the name of your rule. Add a description as needed
-
Click on Create a rule to save this configuration
That's it, you are good to go! Your AWS CloudWatch Event Rules integration is complete.
-
Now, whenever an event is triggered that matches your Event Rules, an incident will be created in Incident Response for it.
FAQ:
Q: If an alert gets resolved in AWS CloudWatch Event Rules, does it send auto-resolve signals to Incident Response?
A: No, AWS CloudWatch Event Rules does not send auto-resolve signals to Incident Response. Hence, Incident Response incidents from AWS CloudWatch Event Rules should be resolved manually.