# Monitoring events in AWS Health with Amazon EventBridge Monitoring for Health events with EventBridge You can use Amazon EventBridge to detect and react to AWS Health events. Then, based on rules that you create, EventBridge invokes one or more target actions when an event matches the values that you specify in a rule. Depending on the type of event, you can capture event information, initiate additional events, send notifications, take corrective action, or perform other actions. For example, you can use AWS Health to receive email notifications if you have AWS resources in your AWS account that are scheduled for updates, such as Amazon Elastic Compute Cloud (Amazon EC2) instances. **Notes** AWS Health delivers events on a *durable* basis and attempts to successfully deliver events to EventBridge at least once. Any EventBridge rules that you create can only receive notifications for your AWS account. To receive organizational events for other accounts within your AWS Organizations, see [Aggregating AWS Health events using organizational view and delegated administrator access](https://docs.aws.amazon.com/health/latest/ug/aggregating-health-events.html). Public health events might take up to one hour to start sending after you create an EventBridge rule. You can choose between multiple target types for EventBridge as part of your AWS Health workflow, including: + AWS Lambda functions + Amazon Kinesis Data Streams + Amazon Simple Queue Service (Amazon SQS) queues + Built-in targets (such as CloudWatch alarm actions) + Amazon Simple Notification Service (Amazon SNS) topics For example, you can use a Lambda function to pass a notification to a Slack channel when an AWS Health event occurs. Or, you can use Lambda and EventBridge to send custom text or SMS notifications with Amazon SNS when an AWS Health event occurs. For samples of automation and customized alerts that you can create in response to AWS Health events, see the [AWS Health Tools](https://github.com/aws/aws-health-tools) in GitHub. **Topics** + [ # Creating EventBridge rules for AWS Region coverage ](choosing-a-region.md) + [ # Monitoring account-specific and public events for AWS Health ](about-public-events.md) + [ # Viewing paginated lists of AWS Health events on EventBridge ](pagnation-of-health-events.md) + [ # Aggregating AWS Health events using organizational view and delegated administrator access ](aggregating-health-events.md) + [ # Integrating AWS Health event monitoring and notifications with JIRA and ServiceNow ](SMC-integration.md) + [ # Configuring an EventBridge rule to send notifications about events in AWS Health ](creating-event-bridge-events-rule-for-aws-health.md) + [ # Configuring Amazon Q Developer in chat applications to send notifications about events in AWS Health ](receive-health-events-with-aws-chatbot-event-bridge.md) + [ # Running operations on EC2 instances automatically in response to events in AWS Health ](automating-instance-actions.md) + [ # Reference: AWS Health events Amazon EventBridge schema ](aws-health-events-eventbridge-schema.md) # Creating EventBridge rules for AWS Region coverage You can create an EventBridge rule for each Region that you want to receive AWS Health events for. For example, to receive events from the Europe (Frankfurt) Region, you can create a rule for this Region. To enhance the reliability of AWS Health notifications, you can set up rules in the dedicated backup Regions. In the standard AWS partition, the US West (Oregon) Region acts as the backup region for all other Regions, while US East (N. Virginia) Region serves as the backup for the US West (Oregon) Region. When health events occur, they are automatically sent to both the primary Region and its designated backup Region. For example, if you're monitoring events in the Europe (Frankfurt) Region, then any health events are delivered to both the Europe (Frankfurt) Region and the US West (Oregon) Region. This system makes sure you continue to receive health notifications even if your primary Region experiences issues. To create a backup rule, follow the procedure for [Configuring an EventBridge rule to send notifications about events in AWS Health](creating-event-bridge-events-rule-for-aws-health.md). If you prefer not to use backup functionality, then you must add a filter to your backup region rule. For example, implement a filter for `detail.backupEvent = False`. This prevents you from receiving backup events from other regions. ## High availability setup (optional) If you want to create an EventBridge integration with high availability, make sure you have implemented rules in both the relevant and backup Regions, and then implement de-duplication using `detail.communicationId`. This makes sure you receive all events while avoiding duplicates. For more information, see [Reference: AWS Health events Amazon EventBridge schema](aws-health-events-eventbridge-schema.md). ## Simplified integration If you want to capture events from multiple AWS Regions, but prefer to configure only a single rule, then simplified integration is the appropriate option. To receive AWS Health events from all Regions in the standard AWS partition, you can set up a central rule in the US West (Oregon) Region. This single rule automatically aggregates events from all standard partition regions where you are receiving Health events. However, you won't have high availability configuration. ## Global events Some AWS Health events are not Region-specific. Events that aren't specific to a Region are called global events. These include events sent for AWS Identity and Access Management (IAM). To receive global events, you must create a rule for the US East (N. Virginia) Region. # Monitoring account-specific and public events for AWS Health When you create an EventBridge rule to monitor events from AWS Health, the rule delivers both account-specific events and public events: + *Account-specific* events affect your account and resources, such as an event that tells you about a required update to an Amazon EC2 instance or other scheduled change events. + *Public* events appear on the [AWS Health Dashboard – Service health](https://status.aws.amazon.com). Public events aren't specific to AWS accounts and provide public information about the Regional availability of a service. **Important** To receive both event types, your rule must use the `"source": [ "aws.health"]` value. Wildcards, such as `"source": [ "aws.health*"]` won't match the pattern to monitor for any events. You can identify if an event is public or account-specific in EventBridge, by using the eventScopeCode parameter. Events