Question 409356 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Eventbridge pattern for SSM document

I want to make sure that my lambda triggers only when a particular ssm document status is Success, so i have written the following eventbridge pattern but it is not working.

I want to make sure that my lambda triggers only when a particular ssm document status is Success, so i have written the following eventbridge pattern but it is not working.

"source": ["aws.ssm"],
"detail-type": ["EC2 Command Status-change Notification"],
"detail": {
    "documentName": ["MyDocument"],
    "status": ["Success"]

But when i remove the document name it is properly triggering my lambda, i would like to know how could we make sure that only if this particular document is success it has to trigger my lambda.

Tags:

2

Answers


  1. 0

    It seems there is a typo in the document’s name key.

    It has to be "document-name" instead of "documentName".

    Can you try the following:

    {
 "source": ["aws.ssm"],
 "detail-type": ["EC2 Command Status-change Notification"],
 "detail": {
           "document-name": ["MyDocument"],
           "status": ["Success"]
           }
}

    Sample event taken from AWS EventBridge:

    {
"version": "0",
"id": "51c0891d-0e34-45b1-83d6-95db273d1602",
"detail-type": "EC2 Command Status-change Notification",
"source": "aws.ssm",
"account": "123456789012",
"time": "2016-07-10T21:51:32Z",
"region": "us-east-1",
"resources": ["arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111",
"arn:aws:ec2:us-east-1:123456789012:instance/i-abcd2222"],
  "detail": {
    "command-id": "e8d3c0e4-71f7-4491-898f-c9b35bee5f3b",
    "document-name": "AWS-RunPowerShellScript", // Key name to fix in your pattern
    "expire-after": "2016-07-14T22:01:30.049Z",
    "parameters": {
      "executionTimeout": ["3600"],
      "commands": ["date"]
    },
    "requested-date-time": "2016-07-10T21:51:30.049Z",
    "status": "Success"
  }
}
    Login or Signup to reply.
  2. 0

    The issue is likely with how you’re specifying the documentName. SSM events use document-name instead of documentName. Try this pattern:

    {
  "source": ["aws.ssm"],
  "detail-type": ["EC2 Command Status-change Notification"],
  "detail": {
    "document-name": ["MyDocument"],
    "status": ["Success"]
  }
}

    A few things to double-check:

    • Make sure the document name matches exactly, including case.
    • Verify that you’re getting events for this document. You can temporarily set up a rule to log all SSM events to CloudWatch Logs for debugging.
    • If you’re using a custom document, ensure it’s in the same region as your EventBridge rule.

    If it’s still not working, you might want to use the "Test pattern" feature in the EventBridge console. This lets you paste in a sample event and see if your pattern matches.

    Also, consider using "status": ["Success", "CompletedWithSuccess"] to catch both possible success statuses.

    If you’re still having trouble, share a sample of the raw event from CloudWatch Logs, and we can help you craft the exact pattern you need.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search