Monitor a readiness check resource with EventBridge Example readiness event patterns Specify a CloudWatch log group to use as a target

Using readiness check in Route 53 ARC with Amazon EventBridge

Using Amazon EventBridge, you can set up event-driven rules that monitor your readiness check resources in Amazon Route 53 Application Recovery Controller, and then initiate target actions that use other Amazon services. For example, you can set a rule for sending out email notifications by signaling an Amazon SNS topic when a readiness check status changes from READY to NOT READY.

Note

Route 53 ARC only publishes EventBridge events for readiness check in the US West (Oregon) (us-west-2) Amazon Region. To receive EventBridge events for readiness check, create EventBridge rules in the US West (Oregon) Region.

You can create rules in Amazon EventBridge to act on the following Route 53 ARC readiness check event:

Readiness check readiness. The event specifies if readiness check status changes, for example, from READY to NOT READY.

To capture specific Route 53 ARC events that you're interested in, define event-specific patterns that EventBridge can use to detect the events. Event patterns have the same structure as the events that they match. The pattern quotes the fields that you want to match and provides the values that you're looking for.

Events are emitted on a best effort basis. They're delivered from Route 53 ARC to EventBridge in near real-time under normal operational circumstances. However, situations can arise that might delay or prevent delivery of an event.

For information about how EventBridge rules work with event patterns, see Events and Event Patterns in EventBridge.

Monitor a readiness check resource with EventBridge

With EventBridge, you can create rules that define actions to take when Route 53 ARC emits events for readiness check resources.

To type or copy and paste an event pattern into the EventBridge console, in the console, select to the option Enter my own option. To help you determine event patterns that might be useful for you, this topic includes example readiness event patterns.

To create a rule for a resource event

Open the Amazon EventBridge console at https://console.amazonaws.cn/events/.
For the Amazon Web Services Region to create the rule in, choose US West (Oregon). This is the required Region for readiness events.
Choose Create rule.
Enter a Name for the rule, and, optionally, a description.
For Event bus, leave the default value, default.
Choose Next.
For the Build event pattern step, for Event source, leave the default value, Amazon events.
Under Sample event, choose Enter my own.
For Sample events, type or copy and paste an event pattern. For examples, see the next section.

Example readiness event patterns

Event patterns have the same structure as the events that they match. The pattern quotes the fields that you want to match and provides the values that you're looking for.

You can copy and paste event patterns from this section into EventBridge to create rules that you can use to monitor Route 53 ARC actions and resources.

The following event patterns provide examples that you might use in EventBridge for the readiness check capability in Route 53 ARC.

Select all events from Route 53 ARC readiness check.


{
    "source": [
        "aws.route53-recovery-readiness"
    ]
}

Select only events related to cells.


{
    "source": [
        "aws.route53-recovery-readiness"
    ],
    "detail-type": [
        "Route 53 Application Recovery Controller cell readiness status change"
    ]
}

Select only events related to a specific cell called MyExampleCell.


{
    "source": [
        "aws.route53-recovery-readiness"
    ],
    "detail-type": [
        "Route 53 Application Recovery Controller cell readiness status change"
    ],
    "resources": [
        "arn:aws:route53-recovery-readiness::111122223333:cell/MyExampleCell"
    ]
}

Select only events when any recovery group, cell, or readiness check status becomes NOT READY.


{
   "source":[
      "aws.route53-recovery-readiness"
   ],
   "detail-type":{
      "new-state":{
         "readiness-status":[
            "NOT_READY"
         ]
      }
   }
}

Select only events when any recovery group, cell, or readiness check becomes anything except READY


{
   "source":[
      "aws.route53-recovery-readiness"
   ],
   "detail":{
      "new-state":{
         "readiness-status":[
            {
               "anything-but":"READY"
            }
         ]
      }
   }
}

The following is an example Route 53 ARC event for a recovery group readiness status change:


{
    "version": "0",
    "account":"111122223333",
    "detail-type":"Route 53 Application Recovery Controller recovery group readiness status change",
    "source":"route53-recovery-readiness.amazonaws.com",
    "time":"2020-11-03T00:31:54Z",
    "id": "1234a678-1b23-c123-12fd3f456e78",
    "region": "us-west-2",
    "resources":[
        "arn:aws:route53-recovery-readiness::111122223333:recovery-group/BillingApp"
    ],
    "detail": {
        "recovery-group-name": "BillingApp",
        "previous-state": {
            "readiness-status": "READY|NOT_READY|UNKNOWN|NOT_AUTHORIZED"
        },
        "new-state": {
            "readiness-status": "READY|NOT_READY|UNKNOWN|NOT_AUTHORIZED"
        }
    }
}

