# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 # # Permission is hereby granted, free of charge, to any person obtaining a copy of this # software and associated documentation files (the "Software"), to deal in the Software # without restriction, including without limitation the rights to use, copy, modify, # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. AWSTemplateFormatVersion: "2010-09-09" Transform: AWS::Serverless-2016-10-31 Description: > Serverless Event Enrichment Resources: EventEnrichmentStateMachine: # Takes an EC2 Instance Event and fetches the "Name" tag if it exists then emits the enriched event. Type: AWS::Serverless::StateMachine Properties: DefinitionUri: statemachine/event-enrichment-sfn.asl.json DefinitionSubstitutions: CustomEventBusName: !Ref ApplicationEventBus Events: # EventBridge Rule to capture all EC2 instance state changes from the default EventBridge Bus EBRule: Type: EventBridgeRule Properties: Pattern: source: - "aws.ec2" detail-type: - "EC2 Instance State-change Notification" Policies: - EventBridgePutEventsPolicy: EventBusName: !Ref ApplicationEventBus - EC2DescribePolicy: Action: "ec2:DescribeInstances" Resource: "*" # Required so that workflow can call DecribeInstances on any EC2 instances to get tags. - SSMParameterReadPolicy: ParameterName: !Ref DefaultNameSSMParam ApplicationEventBus: Type: AWS::Events::EventBus Properties: Name: !Sub "${AWS::StackName}-ApplicationEventBus" Tags: - Key: "stack-origin" Value: !Sub "${AWS::StackName}" EnrichedEC2EventsRule: Type: AWS::Events::Rule Properties: Description: Sends enriched EC2 Lifecycle events to CloudWatch Logs EventBusName: !Ref ApplicationEventBus EventPattern: source: - "custom.enriched.ec2" Name: !Sub "${AWS::StackName}-EnrichedEC2EventsRule" # RoleArn: String will be needed - this Role can be copied from existing one in Isengard console. State: ENABLED Targets: - Arn: !GetAtt LogGroupForEnrichedEvents.Arn Id: LogTarget LogGroupForEnrichedEvents: Type: AWS::Logs::LogGroup DeletionPolicy: Delete #Explicit Delete as this is a demo, in Production use 'Retain' UpdateReplacePolicy: Delete #Explicit Delete as this is a demo, in Production use 'Retain' Properties: LogGroupName: /custom/enriched-ec2-events RetentionInDays: 14 Tags: - Key: "stack-origin" Value: !Sub "${AWS::StackName}" LogGroupForEnrichedEventsResourcePolicy: Type: AWS::Logs::ResourcePolicy Properties: PolicyName: "EnrichedEventsFromEventBridgeToCloudWatchLogs" PolicyDocument: !Sub '{ "Version": "2012-10-17", "Statement": [ { "Sid": "TrustEventsToStoreLogEvent", "Effect": "Allow", "Principal": { "Service": [ "events.amazonaws.com" ] }, "Action":["logs:CreateLogStream", "logs:PutLogEvents"], "Resource": "${LogGroupForEnrichedEvents}:*" } ] }' DefaultNameSSMParam: Type: AWS::SSM::Parameter Properties: Description: Stores the default name to use if no "Name" key is available on EC2 instance tag. Name: !Sub "${AWS::StackName}-DefaultNameParam" Type: String Value: NoNameTagAvailable Outputs: CloudWatchLogsConsoleURL: Description: "URL to the CloudWatch Logs log group to see the resultant enriched event in text form." Value: !Sub "https://console.aws.amazon.com/cloudwatch/home?region=${AWS::Region}#logsV2:log-groups/log-group/$252Fcustom$252Fenriched-ec2-events" StepFunctionsStateMachineConsoleURL: Description: "URL to the Step Functions State Machine that will be triggered when EventBridge rule matches an event. Open this URL after experimenting to step through an execution." Value: !Sub "https://console.aws.amazon.com/states/home?region=${AWS::Region}#/statemachines/view/${EventEnrichmentStateMachine}"