Use AWS CloudTrail to detect an event and send email via AWS CloudAlarm

Use AWS CloudTrail to detect an event and send email via AWS CloudAlarm

Following 4 steps to accomplish this:
1.       Create a cloud trail to track the event you want to catch.
2.       Configure a CloudWatch log for the cloud trail.
3.       Create a metric filter for the CloudWatch log.
4.       Create a cloud alarm with the metric filter which will send you email when the event happens.
Where the first 2 steps are working on the CloudTrail console and the last 2 steps are working on the CloudWatch console.

Open the CloudTrail console at https://console.aws.amazon.com/cloudtrail/

Click the ‘Create trail’ button to create the trail to track the event you want to catch if you don’t have one.
If you already have the cloud trail to trach the event you want to catch, click the trail name will bring the ‘Configuration’ page of the trail:


Scroll down CloudWatch section and click ‘Configure’ button:

Create a log group or choose an existing log group in the same region as the trail:


Click ‘Continue’ button:


This will also create a role ‘CloudTrail_CloudWatchLogs’ if there is not one. The policy attached to this role allows ‘CreateLogStream’ and ‘PutLogEvents’
Click ‘Allow’ button, it will show ‘successful’ message and return to the ‘Configuration’ page with the information of the CloudSWatch Log you just configured:


Note:  A trail that applies to all regions sends log files from all regions to the CloudWatch Logs log group that you specify.

Now we finished the part of work in cloud trail console and go to cloud watch console to continue our work.
Go to https://console.aws.amazon.com/cloudwatch and click ‘Logs’ at the left side menu:


Choose the ‘Log Group’ created for CloudTrail by clicking the radio button on its left side and click the ‘Create Metric Filter’ button, it brings up ‘Define Logs Metric Filter’ page:


The grammar for ‘Filter Pattern’ which matches JSON log events is like following:
{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) ) }
It uses ‘&&’ for ‘and’, ‘||’ for ‘or’ to combine each filter rule and the whole thing is wrapped in a curly bracket.
Here I would like to catch the event when somebody perform Attach Volume or Detach Volume:



Click button ‘Assign Metric’ brings up following page:

Type in a metric name and click ‘Create Filter’ button brings up following page:


Click the link ‘Create Alarm’ brings up following page:

Give a name for the alarm. I set the criteria for the alarm is that ‘Whenever’ it is bigger than 0 as whenever an event of the attach or detach a volume happens, the count will be bigger than 0. For the ‘Treat missing data as’, I choose ‘good(not breaching threshold)’.
At ‘Actions’ section which is the bottom part of the page, set ‘Whenever this alarm’ is in ‘State is ALARM’, send the notification to your email list. Click ‘Create Alarm’ button brings up following page:



Comments

Post a Comment

Popular posts from this blog

Calculus Lectures - Integral Summary

Image
Basic integrals to be memorized clearly - integrals of power, exponential, logarithm and basic trigonometric functions Other important integrals of trigonometric functions  Other important integrals of trigonometric functions - Continue  An important integration technique - Trigonometric substitutions  Integrals of Inverse Trigonometric functions
Read more

Calculus Lectures - Derivative Summary

Image
Concept of differentiability, derivative and derivative function Differentiation Rules  Derivatives of Power, Exponential and Logarithmic Functions  Derivatives Trigonometric and Inverse Trigonometric Functions Obtain the derivative of inverse trigonometric functions with implicit differentiation 1. Obtain the derivative of inverse sine function with implicit differentiation  2. Obtain the derivative of inverse cosine function with implicit differentiation Obtain the derivative of inverse cosine function from the derivative of inverse sine function 3. Obtain the derivative of inverse tangent function with implicit differentiation 4. Obtain the derivative of inverse cotangent function with implicit differentiation 5. Obtain the derivative of inverse secant function with implicit differentiation 6. Obtain the derivative of inverse cosecant function with implicit differentiation Obtain the derivative of inverse cosecant function from the de...
Read more

Vector Concepts

Image
Vector definition,addition subtraction and scalar multiplication Key examples for solid understanding of  Vector definition,addition subtraction and scalar multiplication   The scalar product(dot product, inner product) of 2 vectors   Vector projection and example Cross product of 2 vectors Lines and planes 4 key aspects about lines and planes: 1.Equations: vector form, parametric form and Cartesian form, conversion between different forms, find the equations(ie,give 2 points to find the equation of a line, give 3 points to find the equation of a plane, give 2 lines to find the equation of a plane, give a equation of a plane to find another plane which is parallel to the given plane). 2.Intersections: line and line, line and plane, plane and plane. Line and line could have no intersection because they are parallel or skew. To find the intersection between a line and plane, just plug the parametric format of the line to the...
Read more