Created
October 7, 2024 16:50
-
-
Save thoroc/cfcc60c57cff3c6e291b881de6ea9935 to your computer and use it in GitHub Desktop.
Attempting to setup eventbridge rule to send logs to cloudwatch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "Source": "my.application", | |
| "DetailType": "TestEvent", | |
| "Detail": "{\"message\": \"Hello World\"}", | |
| "EventBusName": "default" | |
| }, | |
| { | |
| "Source": "my.application", | |
| "DetailType": "MyAppEvent", | |
| "Detail": "{\"key1\": \"value1\", \"key2\": \"value2\"}", | |
| "EventBusName": "default" | |
| } | |
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo "creating a new event..." | |
| # NOTE: the file needs to be on the relative path to the aws cli call | |
| aws events put-events \ | |
| --entries file://put-event.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| DESIRED_SUFFIX="Imbc" | |
| DESIRED_RULE_NAME="LogAllEvents$DESIRED_SUFFIX" | |
| DESIRED_LOG_GROUP_NAME="/aws/eventbridge/logs/nopl-sales-api-dv-$DESIRED_SUFFIX" | |
| DESIRED_ROLE_NAME="EventBridgeLogRole$DESIRED_SUFFIX" | |
| DESIRED_POLICY_NAME="CloudWatchLogsPermission$DESIRED_SUFFIX" | |
| DESIRED_TAGS="Key=Name,Value=EventBridgeLog$DESIRED_SUFFIX" | |
| DESIRED_EVENT_PATTERN='{"source": ["my.application"]}' | |
| printf "> Creating a new Log Group %s for EventBridge logs...\n" $DESIRED_LOG_GROUP_NAME | |
| # check the log group does not exist else create it | |
| LOG_GROUP_ARN=$(aws logs describe-log-groups \ | |
| --log-group-name-prefix "$DESIRED_LOG_GROUP_NAME" \ | |
| --query "logGroups[0].logGroupName" \ | |
| --output text) | |
| if [ "$LOG_GROUP_ARN" = "$DESIRED_LOG_GROUP_NAME" ]; then | |
| echo "Log Group already exists. Skipping..." | |
| else | |
| echo "Creating Log Group..." | |
| aws logs create-log-group \ | |
| --log-group-name "$DESIRED_LOG_GROUP_NAME" \ | |
| --tags "$DESIRED_TAGS" | |
| fi | |
| printf "\n> Creating a new Event Rule %s ...\n" $DESIRED_RULE_NAME | |
| EXISTING_RULE=$(aws events list-rules \ | |
| --query "Rules[?Name=='$DESIRED_RULE_NAME']" \ | |
| --output text) | |
| RULE_NAME=$(echo "$EXISTING_RULE" | jq -r '.[].Name') | |
| # RULE_NAME=$(aws events list-rules \ | |
| # --query "Rules[?Name=='$DESIRED_RULE_NAME'].Name" \ | |
| # --output text) | |
| if [ "$RULE_NAME" = "$DESIRED_RULE_NAME" ]; then | |
| echo "Rule already exists. Skipping..." | |
| else | |
| echo "Creating Rule..." | |
| aws events put-rule \ | |
| --name "$DESIRED_RULE_NAME" \ | |
| --event-pattern "$DESIRED_EVENT_PATTERN" \ | |
| --state ENABLED \ | |
| --description "This rule captures all events from my.application and logs them." | |
| fi | |
| printf "\n> Tagging the rule with %s ...\n" $DESIRED_TAGS | |
| RULE_ARN=$(echo "$EXISTING_RULE" | jq -r '.[].Arn') | |
| # RULE_ARN=$(aws events list-rules \ | |
| # --query "Rules[?Name=='$DESIRED_RULE_NAME'].Arn" \ | |
| # --output text) | |
| if [ -z "$RULE_ARN" ]; then | |
| echo "Rule not found. Skipping ..." | |
| else | |
| echo "Rule ARN: $RULE_ARN" | |
| aws events tag-resource \ | |
| --resource-arn "$RULE_ARN" \ | |
| --tags "$DESIRED_TAGS" | |
| fi | |
| printf "\n> Attaching the event rule to the Log Group...\n" | |
| LOG_GROUP_ARN=$(aws logs describe-log-groups \ | |
| --log-group-name-prefix "$DESIRED_LOG_GROUP_NAME" \ | |
| --query "logGroups[0].arn" \ | |
