Tags

This page describes steps to follow to setup real-time visualization of AWS Assets (vpc, subnet and virtual server) using tags-based approach.

Changelog

Introduction

Real-time visualization is only supported for vpc, subnet and virtual server resource types as of today (Feb 08, 2024).

AWS does not provide dedicated events when a vpc/subnet/vm is created. So MechCloud achieves this with the help of tags. It means you will need to create a vpc/subnet/vm with a tag named Mc-Asset-Name or add this tag to an existing vpc/subnet/vm so that these can be discovered by MechCloud automatically as soon as these are created.

This will generate events in the following formats for various resource types -

Note - Only mandatory attributes have been shown below for various events. You can remove all the attributes other than ones mentioned below (using eventbridge pipe etc) so that any sensitive information (e.g. account number) about your account is NOT posted to MechCloud.

Events

1. Create Vpc

{
    "detail-type": "Tag Change on Resource",
    "source": "aws.tag",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:vpc/vpc-12345"
    ],
    "detail": {
        "changed-tag-keys": [
            "Mc-Asset-Name"
        ],
        "service": "ec2",
        "resource-type": "vpc",
        "tags": {
            "Mc-Asset-Name": "vpc3"
        }
    }
}

2. Delete Vpc

{
    "detail-type": "Tag Change on Resource",
    "source": "aws.tag",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:vpc/vpc-12345"
    ],
    "detail": {
        "changed-tag-keys": [
            "Mc-Asset-Name"
        ],
        "service": "ec2",
        "resource-type": "vpc",
        "tags": {
            "Name": "vpc1"
        }
    }
}

3. Create Subnet

{
    "detail-type": "Tag Change on Resource",
    "source": "aws.tag",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:subnet/subnet-12345"
    ],
    "detail": {
        "changed-tag-keys": [
            "Mc-Asset-Name"
        ],
        "service": "ec2",
        "resource-type": "subnet",
        "tags": {
            "Mc-Asset-Name": "vpc2-subnet1"
        }
    }
}

4. Delete Subnet

{
    "detail-type": "Tag Change on Resource",
    "source": "aws.tag",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:subnet/subnet-12345"
    ],
    "detail": {
        "changed-tag-keys": [
            "Mc-Asset-Name"
        ],
        "service": "ec2",
        "resource-type": "subnet",
        "tags": {
            "Name": "vpc2-subnet1"
        }
    }
}

5. Create VM

{
    "detail-type": "Tag Change on Resource",
    "source": "aws.tag",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:instance/i-12345"
    ],
    "detail": {
        "changed-tag-keys": [
            "Mc-Asset-Name"
        ],
        "service": "ec2",
        "resource-type": "instance",
        "tags": {
            "Mc-Asset-Name": "Amazon Linux 1"
        }
    }
}

6. Delete VM 

{
    "detail-type": "Tag Change on Resource",
    "source": "aws.tag",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:instance/i-12345"
    ],
    "detail": {
        "changed-tag-keys": [
            "Mc-Asset-Name"
        ],
        "service": "ec2",
        "resource-type": "instance",
        "tags": {
            "Name": "Amazon Linux 1"
        }
    }
}

7. Stopping VM

{
    "detail-type": "EC2 Instance State-change Notification",
    "source": "aws.ec2",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:instance/i-12345"
    ],
    "detail": {
        "instance-id": "i-12345",
        "state": "stopping"
    }
}

{
    "detail-type": "EC2 Instance State-change Notification",
    "source": "aws.ec2",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:instance/i-12345"
    ],
    "detail": {
        "instance-id": "i-12345",
        "state": "stopped"
    }
}

8. Starting VM

{
    "detail-type": "EC2 Instance State-change Notification",
    "source": "aws.ec2",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:instance/i-12345"
    ],
    "detail": {
        "instance-id": "i-12345",
        "state": "pending"
    }
}

{
    "detail-type": "EC2 Instance State-change Notification",
    "source": "aws.ec2",
    "region": "ap-south-1",
    "resources": [
        "arn:aws:ec2:ap-south-1:0123456789:instance/i-12345"
    ],
    "detail": {
        "instance-id": "i-12345",
        "state": "running"
    }
}

Here are the steps to configure various things in AWS console to generate these events and then post these events to MechCloud endpoint described in the parent page of this page. There may be better ways to achieve this and so choose a mechanism which you feel is most suitable for achieving this. As far as you are posting the events in the above format and to a dedicated MechCloud endpoint, it should work irrespective of the way to achieve this. As better ways to achieve this may appear in future, you can use any generative AI tool (e.g. bard) to figure out a better mechanism to achieve this at any point in time.

Steps

1. Create an Event Bridge rule

Create an event bridge rule with the following details -

  • Define rule detail

    • Name - mc-tags-events

    • Event bus - default

    • Make sure that Enable the rule on the selected event bus is enabled.

    • Select Rule with an event pattern under Rule type.

  • Build event pattern

    • Creation method - Custom pattern (JSON editor)

    • Event pattern

{
  "source": ["aws.tag"],
  "detail-type": ["Tag Change on Resource"]
}

  • Select target(s)

    • Target 1

      • Target types - AWS service

      • Select a target - SQS Queue

      • Queue - management-events.fifo

      • Message group ID - mc-tags-events

PreviousAWSNextCloudTrail

Last updated