Attempted to implment EventBridge alerts that triggers an SNS notification whenever an event from Service Catalog (SC) is received/occurs. I tried the following event rules and patterns in terraform:
resource "aws_cloudwatch_event_rule" "servicecatalog_event_rule" {
name = "servicecatalog-rule"
description = "Event rule to trigger SNS topic on Service Catalog events"
event_pattern = <<EOF
{
"source": ["aws.servicecatalog"]
}
EOF
}
Pattern 2: API calls through CloudTrail (found this on the AWS management console).
{
"source": ["aws.servicecatalog"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["servicecatalog.amazonaws.com"]
}
}
SNS topic is also attached to a resource-based policy. This policy worked for CodePipeline events and ECS events. I am not sure if this is enough for Service Catalog or if it needs more access:
resource "aws_sns_topic_policy" "servicecatalog_topic_policy" {
arn = aws_sns_topic.servicecatalog_sns_topic.arn
policy = <<EOF
{
"Version": "2012-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sns:Publish",
"Resource": "${aws_sns_topic.servicecatalog_sns_topic.arn}"
}
]
}
EOF
}
resource "aws_cloudwatch_event_target" "servicecatalog_event_target" {
rule = aws_cloudwatch_event_rule.servicecatalog_event_rule.name
target_id = "servicecatalog_event_target"
arn = aws_sns_topic.servicecatalog_sns_topic.arn
}
I have generated test events by doing actions in Service Catalog (such as provisioning a product or creating a portfolio) but the SNS was not still getting triggered in any of the attempts. Am I missing something? Does the policy need more access or is this an issue with Service catalog?