Send Amazon EventBridge events to Observability Platform

Amazon EventBridge is a serverless service you can use to route a stream of real-time data from your applications, third-party software, and Amazon Web Services (AWS) to targets that include HTTP APIs and third-party integrations. You configure routing rules to route events to a target.

Amazon EventBridge API destinations are HTTP endpoints you can configure as the target for a rule. Use API destinations to send events from Amazon EventBridge to Chronosphere Observability Platform.

You can also use Amazon EventBridge to detect and react to AWS Health events, and send those events to Observability Platform. This configuration is similar to sending Google Cloud Personalized Service Health events to Observability Platform.

To send Amazon EventBridge events to Observability Platform:

1. Create an API token.
2. Create an API destination.
3. Create an Amazon EventBridge rule, depending on which events you want to send to Observability Platform:
   • Create an EventBridge rule for specific events, such as Amazon CloudWatch events.
   • Create an EventBridge rule for AWS Health events to send those events to Chronosphere.

Create an API token

Before configuring an API destination, create an API token in Observability Platform, which you use to authenticate.

Create an API destination

To configure Amazon EventBridge to send events to Observability Platform:

1. Create an API destination by completing the steps in the Amazon EventBridge documentation (opens in a new tab).

2. Configure the API destination you created:

   1. For the Authorization type, select API Key. Enter API-Token as your API key name, and enter the API token you created as the value.

   2. For the destination endpoint, enter https://ADDRESS/api/v1/data/events and select POST as the HTTP method.

      Replace ADDRESS with your company name prefixed to your Observability Platform instance that ends in .chronosphere.io. For example, MY_COMPANY.chronosphere.io.

   3. For the Invocation rate limit per second, enter 5 as the value.

   4. Select Use an existing connection and select the connection you created.

Create an Amazon EventBridge rule

You can create an Amazon EventBridge rule to get notified about specific Amazon EventBridge events in Observability Platform.

First, create an API destination. Then complete the following steps:

1. Create an Amazon EventBridge rule (opens in a new tab) that reacts to events:

   • Define the rule detail: Enter details for the rule and select Rule with an event pattern as the rule type.
   • Build the event pattern: Select Use pattern form as the creation method, and define the event pattern.
   • Define the target: Select EventBridge API destination as the target type, choose your existing API destination from the list, and select Create a new role for this specific resource.

2. Expand Additional settings and configure an input transformation (opens in a new tab) to handle mapping from an AWS event to an Observability Platform CreateEvent payload. This definition sends the transformed event to a target instead of the original event.

   You configure an input path to define variables, and then configure an input template to match your event payload.

3. Configure the input path to reference parameters in your event and store those values in variables. For example:

   {
     "time": "$.time",
     "resources": "$.resources",
     "detail": "$.detail",
     "state": "$.detail.state.value",
     "prevState": "$.detail.previousState.value",
     "alarmName": "$.detail.alarmName",
     "description": "$.detail.configuration.description",
     "detail": "$.detail",
     "region": "$.region"
   }

4. Configure the input template to specify the information you want to pass to your target. This template matches your event payload and uses the variables defined in your input path. You must surround all variables with angle brackets <>.

   For example, the following template defines an Amazon CloudWatch input:

   {
     "event": {
       "happenedAt": "<time>",
       "category": "alerts",
       "labels": {
         "description": "<description>",
         "aws_source": "aws.cloudwatch",
         "region": "<region>"
       },
       "source": "EventBridge",
       "title": "CloudWatch Alarm <alarmName> is in state <state>",
       "type": "CloudWatch_Alarm_State_Change",
       "payload_object": <detail>
     }
   }

5. For each additional event type you want to map to a change event, configure a rule and select your existing API destination as the target. Each rule can have its own input transformer.

Create an Amazon EventBridge rule for AWS Health

You can create an Amazon EventBridge rule to get notified about AWS Health events in Observability Platform.

First, create an API destination. Then complete the following steps:

1. Create an Amazon EventBridge rule (opens in a new tab) for AWS Health.

2. In the step where you choose the target type on the Select targets page, configure an input transformation (opens in a new tab) to handle mapping from an AWS event to an Observability Platform CreateEvent payload. This definition sends the transformed event to a target instead of the original event.

3. Configure the input path to reference parameters in your event and store those values in variables. For example:

   {
     "time": "$.time",
     "source": "$.source",
     "detail": "$.detail",
     "service": "$.detail.service",
     "statusCode": "$.detail.statusCode",
     "eventDescription": "$.detail.eventDescription[0].latestDescription",
     "affectedAccount": "$.detail.affectedAccount",
     "region": "$.region",
     "type": "$.detail.eventTypeCode"
   }

4. Configure the input template to specify the information you want to pass to your target. This template matches your event payload and uses the variables defined in your input path. You must surround all variables with angle brackets <>.

   For example, the following template defines an AWS Health input:

   {
     "event": {
       "happenedAt": "<time>",
       "category": "alerts",
       "labels": {
         "description": "<description>",
         "aws_source": "aws.health",
         "region": "<region>",
         "service": "<service>",
         "statusCode": "<statusCode>",
         "affectedAccount": "<affectedAccount>",
       },
       "source": "EventBridge",
       "title": "AWS Health <alarmName> is in state <state>",
       "type": "AWS Health Event",
       "payload_object": <detail>
     }
   }

5. Complete the remaining steps in the AWS Health documentation to create the EventBridge rule.

Troubleshooting

To return error messages and view responses from the API, configure an Amazon Simple Queue Service (SQS).

1. Create a queue (opens in a new tab) in Amazon SQS.
2. Open the Amazon EventBridge rule (opens in a new tab) you created previously.
3. Click the Targets tab and then click Edit.
4. Expand the Additional settings section.
5. In the Dead-letter queue section, click Select an Amazon SQS queue in the current AWS account to use as the dead-letter queue, then select the SQS queue you created.
6. Update the Amazon EventBridge rule.

Amazon EventBridge sends events that match this rule to the dead-letter queue if they're not successfully delivered to the target.