After attending Mike Deck's AWS reInvent session last year on Building event-driven architectures faster than ever with Amazon EventBridge, I could not help but draw a number of parallel concepts between AWS EventBridge and our recently released vCenter Event Broker Appliance (VEBA) Fling. I thought it was a very interesting solution and certainly wanted to give it a try as I think it could really benefit some of our customers, especially for those already using our VMware Cloud on AWS solution and being able to take advantage of the various AWS Services in an event-driven fashion.
In fact, one of the use cases that I had in mind was one that we had from a VMware Cloud on AWS customer who wanted to take a vCenter Event and forward that off to AWS CloudWatch. The solution that I had shared last year was utilizing our vRealize Log Insight Cloud solution which is integrated into VMware Cloud on AWS and leveraging its webhook functionality to call into a AWS Lambda function which would then process the payload directly into CloudWatch. Although this solution works and I know several customers who have implemented something similiar, I think EventBridge could certainly provide a more flexible way to integrate not only with CloudWatch but almost any AWS Service or 3rd party service.
In addition, we no longer have to rely on logs to propagate the vCenter Events, we can take advantage of the vCenter Event Broker Appliance which has access to the stream of events from vCenter Server. This was the perfect solution for this use case and I figured this would be a great opportunity to try out the extensibility of EventBridge by sending in a custom event and this would also allow me to build an EventBridge function that could be consumed by our VEBA solution.
Setup AWS EventBridge
Step 1 - Navigate to IAM service and create a new user with the AmazonEventBridgeFullAccess policy. Once the user has been created, you will need to retrieve the access and security key under security credentials which will be required to call into the EventBridge API.
Step 2 - Navigate to the EventBridge service and create a new Event Bus. In this example, we have named it "VMware-VMC" but you can name it anything you want.
Step 3 - Next, we need to create a rule to filter on the specific events to process which we will name "vCenter-Events Rule".
In the example above, I have selected All Events which will process any events published to this Event Bus, but you can certainly apply specific patterns to match before processing.
Step 4 - Finally, we will configure the target for our events. Start off by selecting the custom Event Bus we just created and under Targets, go ahead and select CloudWatch log group and provide a name for the group.
At this point, you have successfully completed the setup of your EventBridge Bus and you can now start publishing your own custom events!
PowerShell with AWS EventBridge
You can interact with AWS EventBridge using either the AWS API and/or AWS CLI but while looking around, I came to learn AWS also has PowerShell Module for their various services. I noticed there was a Module for EventBridge, but the documentation was fairly "light" in its usage with no examples. I figured this
Step 1 - Install the AWS EventBridge PowerShell Module by running the following command:
Install-Module -Name AWS.Tools.EventBridge
Step 2 - Run the following snippet (update the EventBusName property along with your AWS Access and Secret Key) which will send a test event to our Event Bus.
$details = [pscustomobject] @{
VM = "Bar"
Details = "User Foo powered on Bar"
}
$json = ($details | ConvertTo-Json).toString()
$entry = New-Object Amazon.EventBridge.Model.PutEventsRequestEntry
$entry.EventBusName = "VMware-VMC"
$entry.Source = "vCenter"
$entry.Detail = $json
$entry.DetailType = "TestEvent"
Write-EVBEvent -Entry @($entry) -AccessKey $AWS_ACCESS_KEY -SecretKey $AWS_SECRET_KEY -Region "us-west-2"
If the operation was succesful, we should now be able to navigate to the CloudWatch console and we should see a new entry with the custom event we just published.
vCenter Event Broker Appliance with AWS EventBridge
Now we can apply the PowerShell snippet from above to create our own function that can then be deployed to the vCenter Event Broker Appliance. For a complete working implementation along with instructions for deployment, please refer to the AWS EventBridge Example. As of VEBA v0.3, AWS EventBridge is now supported natively without having to deploy a function. For detailed instructions on setting this, have a look at Patrick Kremer's blog post here.
In my example, I wanted to forward all VM deletions including the source vCenter Server, User who performed the deletion, the name of the VM and date/time to AWS EventBridge which then has a rule to store event into CloudWatch as you can see from the example below. Pretty cool if you ask me?!
I certainly see lots of interesting possibilities beyond CloudWatch and AWS EventBridge makes it seamless to integrate with other native AWS Services which can all be trigged by a specific vCenter Server Event. Who knows, maybe vCenter Event Broker Appliance could be enhanced in the future to support AWS EventBridge out of the box and customers can simply defined a policy directly within EventBridge without having to write a specific function ... 😉
Thanks for the comment!