AWS EventBridge

The Scalr integration with EventBridge allows users to build event-driven Terraform and OpenTofu pipelines based on events that happen in Scalr. The events are streamed to EventBridge which can trigger actions in AWS, a partner integration source, or any other third party.

Prerequisites

  • AWS Account: An active AWS account with permissions to create and manage EventBridge rules and other related resources.
  • Scalr Account An active Scalr account with the necessary permissions to configure integrations and manage cloud environments.

Use cases

Automated Infrastructure Monitoring and Alerting

When Scalr is integrated with AWS EventBridge, users can stream run executed events to the event bus. This enables real-time monitoring of infrastructure changes initiated by Terraform runs. Users can set up EventBridge rules to trigger alerts or notifications based on specific criteria, such as infrastructure updates or failures in critical environments/workspaces.

Audit Logging

By streaming users’ activity from Scalr to EventBridge, organizations can maintain a comprehensive audit trail of all actions taken in an account. This includes tracking changes made to resources across different Scalr services. Users can leverage this audit logging capability for compliance purposes, troubleshooting, and historical analysis of Scalr changes.

Integration with Third-Party Systems for Workflow Automation

Leveraging the integration between Scalr and EventBridge, organizations can orchestrate workflow automation across their ecosystem. For example, users can create EventBridge rules to trigger actions in response to specific API events, such as provisioning additional resources in response to a Run Executed event. This integration streamlines processes, improves efficiency, and enables seamless collaboration between different teams and systems within the organization.

Configuration

  1. Log in to your AWS account and obtain the AWS account ID

  2. Log in to your Scalr account, go to Account scope, Integrations, and create a new AWS EventBridge connection:

  3. Enter the connection name, AWS account ID, and AWS region. The combination of AWS account ID and region must be unique in your account.

  4. Once a connection is created, you must finalize an event source creation in the AWS console. To do that, click on the partner source link given in the banner on top of the created connection:

  5. In the AWS console click on the Associate with event bus button and complete the action:

  6. Once the event source is associated with the event bus, you must create an event rule to forward events from Scalr to the destination of your choice. In the following example, we'll configure forwarding of the Run Executed event to the AWS CloudWatch service.

  7. To complete rule creation, go to Event buses, select the recently created bus, and click on the Create rule button:

  8. Enter a rule name, optionally its description, the event bus will be populated automatically and keep the Rule type as Rule with an event pattern and click the Next button:

  9. In the Event source keep the AWS events or EventBridge partner events value selected.

  10. In the Sample event click on the Enter my own option and paste the following JSON snippet:

  11. {
      "id": "run-1234567890",
      "account": "test",
      "version": 1,
      "time": "2024-04-19T13:44:02Z",
      "source": "aws.partner/scalr.com/account-name/integration-name",
      "resources": [],
      "region": "us-east-1",
      "detail-type": "RunExecuted",
      "detail": {
        "run-id": "run-1234567890",
        "source": "vcs",
        "is-dry": false,
        "is-destroy": false,
        "is-agent": false,
        "is-postponed": false,
        "result": "applied",
        "duration": 30000000000.0,
        "account": "account-name",
        "workspace": "workspace-name",
        "environment": "environment-name",
        "user-email": "[email protected]",
        "tags": [
          "scalr-environment:env-1234567890",
          "scalr-workspace:ws-1234567890",
          "scalr-environment-name:environment-name",
          "scalr-workspace-name:workspace-name"
        ]
      }
    }
    

  12. In the Creation method section select the Custom pattern option, and paste the following JSON snippet, and click on the Test pattern button:

  13. {
      "source": [{
        "prefix": "aws.partner/scalr.com"
      }],
      "detail-type": ["RunExecuted"]
    }
    
  14. Then click on the Next button and start the configuration of the destination. In this case, it will be CloudWatch log group:

  15. Optionally, you add tags to your rule, review it, and finalize the creation.

  16. Once a rule is created, you need to refresh the Event source status to make a connection active. In the connection details, click on the Refresh status button:

  17. Once a connection becomes active, check the RunExecuted events are streamed to the CloudWatch log group.

Event detail types

Scalr streams two types of events: RunExecuted and AuditLog.

Run Executed

The RunExecuted event is streamed automatically without additional configuration once a connection between Scalr and AWS EventBridge is established. The following event sample and pattern can be used while configuring the event bridge rule:

{
  "id": "run-1234567890",
  "account": "123456789012",
  "version": 0,
  "time": "2024-04-19T13:44:02Z",
  "source": "aws.partner/scalr.com/account-name/integration-name",
  "resources": ["arn:aws:events:us-east-1::event-source/aws.partner/scalr.com.test/account-name/integration-name"],
  "region": "us-east-1",
  "detail-type": "RunExecuted",
  "detail": {
    "run-id": "run-1234567890",
    "source": "vcs",
    "is-dry": false,
    "is-destroy": false,
    "is-agent": false,
    "is-postponed": false,
    "result": "applied",
    "duration": 30000000000.0,
    "account": "account-name",
    "workspace": "workspace-name",
    "environment": "environment-name",
    "user-email": "[email protected]",
    "tags": [
      "scalr-environment:env-1234567890",
      "scalr-workspace:ws-1234567890",
      "scalr-environment-name:environment-name",
      "scalr-workspace-name:workspace-name"
    ]
  }
}
{
  "source": [{
    "prefix": "aws.partner/scalr.com"
  }],
  "detail-type": ["RunExecuted"]
}

Audit Log

The AuditLog event is streamed after the respective setting is enabled in the Account settings if the connection between Scalr and AWS EventBridge is established. To enable audit logs, go to Settings on the account scope, click on the Audit logs menu item, and select the created connection:

The following event sample and pattern can be used while configuring the event bridge rule:

{
  "id": "63ddd008eced0487812b1005f06ddff4",
  "version": 0,
  "account": 123456789012,
  "time": "2024-04-19T13:44:02Z",
  "source": "aws.partner/scalr.com/account-name/integration-name",
  "resources": [],
  "region": "us-east-1",
  "detail-type": "AuditLog",
  "detail": {
    "target": {
      "id": "ws-1234567890",
      "type": "workspaces",
      "display-name": "workspace-name",
      "context": {
        "environment": {
          "id": "env-1234567890",
          "display-name": "environment-name"
        },
        "workspace": {
          "id": "ws-1234567890",
          "display-name": "workspace-name"
        },
        "account": {
          "id": "acc-1234567890",
          "display-name": "account-name"
        }
      }
    },
    "timestamp": "2024-04-19T13:44:02.335490",
    "request": {
      "id": "63ddd008eced0487812b1005f06ddff4",
      "action": "create-workspace",
      "ip-address": "10.21.0.30",
      "source": "ui",
      "user-agent": "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0"
    },
    "actor": {
      "id": "user-1234567890",
      "email": "[email protected]",
      "type": "user",
      "access-token": {
        "id": null,
        "type": "session",
        "token": "...UlzZ-c"
      }
    },
    "outcome": {
      "result": "SUCCESS",
      "status-code": 201
    },
    "tags": [
      "scalr-action:create-workspace",
      "scalr-user-email:[email protected]",
      "scalr-environment:env-1234567890",
      "scalr-environment-name:environment-name",
      "scalr-workspace:ws-1234567890",
      "scalr-workspace-name:workspace-name"
    ]
  }
}
{
  "source": [{
    "prefix": "aws.partner/scalr.com"
  }],
  "detail-type": ["AuditLog"]
}