To set up your system to accept events from multiple event sources,
use the AWS EventBridge service. This provides a standard notification format
for all event types, which can be parsed when creating incidents in
CSM.
Note: For our example, we will create a CloudWatch Alarm for CPU Usage
on a specific EC2 instance. However, the principles are the same and the setup
is similar for alarms of other types. You will need to update the
One-Step™
Actions
for the Create AWS Event webhook described in
Configure
CSM
to Add Incidents for AWS Product Events .
The overall workflow for the automatic creation of Incidents for your
AWS Product configuration items is shown below:
A webhook triggers the Create AWS Event
One-Step Action.
This webhook was designed as a sample to demonstrate how you might
automatically create Incidents for your AWS resources when they go into alarm
state or violate an established rule. This sample expects a CloudWatch Alarm
notification from Amazon SNS (example: An EC2 instance which has exceeded its
CPU utilization threshold) and stores the JSON from that alarm notification in
an AWS Event object record. Then, an automation process (AWS Event) creates an
Incident linked to the associated CI in your CMDB. You may wish to configure
additional, similar event types using either AWS CloudWatch or AWS Config. To
facilitate this process, we have included sample JSON for these event types, as
well as configured the (None) Create AWS Event
One-Step Action
with a decision tree that covers two possible paths:
- A notification from AWS Config that a CloudWatch Alarm has changed
from OK to ALARM state.
- A CloudWatch alarm which sends the SNS notification directly with
details about the affected resource.
There is a sample of what kind of JSON is expected for the event. It's
very particular, so we provide relevant sample code.
To configure AWS CloudWatch Alarms for
CSM: