Log Command Execution Status Changes for Run Command
You can use Amazon CloudWatch Events and a simple AWS Lambda function to log command execution status changes. You can create a rule that runs whenever there is a state transition, or when there is a transition to one or more states that are of interest.
Amazon EC2 Simple Systems Manager Event Types
SSM sends the following data to CloudWatch Events.
Example 1—EC2 Command Status-change Notification: This example includes information about execution status changes for a command that was sent to multiple instances.
{
"version": "0",
"id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718",
"detail-type": "EC2 Run Command – Command Status change",
"source": "aws.ssm",
"account": "123456789012",
"time": "2016-03-14T18:43:48Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:123456789012:instance/i-12345678",
"arn:aws:ec2:us-east-1:123456789012:instance/i-12345670",
"arn:aws:ec2:us-east-1:123456789012:instance/i-12345679"
],
"detail": {
"command-id": "aws.ssm.12345678-1234-1234-1234-12345678",
"requested-date-time":"2016-03-14T18:43:48Z",
"expire-after":"2016-03-14T18:43:48Z",
"output-s3bucket-name":"mybucket",
"output-s3key-prefix":"test",
"parameters":"parameter",
"status": "Success"
}
} Example 2—EC2 Command Invocation Status-change Notification: This example includes information about a command that was sent to multiple instances, but the event shows details for only one instance, or invocation of that command.
{
"version": "0",
"id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718",
"detail-type": "EC2 Run Command – Command Invocation Status change",
"source": "aws.ssm",
"account": "123456789012",
"time": "2016-03-14T18:43:48Z",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:123456789012:instance/i-12345678"
],
"detail": {
"command-id": "aws.ssm.12345678-1234-1234-1234-12345678",
"instance-id":"i-12345678",
"requested-date-time":"2016-03-14T18:43:48Z",
"status": "Success"
}
} Log SSM Command Execution Status Changes
In the following example scenario, you will create a simple AWS Lambda function, route events from SSM to it, and then test your scenario to ensure that it's set up correctly.
To log command execution status changes for Run Command, you must do the following.
Step 1: Create an AWS Lambda Function
To create an AWS Lambda function
Open the AWS Lambda console at https://console.aws.amazon.com/lambda/.
Choose Create a Lambda function, and then on the Select blueprint screen, choose hello-world.
On the Configure function screen, in the Name field, type a name for the event. This example uses SomethingHappened.
In the Lambda function code section, edit the sample code to match the following example:
console.log('Loading function'); exports.handler = function(event, context, callback) { console.log('SomethingHappened()'); console.log('Here is the event:', JSON.stringify(event, null, 2)); callback(null, “Ready”); };Under Lambda function handler and role, in the Role field, if you have a lambda_basic_execution_rule, select it. Otherwise, create a new basic execution role.
Choose Next, and then on the Review screen, choose Edit to make any changes. If you're satisfied with the function, choose Create function.
Step 2: Route Events to Your AWS Lambda Function
To create a CloudWatch Events rule
Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
In the navigation pane, choose Events.
Choose Create rule, and then under Event selector, choose EC2 instance state-change notification.
Choose Specific state(s), and then Running from the list.
Do one of the following:
To make the rule respond to any of your instances in the region, choose Any instance.
To make the rule respond to a specific instance, choose Specific instance(s) and then in the text box, enter the instance ID.
Under Targets, choose Add target. In the Select target type list, choose AWS Lambda function.
In the Function list, select the function that you created in "Step 1: Create an AWS Lambda Function."
Choose Configure input, and then choose one of the following options:
Matched event
—Sends all of the data fields in the event to CloudWatch Logs.
Part of the matched event
—Sends only the specified data field of the event to CloudWatch Logs. You specify the part of the event using a string formatted $.
first_parameter.second_parameterFor example, to send just the Amazon EC2 instance ID, type $.detail.state in the field.
Constant
—Sends a JSON-formatted text string that you specify to CloudWatch Logs. For example, to send a text string for the event, type {"Name":"MyInstance"}. The constant must be valid JSON.
Choose Configure details. On the Configure rule details screen, in the Name field, type a name for the rule.
In the Description field, type a brief description for your rule, for example, Log command execution status changes.
If you're satisfied with the rule, choose Create rule.
Step 3: Test Your Amazon CloudWatch Events Rule
You can test your rule by executing a command with Run Command. After waiting a few minutes for the command to process, check your AWS Lambda metrics in the Amazon CloudWatch Events console to verify that your function was invoked.
To test your CloudWatch Events rule using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane choose Command History, and then execute a command to one or more instances. For more information about executing a command, see Executing a Command Using Amazon EC2 Run Command.
To view your AWS Lambda metrics, open the CloudWatch console https://console.aws.amazon.com/cloudwatch/.
In the navigation pane, under Metrics, choose Lambda to view the metrics generated by your Lambda function.
To view the output from your function, in the navigation pane, choose Logs, and then in the Log Groups list, select the /aws/lambda log group that contains the data.
Under Log Streams, select a log stream to view the data about command execution status changes.
