X
Popular Searches

How to Use CloudWatch Events for AWS Automation

AWS Logo

CloudWatch is commonly used for log processing and monitoring of your AWS resources, but it also has powerful tools for automation from within your account. We’ll show how to set up and work with CloudWatch Events.

What Is CloudWatch Events?

CloudWatch Events is a service from AWS that basically maps cause to effect using actions happening in your account. It can route API events, such as an EC2 instance stopping or an object being uploaded to an S3 bucket, and send them to other services like Lambda functions or messaging queues.

Using simple rules, you can match events based on the service they came from. Events are JSON objects, sent to CloudWatch due to actions happening in your account. For example, an event for terminating an EC2 instance might look like the following:

{
  "version": "0",
  "id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718",
  "detail-type": "EC2 Instance State-change Notification",
  "source": "aws.ec2",
  "account": "111122223333",
  "time": "2017-12-22T18:43:48Z",
  "region": "us-west-1",
  "resources": [
    "arn:aws:ec2:us-west-1:123456789012:instance/ i-1234567890abcdef0"
  ],
  "detail": {
    "instance-id": " i-1234567890abcdef0",
    "state": "terminated"
  }
}

You can listen for these events, and send them to other services called targets. These can be Lambda functions built to handle this payload, an SNS topic, an SQS queue, or other actions like ECS tasks and CodePipeline. With the ability to route to Lambda, you can program any functionality you’d like, making this a very useful feature for account automation.

For example, if you wanted to run an ECS task, like photo or video processing, whenever an object is uploaded to an S3 bucket, you can achieve this with CloudWatch Events quite easily. Simply set the event source to match PutObject operations, and send the event over to an ECS task for processing.

Plenty of other AWS tools will use CloudWatch events as well, so you miight already have some rules set up. If you’re using CodePipeline, it uses a CloudWatch event to monitor the source repository for changes, and trigger the CI/CD pipeline in response.

Events don’t need to be triggered from an action in your account. Alternatively, you can set the event to run at a fixed time interval, essentially acting as the cron of AWS. You can use this to schedule Lambda functions to run automatically.

Setting Up an Event Rule

From the CloudWatch Console, click on “Rules” in the sidebar and create a new rule.

create rule

Unless you want this event to run automatically, set the Event Source to “Event Pattern.” You can choose a service name here to filter for different event types.

For S3, you can choose “Object Level Operations,” and select a specific operation type, like PutObject. You can also choose a specific bucket (or buckets) by name.

event source

On the right, you can select the target. It defaults to “Lambda Function,” you’ll just need to select a function built to handle the event.

Select target

For Lambda, the event is passed in as the event variable. You can use this to access details about the PutObject operation, such as a reference to the object itself that you can use to access it.

If you’re just testing out CloudWatch Events, you can use a function like the following to simply log the event passed to it. You’ll find the Lambda function’s logs under the “Monitoring” tab for the function.

'use strict';

exports.handler = (event, context, callback) => {
  console.log('LogCloudWatchEvent');
  console.log('Received event:', JSON.stringify(event, null, 2));
  callback(null, 'Finished');
};

You, of course, aren’t limited to Lambda functions. For more intense compute, you can route the event to an ECS task, which can use the full power of Fargate and EC2 to run containerized applications.

Route event to ECS task

Other options are also available, usually to do with routing the event somewhere else, such as a Kinesis stream, SNS topic, or SQS queue.

Rules are manageable from the CloudWatch console, including a monitoring tab to show metrics for how often the rule is invoked.

Anthony Heddings Anthony Heddings
Anthony Heddings is the resident cloud engineer for LifeSavvy Media, a technical writer, programmer, and an expert at Amazon's AWS platform. He's written hundreds of articles for How-To Geek and CloudSavvy IT that have been read millions of times. Read Full Bio »

The above article may contain affiliate links, which help support CloudSavvy IT.