Created
October 17, 2024 21:03
-
-
Save atheiman/11d0f05c1d4294ab56b36ef6803eb9c9 to your computer and use it in GitHub Desktop.
CloudFormation template creating an EventBridge rule to send events to a CloudWatch Logs log group for review.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# aws cloudformation deploy --stack-name LogEvents --template-file ./cloudformation-eventbridge-cloudwatch-logs.yml | |
# | |
# Use this EventBridge rule to send events to a CloudWatch Logs log group for review. An example | |
# use case is to review CloudTrail logs w/ CloudWatch Logs Insights. Recently used this to identify | |
# service and CloudTrail events from DRS to trigger custom automation (Lambda). | |
# | |
# Example CloudWatch Logs Insights query for the log group: | |
# | |
# fields @timestamp, @message, `detail-type`, `detail.eventName` | |
# | filter detail.eventName in ["CreateSourceServerForDrs", "CreateRecoveryInstanceForDrs", "ReverseReplication"] | |
# | sort @timestamp desc | |
# | limit 1000 | |
Resources: | |
Rule: | |
Type: 'AWS::Events::Rule' | |
Properties: | |
Description: !Sub 'Log events - created by CloudFormation stack ${AWS::StackId}' | |
State: ENABLED | |
EventPattern: | |
# https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-pattern.html | |
source: | |
- aws.drs | |
# detail-type: | |
# - AWS API Call via CloudTrail | |
# - Some other service-specific event | |
# detail: | |
# someAttribute: | |
# - some value | |
Targets: | |
- Id: LogGroup | |
Arn: !Sub '${LogGroup.Arn}' | |
LogGroup: | |
Type: AWS::Logs::LogGroup | |
Properties: | |
LogGroupName: !Sub '/${AWS::StackName}/events' | |
RetentionInDays: 14 | |
Tags: | |
- Key: CfnStackId | |
Value: !Ref AWS::StackId | |
# Allow EventBridge rule to write to the log group. | |
# https://repost.aws/knowledge-center/cloudwatch-log-group-eventbridge | |
LogsResourcePolicy: | |
Type: AWS::Logs::ResourcePolicy | |
Properties: | |
PolicyName: !Sub '${AWS::StackName}-Events' | |
PolicyDocument: !Sub >- | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "TrustEventsToStoreLogs", | |
"Effect":"Allow", | |
"Principal": { | |
"Service": [ | |
"events.amazonaws.com", | |
"delivery.logs.amazonaws.com" | |
] | |
}, | |
"Action": [ | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Resource": "${LogGroup.Arn}" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment