AWS Eventbridge events for Route53

amazon-web-services aws-lambda

We have developed an alerting system, each time a new hostname is added or removed from Route 53 dns records. System automatically detects there is a new instance added to the cluster, populates its hostname thru the tags, and sends it to the Route 53 thru a cli script, it updates the domain record, adds or removes the hostname of the ec2 instance removed or adds the ec2 instance added. But since we are a large org, this provides alerts for all the domain names in the org's aws environment. We want to restrict this to a few specific domain names, (not all of them in the dev environment for example).

As you can imagine, we deployed EventBridge to trigger SNS to a slack endpoint.

But in order to restrict this alerting only 2 domains in the system, we want to be able to filter the domain name right before eventBridge trigger the event and send the alert, there fore we can only get alerts on specific domains instead of all of them.

how could i filter domain names that are being processed by Route53 before the eventbridge event triggered ?

Thank you.


Solution 1

If the domain records for which you want to trigger are in the same Route 53 hosted zones, you can use the following EventBridge event pattern to filter on the basis of hosted zone IDs:

{
  "source": ["aws.route53"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["route53.amazonaws.com"],
    "eventName": ["ChangeResourceRecordSets"],
    "requestParameters": {
      "hostedZoneId": ["your-hosted-zone-id-of-domain1-here", "hosted-zone-id-of-domain2-here"]
    }
  }
}

The above event pattern would match changes made to records in any of the hosted zones whose ids are present in the hostedZoneId array.

Solution 2

Use this only if you have to trigger for a specific domain or subdomain in a hosted zone, and not for all domain record changes in a hosted zone:

{
  "source": [
    "aws.route53"
  ],
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "route53.amazonaws.com"
    ],
    "eventName": [
      "ChangeResourceRecordSets"
    ],
    "requestParameters": {
      "changeBatch": {
        "changes": {
          "resourceRecordSet": {
            "name": ["subdomain.example.com.", "example.com."]
          }
        }
      }
    }
  }
}

The above event pattern would match ChangeResourceRecordSets API calls which make changes to "subdomain.example.com." or "example.com."

Disclaimer: The ChangeResourceRecordSets API call allows changes to multiple domain records in the same API call as long as they are in the same hosted zone. Even if only one of the domain record changes in the API call is relevant to you, the event would trigger. This makes solution 1 more reliable and easy to code for.

Related

Uninstall Gnome 3.10 completly from Ubuntu 13.10
I add a PPA but the software does not show up in Ubuntu 11.10 updates nor Software Centre [duplicate]
Brightness control does not work on Ubuntu 20.04 LTS with Nvidia GeForce GTX 1660 Ti
Google Earth and $BROWSER environment variable
Upgraded to Ubuntu 14.10 and *everything* lags
Broken gtk theme?
Speech Recognition API
How to configure apache and iptables to allow incoming connections ubuntu server?
hibernate resume failure
Error setting kb layout with `setxkbmap`
Getting an error on Live USB boot: "(initramfs) Unable to find a medium containing a live file system"
How to make the VT display chinese characters?