• Products
  • Get started
  • Documentation
  • Resources

Integrate Opsgenie with Amazon CloudTrail

Overview

What does the integration offer?

The recorded information from Amazon CloudTrail includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.

Opsgenie is an alert and notification management solution that is highly complementary to Amazon CloudTrail. With this integration, Opsgenie alerts are created for Amazon CloudTrail notifications.

How does the integration work?

Use the Amazon CloudTrail Integration to forward Amazon CloudTrail notifications to Opsgenie. Opsgenie determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iOS & Android push notifications, and escalates alerts until they are acknowledged or closed.

When Amazon CloudTrail receives a new log, an alert is created in Opsgenie automatically through the integration.

Set up the integration

Amazon CloudTrail is an API-based integration. Setting it up involves the following steps:

  • Add an Amazon CloudTrail integration in Opsgenie

  • Configure the integration in Amazon CloudTrail

Add an Amazon CloudTrail integration

If you're using Opsgenie's Free or Essentials plan or if you’re using Opsgenie with Jira Service Management's Standard plan, you can add this integration from your team dashboard only. The Integrations page under Settings is not available in your plan.

  1. Go to Teams and select your team.

  2. Select Integrations on the left navigation and then select Add integration.

Adding the integration from your team dashboard will make your team the owner of the integration. This means Opsgenie will assign the alerts received through this integration to your team only. Follow the rest of the steps in this section to set up the integration.

To add an Amazon CloudTrail integration in Opsgenie:

  1. Go to Settings > Integrations.

  2. Select Add integration.

  3. Run a search and select “Amazon CloudTrail”.

  4. On the next screen, enter a name for the integration.

  5. Optional: Select a team in Assignee team if you want a specific team to receive alerts from the integration.

  6. Select Continue.
    The integration is saved at this point.

  7. Expand the Steps to configure the integration section and copy the Webhook URL.
    You will use this URL while configuring the integration in Amazon CloudTrail later.

  8. Select Turn on integration.
    The rules you create for the integration will work only if you turn on the integration.

Configure the integration in Amazon CloudTrail

  1. Create an SNS topic. For details, see Getting started with Amazon SNS.

  2. Add an HTTPS subscription to your topic with the integration URL (copied while adding the integration in Opsgenie) as the endpoint.
    For details on how to add an HTTPS subscription, see What is an Amazon SNS? If the configuration is successful, a confirmation alert is created in Opsgenie.

  3. Configure Amazon SNS notifications for Amazon CloudTrail.
    For details, see What is AWS CloudTrail?

  4. On the Configuration page, select the SNS topic you created for the Integration.

  5. Select Save.

  6. From Amazon CloudTrail Console, navigate to Trails.
    Add a new trail or use an existing one.

  7. In the S3 tab, select Advanced > SNS topic and then select Save.

Amazon CloudTrail S3 tab

Sample payload from Amazon CloudTrail integration

Sample payload (in JSON format)

1 2 3 4 5 6 7 8 9 10 11 { "Type": "Notification", "MessageId": "d7b0abd-f459-5627-b6e7-5a4cc1f84dcd", "TopicArn": "arn:aws:sns:us-west-2:3456xxxxxx:og", "Message": "{\"s3Bucket\":\"opsgenietest\",\"s3ObjectKey\":[\"AWSLogs/345678xxxxxx/CloudTrail/us-east-1/2017/01/12/345678xxxxx_CloudTrail_us-east-1_20170112T0740Z_Q8aey31rGgtoAp9d.json.gz\"]}", "Timestamp": "2017-01-12T07:42:25.469Z", "SignatureVersion": "1", "Signature": "OAXw/gb6ciZSbwZ3o1Moh7U5/1m4uBGnqQmbwL8AGuuOa2Yo9sSaHjUf0Qf4BMtlRQ5pc4ghkW0LWKyHTIikKa4MFjlrgMLf7AaYJgh/5bDhorgdiXSk04PD/me2M9Sv85xZufEj9V0ys1PnwP6X877YFKz6iDNQ9Lyi1woaRmtCPmEtbpwjWYQJRlTpEv+exuqVjm7bgfTV+1DjB5kfFdK4X8Py9lpFMyaIiT24yffTAMLssp8wcGb8ygGxX9kD0JRfIlnAtM3Mn9NI7jmCXiE4iNpISMMlNSDPrUuzUSBzXrt3ArMraLdQ==", "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-b95095bebf6a046b3aafc7f4149a.pem", "UnsubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:345678xxxxx:og:949xxxxx-fed7-4456-b172-3a5xxxxxx41" }

Payload parsed by Opsgenie (in JSON format)

1 2 3 4 { "s3Bucket": "opsgenietest", "s3ObjectKey": "AWSLogs/3456xxxxxxxx/CloudTrail/us-east-1/2017/01/12/34567xxxxxxx_CloudTrail_us-east-1_20170112T0740Z_Q8aey31rGgtoAp9d.json.gz" }

Still need help?

The Atlassian Community is here for you.