| --output text) | |
| echo "Log Group ARN: $LOG_GROUP_ARN" | |
| if [ -z "$LOG_GROUP_ARN" ]; then | |
| echo "Log Group not found. Exiting..." | |
| else | |
| echo "Attaching Rule to Log Group..." | |
| aws events put-targets \ | |
| --rule "$DESIRED_RULE_NAME" \ | |
| --targets '[ | |
| { | |
| "Id": "1", | |
| "Arn": "'"$LOG_GROUP_ARN"'" | |
| } | |
| ]' | |
| fi | |
| printf "\n> Setting pu the role %s ...\n" $DESIRED_ROLE_NAME | |
| # check the role does not exist else create it | |
| ROLE_NAME=$(aws iam list-roles \ | |
| --query "Roles[?RoleName=='$DESIRED_ROLE_NAME'].RoleName" \ | |
| --output text) | |
| if [ "$ROLE_NAME" = "$DESIRED_ROLE_NAME" ]; then | |
| echo "Role already exists. Skipping..." | |
| else | |
| echo "Creating Role..." | |
| aws iam create-role \ | |
| --role-name "$DESIRED_ROLE_NAME" \ | |
| --assume-role-policy-document '{ | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "events.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| }' \ | |
| --tags "$DESIRED_TAGS" | |
| fi | |
| printf "\n> Attaching the policy %s to the role %s ...\n" $DESIRED_POLICY_NAME $DESIRED_ROLE_NAME | |
| # check for already existing policy | |
| POLICY_NAME=$(aws iam list-attached-role-policies --role-name "$DESIRED_ROLE_NAME" \ | |
| --query "AttachedPolicies[?PolicyName=='$DESIRED_POLICY_NAME'].PolicyName" \ | |
| --output text) | |
| if [ "$POLICY_NAME" = "$DESIRED_POLICY_NAME" ]; then | |
| echo "Policy already exists. Skipping..." | |
| else | |
| echo "Creating Policy..." | |
| aws iam put-role-policy \ | |
| --role-name "$DESIRED_ROLE_NAME" \ | |
| --policy-name "$DESIRED_POLICY_NAME" \ | |
| --policy-document '{ | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "logs:PutLogEvents", | |
| "logs:CreateLogStream", | |
| "logs:DescribeLogStreams" | |
| ], | |
| "Resource": [ | |
| "'"$LOG_GROUP_ARN"'", | |
| "'"$LOG_GROUP_ARN:log-stream:*"'" | |
| ] | |
| } | |
| ] | |
| }' | |
| fi | |
| printf "\n> Completed setup for EventBridge logging.\n" | |
| # If you need to check all the rules, you can use the following command: | |
| # aws events list-rules --name-prefix "$DESIRED_RULE_NAME" | |
| # If you need to check the rule, you can use the following command: | |
| # aws events describe-rule --name "$DESIRED_RULE_NAME" | |
| # If you need to check the target, you can use the following command: | |
| # aws events list-targets-by-rule --rule "$DESIRED_RULE_NAME" | |
| # If you need to check the logs, you can use the following command: | |
| # | |
| # 1. create new log stream | |
| # aws logs create-log-stream \ | |
| # --log-group-name "/eventbridge/logs" \ | |
| # --log-stream-name "TestStream" | |
| # | |
| # 2. put log events | |
| # aws logs put-log-events \ | |
| # --log-group-name "/eventbridge/logs" \ | |
| # --log-stream-name "TestStream" \ | |
| # --log-events '[ | |
| # { | |
| # "timestamp": '"$(($(date +%s) * 1000))"', | |
| # "message": "Test log message" | |
| # } | |
| # ]' | |
| # To put an event manually, you can use the following command: | |
| # aws events put-events \ | |
| # --entries '[ | |
| # { | |
| # "Source": "my.application", | |
| # "DetailType": "myDetailType", | |
| # "Detail": "{\"message\": \"Hello World\"}" | |
| # } | |
| # ]' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment