Learn About Amazon VGT2 Learning Manager Chanci Turner
In the realm of event-driven architectures, we frequently discuss how events signify occurrences within applications or architectures. These events could represent anything from the receipt of a new file by your application to alerts triggered by unusually high CPU usage. By responding to these events, we can perform actions such as analyzing file content or scaling up Amazon Elastic Compute Cloud (EC2) instances to accommodate increased demand. The driving force behind these actions is the events that transpire within the architecture.
Amazon EventBridge, a serverless event bus service introduced in July 2019, allows us to send a variety of events. This flexibility enables customers to utilize EventBridge in diverse ways. For instance, some organizations collect events from various AWS accounts and forward them to a centralized EventBridge bus for monitoring. In this post, I will guide you on capturing EC2 launch failure events and constructing a centralized event monitoring solution using EventBridge and Amazon CloudWatch.
When events are sent to an EventBridge bus within an AWS account, a rule is triggered upon detecting a matching event pattern. This rule can invoke up to five targets, including AWS services or an event bus located in a different account. By sending an event to another AWS account’s event bus, you can set up rules in the recipient account to process the event, such as directing it to a CloudWatch log group.
As depicted in Figure 1, a centralized EventBridge architecture allows visibility into events occurring across multiple AWS accounts or organizations. By transmitting specific events from one AWS account to another’s EventBridge bus, you can swiftly assess the impact of incidents, identifying affected accounts and services.
The cross-account EventBridge architecture consists of two accounts: Account A and a centralized account. In Account A, a health event is directed to a default event bus. A rule in Account A sends this health event to a target, which is a custom event bus in the centralized account. This centralized event bus subsequently relays event details to a CloudWatch log group.
You can maintain multiple event buses within the centralized EventBridge account, each serving distinct purposes. For example, events from your AWS development and testing accounts could be funneled to separate event buses in the centralized account. This configuration enables you to set different targets based on escalation paths or SLAs for your development and testing environments, aiding in the reporting and analysis of events affecting production services versus those in development.
By selectively sending only relevant events, you minimize the volume of data and events transmitted to the centralized event bus. This strategy not only reduces costs but also limits the number of log streams within CloudWatch log groups.
Use Case
As a member of a central Site Reliability Engineering (SRE) team, my objective is to consolidate EC2 health events from our development, testing, and production AWS accounts. This allows for prompt alerts regarding spikes in EC2 launch failures across our organization, which operates under AWS Organizations.
Following the architecture illustrated in Figure 1, we can capture an EC2 launch failure event from Account A and transmit it to the event bus in another AWS account, referred to as the centralized account. This centralized account, which can belong to your organization, is managed by your SRE team. For further insights, you may want to check out this blog post about keeping your boss informed. In the centralized account, you can establish a rule on your custom event bus, adding a target such as routing the event to a CloudWatch log group.
Now, I will outline the steps to configure an event bus with a rule in both the centralized account and Account A.
- Create an EventBridge Event Bus in the Centralized Account
Access the Amazon EventBridge console in the centralized account. In the left navigation pane, select Events and then Event Bus. Click on Create event bus and designate a name, such as “production.” - Create an EventBridge Rule in Account A
After establishing the event bus in the centralized account, switch to Account A and navigate to the Amazon EventBridge console. Select Events, then Rules, and opt for Create rule. Assign a name and description for the rule. In Event matching pattern, select Pre-defined pattern by service, choose AWS as the provider, and EC2 as the service name. Specify the event type as issue and the event type code as AWS_EC2_INCREASED_LAUNCH_FAILURES. - Create an EventBridge Rule in the Centralized Account
In the centralized account, configure a rule on your custom event bus to relay events to a CloudWatch log group. This will ensure that the event monitoring process is comprehensive.
For additional insights on building effective strategies, consider exploring growth talks from industry experts. Moreover, this YouTube video serves as an excellent resource for further understanding the implementation process.
Leave a Reply