Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save atheiman/11d0f05c1d4294ab56b36ef6803eb9c9 to your computer and use it in GitHub Desktop.
Save atheiman/11d0f05c1d4294ab56b36ef6803eb9c9 to your computer and use it in GitHub Desktop.
CloudFormation template creating an EventBridge rule to send events to a CloudWatch Logs log group for review.
# aws cloudformation deploy --stack-name LogEvents --template-file ./cloudformation-eventbridge-cloudwatch-logs.yml
#
# Use this EventBridge rule to send events to a CloudWatch Logs log group for review. An example
# use case is to review CloudTrail logs w/ CloudWatch Logs Insights. Recently used this to identify
# service and CloudTrail events from DRS to trigger custom automation (Lambda).
#
# Example CloudWatch Logs Insights query for the log group:
#
# fields @timestamp, @message, `detail-type`, `detail.eventName`
# | filter detail.eventName in ["CreateSourceServerForDrs", "CreateRecoveryInstanceForDrs", "ReverseReplication"]
# | sort @timestamp desc
# | limit 1000
Resources:
Rule:
Type: 'AWS::Events::Rule'
Properties:
Description: !Sub 'Log events - created by CloudFormation stack ${AWS::StackId}'
State: ENABLED
EventPattern:
# https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-pattern.html
source:
- aws.drs
# detail-type:
# - AWS API Call via CloudTrail
# - Some other service-specific event
# detail:
# someAttribute:
# - some value
Targets:
- Id: LogGroup
Arn: !Sub '${LogGroup.Arn}'
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub '/${AWS::StackName}/events'
RetentionInDays: 14
Tags:
- Key: CfnStackId
Value: !Ref AWS::StackId
# Allow EventBridge rule to write to the log group.
# https://repost.aws/knowledge-center/cloudwatch-log-group-eventbridge
LogsResourcePolicy:
Type: AWS::Logs::ResourcePolicy
Properties:
PolicyName: !Sub '${AWS::StackName}-Events'
PolicyDocument: !Sub >-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TrustEventsToStoreLogs",
"Effect":"Allow",
"Principal": {
"Service": [
"events.amazonaws.com",
"delivery.logs.amazonaws.com"
]
},
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "${LogGroup.Arn}"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment