def update_cloudwatch(self):
dt: datetime = self.model.job.next_transition
if not dt:
return
aws = self.model.aws
trigger_role = self.model.aws.iam_roles.trigger_run
aws_provider = self._get_aws_provider(self.model.aws.default_region)
cloudwatch.EventRule(
trigger_role,
name=trigger_role,
tags=self.standard_tags,
description=MANAGED_BY_SARI_NOTICE,
schedule_expression=
f"cron({dt.minute} {dt.hour} {dt.day} {dt.month} ? {dt.year})",
opts=pulumi.ResourceOptions(provider=aws_provider))
cloudwatch.EventTarget(
trigger_role,
arn=_get_ci_project_arn(),
role_arn=
f"arn:aws:iam::{aws.account}:role/service-role/{trigger_role}",
rule=trigger_role,
opts=pulumi.ResourceOptions(provider=aws_provider))
role=role.arn,
runtime="python3.6",
handler="lambda_handler.morgue_stalker",
s3_key=config.require("artifact_name"),
s3_bucket="morgue-artifacts",
tracing_config={"mode": "Active"},
timeout=900,
layers=[dependency_layer.arn],
environment={"variables": {
"MORGUE_BUCKETNAME": bucket.id
}},
)
event_rule = cloudwatch.EventRule(
f"{MODULE_NAME}-event-rule",
name=f"{MODULE_NAME}-very-cool-every-minute",
schedule_expression="rate(10 minutes)",
)
event_target = cloudwatch.EventTarget(f"{MODULE_NAME}-event-target",
arn=aws_lambda.arn,
rule=event_rule.name)
lambda_.Permission(
"AllowInvocationFromCloudWatch",
action="lambda:InvokeFunction",
function=aws_lambda.arn,
principal="events.amazonaws.com",
source_arn=event_rule.arn,
)
variables={
"APP": service_naming_convention + "-app_",
"AMI_LIMIT": cleanup_amis_conf.require('ami_limit')
}),
tags={
"Name": service_naming_convention + "-" + lambda_name,
"Application": appname,
"Description": "Lambda to cleanup old AMIs for ASG",
"Environment": env,
"Role": "Lambda",
"Pulumi": "True"
})
event_rule = cloudwatch.EventRule(
service_naming_convention + "-cleanup_old_amis-rule",
name=service_naming_convention + '-cleanup-old-amis-event',
description="This is lambda for cleanup old amis",
schedule_expression="cron(0 3 ? * SUN *)")
cloudwatch.EventTarget(service_naming_convention + "-cleanup-old-amis-target",
arn=cleanup_old_amis.arn,
rule=event_rule.name)
lambda_.Permission(service_naming_convention + "-cleanup-old-amis-permission",
action="lambda:InvokeFunction",
function=cleanup_old_amis.name,
principal="events.amazonaws.com",
source_arn=event_rule.arn)
export('lambda_name', cleanup_old_amis.id)
export('bucket_name', LAMBDA_BUCKET)
import json
from pulumi_aws import cloudwatch, sns, dynamodb, ec2, ecr, ecs, iam, kinesis, sqs
## CloudWatch
logins_topic = sns.Topic("myloginstopic")
event_rule = cloudwatch.EventRule("myeventrule",
event_pattern=json.dumps({
"detail-type":
["AWS Console Sign In via CloudTrail"]
}))
event_target = cloudwatch.EventTarget("myeventtarget",
rule=event_rule.name,
target_id="SendToSNS",
arn=logins_topic.arn)
log_group = cloudwatch.LogGroup("myloggroup")
log_metric_filter = cloudwatch.LogMetricFilter(
"mylogmetricfilter",
pattern="",
log_group_name=log_group.name,
metric_transformation=cloudwatch.LogMetricFilterMetricTransformationArgs(
name="EventCount",
namespace="YourNamespace",
value="1",
))
log_stream = cloudwatch.LogStream("mylogstream", log_group_name=log_group.name)