AWS Alerts: Get Notified on New Resource Creation

AWS Tutorials / Leave a Comment

Avoid Surprise AWS Bills: Setting Up Alerts for New Resource Creations

In modern cloud environments, ensuring control and visibility over your infrastructure is very important. As one of the leading cloud providers, AWS offers robust solutions to efficiently monitor and manage resources. I have been using AWS for over six years, working on various proof-of-concepts to test integrations and solutions within AWS services.

During this journey, I have also focused on managing costs for the services I consume. Over time, I realized that two aspects are particularly very important:

  1. Tracking the costs of all resources being consumed.
  2. Tagging all resources to track their usage across different POCs and applications.

In this blog, I will discuss a mechanism to set up notifications whenever a new resource is created in your AWS account. This mechanism helps track resources and their associated costs and adds a layer of security and compliance to your cloud operations.

Why Is This Necessary?

Tracking resource creation is critical for several reasons:

  1. Cost Management: AWS operates on a pay-as-you-go model. Untracked or unauthorized resource creation can lead to unexpected costs.
  2. Security: Unauthorized resource creation can pose a security risk. For example, an open S3 bucket or a poorly configured security group might expose sensitive data or services.
  3. Compliance: Many organizations adhere to strict regulatory standards. Monitoring resource creation ensures compliance with internal and external policies.
  4. Operational Efficiency: Immediate notifications allow teams to verify and validate newly created resources, ensuring they align with organizational guidelines.

How to Get Notified: An Example Implementation

AWS offers a combination of services to monitor resource creation and trigger notifications. Here’s a step-by-step guide:

1. Enable AWS CloudTrail

CloudTrail logs every API call in your AWS account, including resource creation events. To enable CloudTrail:

  1. Navigate to the AWS Management Console.
  2. Search for CloudTrail and click Create Trail.
  3. Provide a trail name, choose an S3 bucket for log storage, and enable the trail.
CloudTrail Creation
Screenshot
Create CloudTrail

2. Create an Amazon SNS Topic

SNS will send notifications via email, SMS, or other supported protocols. We will use this SNS Topic to send notifications.

  1. Go to the SNS console.
  2. Create a topic (e.g., ResourceCreationNotifications).
  3. Subscribe to the topic with your preferred communication method (e.g., email).
Screenshot
Screenshot
Create SNS Topic
Creating a Subscription

Confirm the subscription — Check your mail inbox.

Email Confirmation

You need to confirm the subscription to receive the notifications.

3. Set Up Amazon EventBridge

EventBridge allows you to create rules to match specific events from CloudTrail.

  1. Go to the EventBridge console.
  2. Create a new rule and name it something descriptive (e.g., NewResourceCreationRule).
  3. Set the Event Source to AWS services.
Create Rule

4. In the Event Pattern section, choose CloudTrail as the event source and define a pattern to match resource creation events. For example:

{
  "source": ["aws.ec2", "aws.s3", "aws.rds"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventName": ["CreateInstance", "CreateBucket", "CreateDBInstance", "CreateSecurityGroup"]
  }
}

Event Pattern

5. Configure the rule to send the matched events to an Amazon SNS topic.

Configure Target

4. Test the Setup

To ensure everything is configured correctly:

  1. Create a resource in AWS (e.g., a security group).
Security Group

2. EventBridge rule will check for these calls [“CreateInstance”, “CreateBucket”, “CreateDBInstance”, “CreateSecurityGroup”] in CloudTrail.

3. Verify that a notification is sent via SNS to your configured endpoint. If everything is set up correctly, you will receive an email like the following screenshot.

Notification Received

Other Possible Examples of Notifications

While this blog focuses on tracking new resource creation, similar mechanisms can be applied to other scenarios, such as:

  1. Monitoring IAM Policy Changes: Notify your team whenever an IAM policy is created or updated to prevent security misconfigurations.
  2. Detecting EC2 Instance State Changes: Get alerts when instances are started, stopped, or terminated.
  3. Tracking S3 Bucket Permissions: Set up notifications for changes in S3 bucket policies to ensure proper access control.
  4. CloudFormation Stack Events: Monitor stack creation, updates, and deletion for troubleshooting or validation purposes.
  5. AWS Billing Alerts: Use CloudWatch and SNS to notify you of sudden spikes in usage or costs.

These use cases can help improve security, compliance, and operational efficiency in your AWS environment.

Benefits of Resource Creation Notifications

  1. Enhanced Security: Instant alerts enable you to investigate suspicious activity, such as unauthorized resource creation.
  2. Proactive Cost Management: By keeping tabs on newly created resources, you can immediately shut down unwanted or unnecessary ones.
  3. Compliance Auditing: Notifications serve as an additional layer of logging, aiding compliance audits and reviews.
  4. Improved Collaboration: Notifications can be sent to relevant team members or Slack channels, ensuring everyone stays informed about infrastructure changes.

Real-World Use Case

Imagine a scenario where an intern, with all the enthusiasm in the world, decides to explore AWS and accidentally launches a massive EC2 instance. Now, this isn’t just any instance — it’s a top-tier, “will-empty-your-wallet” kind of instance. Days pass, and no one notices until the AWS bill arrives, causing mass panic when you see a whopping $4000 charge.

Fortunately, with a notification system in place, this kind of drama can be avoided. If such an instance is launched, the relevant team would be alerted immediately. They can swoop in, investigate, and terminate the instance before it racks up a cost that could rival your holiday budget. (BTW, Yes, this happened to me🫣 . So trust me when I say, lessons were learned!! )

Such situations highlight the importance of having automated notifications to track resource creation in real-time.

Conclusion

Setting up notifications for resource creation in AWS is a simple yet powerful way to enhance security, manage costs, and ensure compliance. By leveraging AWS CloudTrail, EventBridge, and SNS, you can establish a robust monitoring system tailored to your organizational needs.

Implement this in your environment today and take control of your AWS infrastructure like never before! 😊

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top