Create rules to invoke Targets based on Events happening in your AWS environment.
Use event source with customize an Event Pattern
What’s In This Document
- Create custom cloudwatch event rule
- Create AWS Systems Manager Document
- Update IAM role to run SSM document from cloudwatch
- Put cloudwatch event to test
🚀 Create custom cloudwatch event rule
- Build custom event pattern
{ "source": [ "com.test.ssm.to.target" ] }
- Target: SSM Run Command
🚀 Create AWS Systems Manager Document
- JSON Content: Write
{{Message}}
content to{{workingDirectory}}/testSSM.txt
{
"schemaVersion": "2.2",
"description": "Run SSM command",
"parameters": {
"Message": {
"type": "String",
"description": "Parameter of SSM script",
"default": ""
},
"workingDirectory": {
"type": "String",
"description": "Working dir",
"default": "/tmp/"
}
},
"mainSteps": [
{
"action": "aws:runShellScript",
"name": "runSSMCommand",
"inputs": {
"runCommand": [
"echo {{Message}} > {{workingDirectory}}/testSSM.txt"
]
}
}
]
}
- Target type:
/AWS::EC2::Instance
🚀 Update IAM role to run SSM document from cloudwatch
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ssm:SendCommand",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:ap-northeast-1:111111111111:instance/i-0f4a1c3c2ca0a7dee",
"arn:aws:ssm:ap-northeast-1:111111111111:document/testSSM"
]
}
]
}
🚀 Put cloudwatch event to test
- Use python script to put event to cloudwatch rule
import boto3
import json
from datetime import datetime
def put_cloudwatch_event():
try:
client = boto3.client('events', region_name='ap-northeast-1')
json_input = {"data": "{0} {1}".format('my-source', 'my-target')}
response = client.put_events(
Entries=[
{
'Time': datetime.now(),
'Source': 'com.test.ssm.to.target',
'DetailType': 'MyDetailType',
'Resources': ['resource1', 'resource2'],
'Detail': json.dumps(json_input)
}
]
)
if response['FailedEntryCount'] == 0:
print(f"Result {json.dumps(json_input)} is in progress")
except ValueError as err:
print(str(err))
put_cloudwatch_event()
- Run script
Result {"data": "my-source my-target"} is in progress
Process finished with exit code 0
- Check result: Access to target instance
# cat /tmp/testSSM.txt
my-source my-target
Mirror:
Read More
- Pelican-resume with docker-compose and AWS + CDK
- Using Helm Install Botkube Integrate With Slack On EKS
- Ansible AWS EC2 Dynamic Inventory Plugin
- How To List All Enabled Regions Within An AWS account
- Using AWS KMS In AWS Lambda
- Create AWS Backup Plan
- Techniques For Writing Least Privilege IAM Policies
- EKS Persistent Storage With EFS Amazon Service
- Create k8s Cronjob To Schedule Delete Expired Files
- Amazon ECR - Lifecycle Policy Rules
- Connect Postgres Database Using Lambda Function
- Using SourceIp in ALB Listener Rule
- Amazon Simple Systems Manager (SSM)
- Invalidation AWS CDN Using Boto3
- Create AWS Lambda Function Triggered By S3 Notification Event
- CI/CD Of Invalidation AWS CDN Using Gitlab Pipeline
- Create CodeDeploy
- Gitlab Pipeline With AWS Codedeploy
- Create AWS-CDK image container
- Deploy Python Lambda Functions With Container Image