0
  • I have cloudtrail setup and i am sending trail events to cloudwatch logs group and i setup cloudwatch alarm with metrics filter { ($.eventName = RebootInstances) || ($.eventName = StopInstances) || ($.eventName = TerminateInstances) } to invoke SNS to send email notifications.

But I am not getting email notification every time instance is terminated. I am getting email notification only sometimes when instance is terminated.

enter image description here

VIGNESH ARUNACHALAM
  • 652
  • 4
  • 24
Nani
  • 117
  • 1
  • 12
  • Do you have more information about when you do and when you don't get an email? – kichik Jan 03 '18 at 17:36
  • 1
    It takes up to 15 minutes for events to show up in Cloudtrail log. Did you wait for few minutes? – helloV Jan 03 '18 at 17:55
  • oh okie it makes sense now, i am getting email 15 mins after instance is terminated. – Nani Jan 03 '18 at 17:59
  • could you be able to tell me the best alarm configuration. I mean what should be the datapoints like 1 out of 1 or 3 out of 3 and also what should be the statistic, average or sum? i don't understand that concept. – Nani Jan 03 '18 at 18:02

2 Answers2

1

If your instance is in auto-scaling group you can use Lifecycle Hooks to define an action (e.g. run Lambda function or send SNS notification when the instance enters certain state. This way you don't have to wait for 10 mins to receive the notification.

Putnik
  • 5,925
  • 7
  • 38
  • 58
0

Cloud trail is taking some time to update the event, I will suggest you to wait for at least 10 min after terminating the server. You will get the mail.

You can configure the notification script also under the run level which will send you an email using SES if your server reboot, shutdown or terminate.

You can go to the below blog to setup this.

https://dzone.com/articles/hot-notifyemail-yourself-when

Saurabh Srivastava
  • 175
  • 8