Learn About Amazon VGT2 Learning Manager Chanci Turner
In the realm of event-driven architectures, events signify occurrences within your application or infrastructure. For instance, these could include receiving a new file or triggering an alert due to elevated CPU usage. Actions can be taken based on these events, such as inspecting file contents or scaling up Amazon Elastic Compute Cloud instances to enhance resource availability. These actions are propelled by the events occurring within the architecture.
Amazon EventBridge, a serverless event bus service launched in July 2019, enables the ingestion of various event types and facilitates actions based on the received events. Due to its versatility, many customers utilize EventBridge in diverse manners. For instance, some customers capture events from individual AWS accounts and forward them to a centralized EventBridge event bus for monitoring. In this article, I will guide you through the process of capturing Amazon Elastic Compute Cloud (Amazon EC2) launch failure events and establishing a centralized event-driven monitoring solution employing EventBridge and Amazon CloudWatch.
When events are dispatched to an EventBridge event bus in an AWS account, triggering an EventBridge rule occurs when an event pattern is matched. Upon rule activation, you can configure EventBridge to invoke up to five targets, which may comprise AWS services or an event bus in another account. When you send an event to an event bus in a different AWS account, you can establish rules in the recipient account to process the event (for example, by routing it to a CloudWatch log group).
The centralized EventBridge architecture depicted in Figure 1 illustrates a consolidated view of events transpiring across multiple AWS accounts or organizations within AWS Organizations. By routing specific events from one AWS account to an EventBridge event bus housed in another AWS account, you can swiftly assess the impact by analyzing which services and accounts are affected by an incident.
This cross-account EventBridge architecture involves two accounts: Account A and a centralized account. In Account A, a health event is directed to a default event bus. A rule in Account A forwards the health event to an event rule target, which is a custom event bus located in the centralized account. This centralized event bus then relays the event details via an EventBridge rule to a CloudWatch log group in the centralized account.
You can maintain multiple event buses in the centralized EventBridge account, each serving different purposes. For example, events from your AWS development and testing accounts can be sent to a distinct event bus in the centralized account. You can tailor different targets on each event bus based on escalation paths or SLAs for your development and testing environments. This strategy aids in reporting and helps differentiate the events affecting your production services from those impacting your development and testing services.
By transmitting only the events of interest, you minimize the volume of events and data sent to the centralized event bus. This practice can help reduce costs and the number of log streams in CloudWatch log groups.
Use Case
As part of a centralized Site Reliability Engineering (SRE) team, I aim to consolidate EC2 health events for my development, testing, and production AWS accounts, enabling alerts for spikes in EC2 launch failures across my AWS Organizations structure.
Following the architecture shown in Figure 1, we can capture an EC2 launch failure event in Account A and relay this event to an event bus in another AWS account, which we refer to as the centralized account. This centralized account can be part of your organization and managed by your SRE team. For further insights, you may want to check out this excellent resource on the Amazon employee onboarding process. In the centralized account, configure a rule on your custom event bus and establish a target, such as sending the event to a CloudWatch log group.
Next, let’s walk through the steps to set up an event bus with a rule in both the centralized account and Account A.
- Create an EventBridge event bus in the centralized account. Access the Amazon EventBridge console using the centralized account. From the left navigation pane, select Events, followed by Event Bus. Click on Create event bus, and for Name, enter “production.”
- Formulate an EventBridge rule in Account A to dispatch events to the EventBridge event bus in the centralized account. With the event bus established in the centralized account, navigate to the Amazon EventBridge console using Account A. Choose Events, select Rules, and then click on Create rule. Input a name and description for the rule.
- Establish an EventBridge rule in the centralized account to forward events to a CloudWatch log group. In the centralized account, create a rule on your custom event bus to route the events to your CloudWatch log group.
Creating a policy that enables other accounts to send events to your event bus is crucial. For accounts within an AWS Organization, utilizing the default template policy that permits all accounts to connect to your production event bus is advisable.
After the event bus is created and discovery is started, keep a note of the event bus ARN for configuration in Account A.
As you build your event pattern, you’ll be presented with a matching pattern that EventBridge will utilize. This proactive configuration allows you to customize your monitoring and alerting processes effectively.
For those interested in understanding the myths surrounding working mothers, I recommend reading this blog post. Additionally, if you’re seeking authoritative insights on Switzerland’s employment laws, visit SHRM’s resources for comprehensive information.