Reputation: 1101
Not getting complete information in SQS topic in the message generated from AWS CloudWatch alarm
I have configured an Alarm on CloudTrail events. The metric of the alarm is to trigger it when it finds the information in the logs that an instance is terminated. The information sends a message to an SNS topic which in turn calls SQS.
It is all working as of now. However, when I read SQS I can only see the information of the alarm, but I would like to obtain details of the instance that got terminated. For example, below is what I see:
{
"Type" : "Notification",
"MessageId" : "1744f315-1042-5248-99a8-bd637aac7da4",
"TopicArn" : "arn:aws:sns:us-east-1:873150696559:chefterm",
"Subject" : "ALARM: \"terminatedchefnodes\" in US - N. Virginia",
"Message" : "{\"AlarmName\":\"terminatedchefnodes\",\"AlarmDescription\":\"terminatedchefnodes\",\"AWSAccountId\":\"873150696559\",\"NewStateValue\":\"ALARM\",\"NewStateReason\":\"Threshold Crossed: 1 datapoint (1.0) was greater than the threshold (0.0).\",\"StateChangeTime\":\"2015-09-18T19:40:30.459+0000\",\"Region\":\"US - N. Virginia\",\"OldStateValue\":\"INSUFFICIENT_DATA\",\"Trigger\":{\"MetricName\":\"TestChefMetric\",\"Namespace\":\"CloudTrailMetrics\",\"Statistic\":\"AVERAGE\",\"Unit\":null,\"Dimensions\":[],\"Period\":900,\"EvaluationPeriods\":1,\"ComparisonOperator\":\"GreaterThanThreshold\",\"Threshold\":0.0}}",
"Timestamp" : "2015-09-18T19:40:30.506Z",
"SignatureVersion" : "1",
"Signature" : "XpE8xR8S8sZPW0Yp642c2lpfiqP9qpXg1w8HCiD4YyWLRyHaQSR5RfSBk7yANJOtApw2nIUGRgpWzBE0j5RkfW4cvRrEcRLudAqO2N5QhCJfjvl48/AxWh1qmDiyrHmr0sTpSTg4zPbMQUs7nDRrW1QwQ6cqy04PTNJuZfBNfAXBlJNCkmeyJ8+klq6edmDijMy6M4D8kAUQ+trmTqTO29/jvT0+yOtBWBIOwiRDHxRfNIJ2vOWz8mjvyU43YDYZD1AG3hDBuSbs7li/8jkY7arsK2R5mDBhYI+o/w8D/W7qdBOGJlby1umVHX4mLQBwuOdLmSxN0P34cG9feuqdlg==",
"SigningCertURL" : "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-bb750dd426d95ee9390147a5624348ee.pem",
"UnsubscribeURL" : "https://sns.us-east-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-east-1:873150696559:chefterm:467b007c-bb58-4ad6-b05b-ccd159c0515d"
}
But I instead I want to see the instance id information which was there in the CloudTrail logs : 
Upvotes: 1
Views: 403
Answers (1)
Reputation: 270184
AWS CloudTrail delivers log files to your Amazon S3 bucket approximately every 5 minutes. The delivery of these files can then be used to 'trigger' some code that checks whether a certain activity has occurred. And a good way to run this code is AWS Lambda.
The basic flow is:
- AWS CloudTrail creates a log file in Amazon S3
- This triggers a call to AWS Lambda, with custom code that can determine whether the event is of interest
- The custom code can send publish a message to Amazon SNS, which can deliver a message via email, HTTP, etc
Here are two articles that describe such a setup:
- AWS Lambda Walkthrough 5: Handling AWS CloudTrail Events
- How to Receive Alerts When Specific APIs Are Called by Using AWS CloudTrail, Amazon SNS, and AWS Lambda
Upvotes: 1
Related Questions
- How to specify SQS message attributes when used as AWS EventBridge (CloudWatch Events) target?
- Finding certain messages in SQS
- Amazon Cloudwatch alarm not triggered
- Why AWS CloudWatch Alarm cannot send notification to encrypted SNS Topic?
- Wrong SQS AWS message when I'm subscribed from a SNS Topic
- Why does SQS fail to process these messages?
- I'm unable to create a CloudWatch rule to create SQS messages using terraform
- AWS CloudWatch Alarm not triggered for SQS Metrics "NumberOfMessagesReceived"
- AWS CloudWatch alarm for SQS Number of Messages Visible
- Amazon SQS messages