Send AWS EventBridge events to Chronosphere

AWS EventBridge is a serverless service you can use to route a stream of real-time data from your applications, third-party software, and AWS services to targets that include HTTP APIs and third-party integrations. You configure routing rules to route events to a target.

AWS EventBridge API destinations are HTTP endpoints you can configure as the target for a rule. Use API destinations to send events from AWS EventBridge to Chronosphere.

Create an API token

Before configuring an API destination, create an API token in the Chronosphere app, which you use to authenticate.

Create an API destination

To configure AWS EventBridge to send events to Chronosphere:

  1. Create an API destination by completing the steps in the AWS EventBridge documentation (opens in a new tab).

  2. Configure the API destination you created:

    1. For the Authorization type, select API Key. Enter API-Token as your API key name, and enter the API token you created as the value.

    2. For the destination endpoint, enter https://ADDRESS/api/v1/data/events and select POST as the HTTP method.

      Replace ADDRESS with your company name prefixed to your Chronosphere instance that ends in .chronosphere.io. For example, MY_COMPANY.chronosphere.io.

    3. For the Invocation rate limit per second, enter 5 as the value.

    4. Select Use an existing connection and select the connection you created.

  3. Create an AWS EventBridge rule (opens in a new tab) that reacts to events:

    • Define the rule detail: Enter details for the rule and select Rule with an event pattern as the rule type.
    • Build the event pattern: Select Use pattern form as the creation method, and define the event pattern.
    • Define the target: Select EventBridge API destination as the target type, choose your existing API destination from the list, and select Create a new role for this specific resource.
  4. Expand Additional settings and configure an input transformation (opens in a new tab) to handle mapping from an AWS event to a Chronosphere CreateEvent payload. This definition sends the transformed event to a target instead of the original event.

    You configure an input path to define variables, and then configure an input template to match your event payload.

  5. Configure the input path to reference parameters in your event and store those values in variables. For example:

    {
      "time": "$.time",
      "resources": "$.resources",
      "detail": "$.detail",
      "state": "$.detail.state.value",
      "prevState": "$.detail.previousState.value",
      "alarmName": "$.detail.alarmName",
      "description": "$.detail.configuration.description",
      "detail": "$.detail",
      "region": "$.region"
    }
  6. Configure the input template to specify the information you want to pass to your target. This template matches your event payload and uses the variables defined in your input path. You must surround all variables with angle brackets <>.

    For example, the following template defines an AWS CloudWatch input:

    {
      "event": {
        "happenedAt": "<time>",
        "category": "alerts",
        "labels": {
          "description": "<description>",
          "aws_source": "aws.cloudwatch",
          "region": "<region>"
        },
        "source": "EventBridge",
        "title": "CloudWatch Alarm <alarmName> is in state <state>",
        "type": "CloudWatch_Alarm_State_Change",
        "payload_object": <detail>
      }
    }
  7. For each additional event type you want to map to a change event, configure a rule and select your existing API destination as the target. Each rule can have its own input transformer.

Troubleshooting

To return error messages and view responses from the API, configure an Amazon Simple Queue Service (SQS).

  1. Create a queue (opens in a new tab) in Amazon SQS.
  2. Open the AWS EventBridge rule (opens in a new tab) you created previously.
  3. Click the Targets tab and then click Edit.
  4. Expand the Additional settings section.
  5. In the Dead-letter queue section, click Select an Amazon SQS queue in the current AWS account to use as the dead-letter queue, then select the SQS queue you created.
  6. Update the EventBridge rule.

AWS EventBridge sends events that match this rule to the dead-letter queue if they're not successfully delivered to the target.