The following is an example Route 53 ARC event for a cell readiness status change:


{
    "version": "0",
    "account":"111122223333",
    "detail-type":"Route 53 Application Recovery Controller cell readiness status change",
    "source":"route53-recovery-readiness.amazonaws.com",
    "time":"2020-11-03T00:31:54Z",
    "id": "1234a678-1b23-c123-12fd3f456e78",
    "region": "us-west-2",
    "resources":[
        "arn:aws:route53-recovery-readiness::111122223333:cell/PDXCell"
    ],
    "detail": {
        "cell-name": "PDXCell",
        "previous-state": {
            "readiness-status": "READY|NOT_READY|UNKNOWN|NOT_AUTHORIZED"
        },
        "new-state": {
            "readiness-status": "READY|NOT_READY|UNKNOWN|NOT_AUTHORIZED"
        }
    }
}

The following is an example Route 53 ARC event for a readiness check status change:


{
    "version": "0",
    "account":"111122223333",
    "detail-type":"Route 53 Application Recovery Controller readiness check status change",
    "source":"route53-recovery-readiness.amazonaws.com",
    "time":"2020-11-03T00:31:54Z",
    "id": "1234a678-1b23-c123-12fd3f456e78",
    "region": "us-west-2",
    "resources":[
        "arn:aws:route53-recovery-readiness::111122223333:readiness-check/UserTableReadinessCheck"
    ],
    "detail": {
    "readiness-check-name": "UserTableReadinessCheck",
        "previous-state": {
            "readiness-status": "READY|NOT_READY|UNKNOWN|NOT_AUTHORIZED"
        },
        "new-state": {
            "readiness-status": "READY|NOT_READY|UNKNOWN|NOT_AUTHORIZED"
        }
    }
}

Specify a CloudWatch log group to use as a target

When you create an EventBridge rule, you must specify the target where events that are matched to the rule are sent. For a list of available targets for EventBridge, see Targets available in the EventBridge console. One of the targets that you can add to an EventBridge rule is an Amazon CloudWatch log group. This section describes the requirements for adding CloudWatch log groups as targets, and provides a procedure for adding a log group when you create a rule.

To add a CloudWatch log group as a target, you can do one of the following:

Create a new log group
Choose an existing log group

If you specify a new log group using the console when you create a rule, EventBridge automatically creates the log group for you. Make sure that the log group that you use as a target for the EventBridge rule starts with /aws/events. If you want to choose an existing log group, be aware that only log groups that start with /aws/events appear as options in the drop-down menu. For more information, see Create a new log group in the Amazon CloudWatch User Guide.

If you create or use a CloudWatch log group to use as a target using CloudWatch operations outside of the console, make sure that you set permissions correctly. If you use the console to add a log group to an EventBridge rule, then the resource-based policy for the log group is updated automatically. But, if you use the Amazon Command Line Interface or an Amazon SDK to specify a log group, then you must update resource-based policy for the log group. The following example policy illustrates the permissions that you must define in a resource-based policy for the log group:


{
  "Statement": [
    {
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "events.amazonaws.com",
          "delivery.logs.amazonaws.com"
        ]
      },
      "Resource": "arn:aws:logs:region:account:log-group:/aws/events/*:*",
      "Sid": "TrustEventsToStoreLogEvent"
    }
  ],
  "Version": "2012-10-17"
}

You can't configure a resource-based policy for a log group by using the console. To add the required permissions to a resource-based policy, use the CloudWatch PutResourcePolicy API operation. Then, you can use the describe-resource-policies CLI command to check that your policy was applied correctly.

To create a rule for a resource event and specify a CloudWatch log group target

Open the Amazon EventBridge console at https://console.amazonaws.cn/events/.
Choose the Amazon Web Services Region that you want to create the rule in.
Choose Create rule and then enter any information about that rule, such as the event pattern or schedule details.

For more information about creating EventBridge rules for readiness, see Monitor a readiness check resource with EventBridge.
On the Select target page, choose CloudWatch as your target.
Choose a CloudWatch log group from the drop-down menu.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

CloudTrail logs

Identity and Access Management