• Products
  • Get started
  • Documentation
  • Resources
Products
Get started
Documentation
Resources
Atlassian Support
/
Opsgenie
/
Resources
/
Integrate Opsgenie with your IT tools
/
Integrate Opsgenie with your tools

Integrate Opsgenie with Amazon CloudTrail

The recorded information from Amazon CloudTrail includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.

Opsgenie is an alert and notification management solution that is highly complementary to Amazon CloudTrail. With this integration, Opsgenie alerts are created for Amazon CloudTrail notifications.

What does Opsgenie offer Amazon CloudTrail users?

Use Opsgenie’s Amazon CloudTrail Integration to forward Amazon CloudTrail notifications to Opsgenie. Opsgenie determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed.

Functionality of the integration

When Amazon CloudTrail receives a new log, an alert is created in Opsgenie automatically through the integration.

Add Amazon CloudTrail Integration to Opsgenie

You can add this integration from your team dashboard

If you're using Opsgenie's Free or Essentials plan, or if you’re using Opsgenie with Jira Service Management's Standard plan, you can only add this integration from your team dashboard as the Integrations page under Settings is not available in your plan.

Adding the integration from your team dashboard will make your team the owner of the integration. This means Opsgenie will assign the alerts received through this integration to your team only.

To do that,

  1. Go to your team’s dashboard from Teams,

  2. Select Integrations, and select Add integration.

Follow the rest of the steps to complete the integration.

  1. Go to Settings > Integrations. Search for Amazon CloudTrail and select Add

  2. Specify who is notified of Amazon CloudTrail alerts using the Responders field. Auto-complete suggestions are provided as you type.

  3. Select Save Integration.

Amazon CloudTrail integration

Configuration in Amazon CloudTrail

  1. Go to SNS dashboard. From the dashboard click the Create Topic action.

Amazon CloudTrail SNS dashboard

2. Fill in the required fields and click Create topic.

Amazon CloudTrail create topic

3. From Topic details page click Create subscription.

Amazon CloudTrail topic details

4. Choose HTTPS in the "Protocol" field and in the "Endpoint" field, paste the URL from the Opsgenie’s Amazon CloudTrail integration page (There is a sample in the section Add Amazon CloudTrail Integration to Opsgenie). Then click Create subscription.

Amazon CloudTrail create subscription

Upon successfully configuring SNS subscription to Opsgenie a confirmation alert is created in Opsgenie.

Amazon CloudTrail confirmation alert

5. Configure Amazon SNS notifications for Amazon CloudTrail to send notifications to the SNS topic previously created.

6. From Amazon CloudTrail Console navigate to Trails. Add a new trail or use an existing one.

Amazon CloudTrail console trails

7. In the S3 tab, click Advanced and from there choose SNS topic, then click Save.

Amazon CloudTrail S3 tab

Sample Payload from Opsgenie Amazon CloudTrail Integration

JSON

1 2 3 4 5 6 7 8 9 10 11 { "Type": "Notification", "MessageId": "d7b0abd-f459-5627-b6e7-5a4cc1f84dcd", "TopicArn": "arn:aws:sns:us-west-2:3456xxxxxx:og", "Message": "{\"s3Bucket\":\"opsgenietest\",\"s3ObjectKey\":[\"AWSLogs/345678xxxxxx/CloudTrail/us-east-1/2017/01/12/345678xxxxx_CloudTrail_us-east-1_20170112T0740Z_Q8aey31rGgtoAp9d.json.gz\"]}", "Timestamp": "2017-01-12T07:42:25.469Z", "SignatureVersion": "1", "Signature": "OAXw/gb6ciZSbwZ3o1Moh7U5/1m4uBGnqQmbwL8AGuuOa2Yo9sSaHjUf0Qf4BMtlRQ5pc4ghkW0LWKyHTIikKa4MFjlrgMLf7AaYJgh/5bDhorgdiXSk04PD/me2M9Sv85xZufEj9V0ys1PnwP6X877YFKz6iDNQ9Lyi1woaRmtCPmEtbpwjWYQJRlTpEv+exuqVjm7bgfTV+1DjB5kfFdK4X8Py9lpFMyaIiT24yffTAMLssp8wcGb8ygGxX9kD0JRfIlnAtM3Mn9NI7jmCXiE4iNpISMMlNSDPrUuzUSBzXrt3ArMraLdQ==", "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-b95095bebf6a046b3aafc7f4149a.pem", "UnsubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:345678xxxxx:og:949xxxxx-fed7-4456-b172-3a5xxxxxx41" }

This payload is parsed by Opsgenie as:

JSON

1 2 3 4 { "s3Bucket": "opsgenietest", "s3ObjectKey": "AWSLogs/3456xxxxxxxx/CloudTrail/us-east-1/2017/01/12/34567xxxxxxx_CloudTrail_us-east-1_20170112T0740Z_Q8aey31rGgtoAp9d.json.gz" }

Additional Help

On this pageWhat does Opsgenie offer Amazon CloudTrail users?Functionality of the integrationAdd Amazon CloudTrail Integration to OpsgenieConfiguration in Amazon CloudTrailSample Payload from Opsgenie Amazon CloudTrail Integration
CommunityQuestions, discussions, and articles