How to automate notifications on EC2 using Cloudwatch event
Now I will share about “How to automate notifications on EC2 using Cloudwatch event”. Why did I choose to discuss this topic? Maybe this topic is a little out of date. I think this is important to discuss, because some time ago there was a client of mine whose account was being compromised. The story is like this. Somehow, their access key and secret key are exposed in public, then used by the intruder to create a new instance with a fairly high type.
The instance only lasts about 1 day, and costs up to $3000 for a day. That's why I'm interested in discussing this topic. At the very least, if they previously knew an instance was created, they would be able to immediately check and then shut it down. This case is quite interesting for me. Let's get started.
Before we go to Cloudwatch, we need to create SNS topic first. This is the easiest part. Now just type, “SNS” in the search bar.
In the left panel, we can just select Topic and hit Create Topic.
For this test, we can select Standard for the type. Fill the following field below as name and display name.
Leave another options as default and hit Create topic.
If you scroll down, you will find create subscription, then hit the button.
In the subscription page, scroll down and Choose protocol as “Email” and Endpoint would be the email recipient, then hit Create subscription.
After waiting for less than 1 minute, then you will find email like this.
Just click the Confirm subscription.
Just type in the search bar, Cloudwatch.
If we look at the left panel, we can directly select Events → Rules
This is a page of Rules. Just select the Create rule button.
Make sure for the service name we select EC2 in the dropdown. Actually there are many services available here, but this time I only use EC2.
For event types, we can use EC2 Instance State-change Notification.
the use of instance state-change is to see which instances have status, creating, running, stopping, stopped, terminated, etc.
From here we will know what is happening in our EC2 instances. But the thing to remember is, if we have set up the automation system, we still have to take action.
Then we go to the target section. Just select Add target.
We can choose SNS topic for this choice.
Since I've made an SNS topic, we just have to choose it.
To configure input, we can expand the dropdown, and then select Input Transformer.
We can watch how input transformer works in the link above.
We can just go straight with the Matches event option, but the form is not really for me. The information produced in JSON form. If you get email notification, and open the email, it would be hard to identify.
We can see how the input transformer works via the link above.
I use an example like this to make it easier to see. If we only use JSON, it will be more difficult to read it in the email notification.
When everything is done, we just need to select the Configure details button, at the bottom right.
After that, the Name and Description will appear, you can fill in as you wish. When done, click the Update rule button.
Try shutting down one of the instances, and then see if any email comes in.
