5. Setup CloudWatch Events

In this step, we will be creating an Amazon CloudWatch Events rule to capture AWS Abuse events and invoking the Lambda function created in Step 4 as the target.

  1. From the AWS Management Console, navigate to the N. Virginia (us-east-1) region.

  2. Navigate to the Amazon CloudWatch console by clicking on the Find Services search bar, typing CloudWatch in the search bar, and pressing Enter.

    Open CW Console

  3. In the Navigation pane, under Events click on Rules.

  4. Click on Create rule.

  5. In the Event Source panel on the left, under Event Pattern Preview, click on Edit.

  6. In the edit field, past the rule below:

    {
      "source": [
        "aws.health"
      ],
      "detail-type": [
        "AWS Health Abuse Event"
      ],
      "detail": {
        "service": [
          "ABUSE"
        ],
        "eventTypeCategory": [
          "issue"
        ],
        "eventTypeCode": [
          "AWS_ABUSE_DOS_REPORT"
        ]
      }
    }
    
  7. Click on Save.

  8. In the Targets panel on the right, click on Add target*

  9. Select the Lambda function created in Step 4

  10. Scroll to the bottom of the page and click on Configure details

  11. Enter Name. Example: aws_health_dos_report_cwe_rule_reinvent

  12. Click on Create rule.