Configure EventBridge Integration

Alert Logic allows you to integrate with EventBridge, which is a serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications, integrated software-as-a-service (SaaS) applications, and AWS services. EventBridgedelivers a stream of real-time data from event sources.

You can use EventBridge messages to update the status of resources in a customer's environment. Currently, only ECS Task State Change messages are processed to rediscover, or delete, ECS tasks in the asset model (represented internally as host assets). For EventBridge processing, a preexisting CloudTrail setup is required, as EventBridge messages are pulled from the same SQS queue. For more information about CloudTrail, see About AWS CloudTrail and Alert Logic.

Single-region setup

To add EventBridge processing to a preexisting single-region CloudTrail setup, you must create an EventBridge rule in the EventBridge console.

To add EventBridge processing to a single-region CloudTrail:

  1. In the EventBridge console, on the sidebar, navigate to Rules, and then click Create Rule. Ensure you are in the same region as the SQS queue used for CloudTrail processing.
  2. Give the rule a name and a description (optional).
  3. Select Event Pattern and use the following pattern: 

    {
        "source": ["aws.ecs"],
        "detail-type": ["ECS Task State Change"]
    }

  4. Select SQS Queue and set the target of the rule to the SQS queue used in the CloudTrail setup.
  5. Enter the name of the queue in the box below. Usually this name is outcomesbucket-[CustomerID].
  6. Click Create.

Multi-region setup

To add EventBridge processing to a preexisting multi-region CloudTrail setup, use the steps above for single-region setup in the region that contains the SQS queue (typically, us-east-1 or eu-west-1), and then use the steps below for each other desired region.

To add EventBridge processing to a multi-region CloudTrail:

  1. In the EventBridge console, click IAM, under Security, Identity & Compliance.
  2. From the IAM Management Console, click Roles.
  3. Click Create role, and then enter a Role name. You also have the option to enter a short description.
  4. Under Step 1: Select trusted entities, click Custom Trust Policy, and then enter the policy below:

    Copy
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Principal": {
    "Service": "events.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
    }
    ]
    }

  5. Under Step 2: Add permissions, enter the policy below: 

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": [
    "events:PutEvents"
    ],
    "Resource": [
    <ARN OF EVENT BUS IN TARGET REGION>
    ]
    }
    ]
    }

  6. Click Next.
  7. Provide the required information and review, and then click Create role.
  8. In the EventBridge console, on the sidebar, navigate to Rules, and then click Create Rule.
  9. Give the rule a name and a description (optional).
  10. Select Event Pattern and use following the pattern: 

    {
    "source": ["aws.ecs"],
    "detail-type": ["ECS Task State Change"]
    }

  11. Select Event Bus in a different account or Region to set the target of the rule to the Event Bus in the target region (us-east-1 or eu-west-1), and then enter the ARN of the Event Bus.
  12. Select Use Existing Role, and then select the role created earlier from the drop-down list.
  13. Click Create.