can have the `PUBLIC` or `ACCOUNT_SPECIFIC`. You can also filter your rule on this parameter. **Example: Public events for Amazon Elastic Compute Cloud** The following event shows an operational issue for Amazon EC2 in the US East (N. Virginia) Region. ``` { "version": "0", "id": "fd9d4512-1eb0-50f6-0491-d016ae56aef0", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2023-02-15T10:07:10Z", "region": "us-east-1", "resources": [], "detail": { "eventArn": "arn:aws:health:us-east-1::event/EC2/AWS_EC2_OPERATIONAL_ISSUE", "service": "EC2", "eventTypeCode": "AWS_EC2_OPERATIONAL_ISSUE", "eventTypeCategory": "issue", "eventScopeCode": "PUBLIC", "communicationId": "01b0993207d81a09dcd552ebd1e633e36cf1f09a-1", "startTime": "Wed, 15 Feb 2023 22:07:07 GMT", "lastUpdatedTime": "Wed, 15 Feb 2023 22:07:07 GMT", "statusCode": "open", "eventRegion": "us-east-1", "eventDescription": [{ "latestDescription": "We are investigating increased API Error rates and Latencies for Amazon Elastic Compute Cloud in the US-EAST-1 Region.", "language": "en_US" }], "page": "1", "totalPages": "1", "affectedAccount": "123456789012" } } ``` ## Backup rules for AWS Health events If you're monitoring public events from an AWS Region, we recommend that you create a back up rule. Public events for AWS Health are sent simultaneously to both the impacted Region and to the backup Region when a valid rule is set in the impacted Region. AWS Health sends account-specific events to both the impacted Region and to the backup Region, regardless of any rules configured in the impacted Region. We recommend that you deduplicate AWS Health events using `eventARN` and `communicationId` because these values remain consistent for AWS Health messages that are sent to the backup Region. # Viewing paginated lists of AWS Health events on EventBridge AWS Health supports pagination of AWS Health events when the list of `resources` or `affectedEntities` causes the size of the message to exceed EventBridge’s 256KB message size limit. AWS Health includes all `resources` and `detail.affectedEntities` fields in the message. If this list of `resources` and `detail.affectedEntities` values exceeds 256KB, then AWS Health splits the health event into multiple pages and publish these pages as individual messages in EventBridge. Each page retains the same `eventARN` and `communicationId` values to help recombine the list of `resources` or `detail.affectedEntities` after all the pages are received. These additional messages might cause unecessary messages, for example when the EventBridge rule is directed to a human readable interface such as email or chat. Customers with human readable notifications can add a filter for the `detail.page` field to process only the first page, which eliminates the unnecessary messages created from subsequent pages. In the schema, each communicationId includes the hyphenated page number after the communicationId, even when there is only 1 page. The fields `detail.page` and `detail.totalPages` describe the current page number and the total number of pages for the AWS Health event. The information contained in each paginated message is the same except for the list of `detail.affectedEntities` or `resources`. These lists can be reconstructed after all the pages are received. The pages of affected resources and entities are order-agnostic. # Aggregating AWS Health events using organizational view and delegated administrator access AWS Health supports organizational view and delegated administrator access for AWS Health events published on Amazon EventBridge. When organizational view is turned on in AWS Health, then the management account or a delegated administrator account receives a single feed of AWS Health events from all accounts within your organization in AWS Organizations. This feature is designed to provide a centralized view to help manage AWS Health events across your organization. Setting up organizational view and an EventBridge rule in the management account doesn't deactivate EventBridge rules for other accounts in your organization. For more information on enabling organizational view and delegated administrator access on AWS Health, see [Aggregating AWS Health Events](https://docs.aws.amazon.com/health/latest/ug/aggregate-events.html). # Integrating AWS Health event monitoring and notifications with JIRA and ServiceNow You can integrate AWS Health events with JIRA and ServiceNow to receive operational and account information, prepare for scheduled changes, and manage Health events using the Service Management Connector (SMC). The SMC Integration with AWS Health can use Health events sent through EventBridge to automatically create, map, and update JIRA tickets and ServiceNow incidents. You can use organizational view and delegated administrator access to easily manage Health events across the organization within JIRA and ServiceNow, and incorporate AWS Health information directly into your team’s workflow. For more information on ServiceNow integration using the SMC, see [Integrating AWS Health in ServiceNow](https://docs.aws.amazon.com/smc/latest/ag/sn-aws-health.html). For more information on JIRA Management Cloud integration using the SMC, see [AWS Health in JIRA](https://docs.aws.amazon.com/smc/latest/ag/cloud-sys-health.html). # Configuring an EventBridge rule to send notifications about events in AWS Health Configuring an EventBridge rule to send notifications about events You can create an Amazon EventBridge rule to programmatically integrate AWS Health events with other services, applications, and workloads. EventBridge provides a drag and drop console interface and an API to set up rules that trigger when a matching AWS Health event is created for your account or organization. To learn how to set up a rule in EventBridge to capture AWS Health events, see [Creating rules in Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-visual.html) and [Creating rules that react to events in Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-wizard.html) in the *Amazon EventBridge User Guide*. Depending on your integration, EventBridge allows you to add parameters to the EventBridge rule to filter only the AWS Health events that you want to integrate with your use case. For incident response use cases, you might want to focus on the `issue` event category and certain critical services. For change management use cases such as planned lifecycle events, you might want to focus on AWS Health events with `ACTION_REQUIRED` in the **Actionability** field. For integrating with security use cases, you might want to focus on all AWS Health Abuse events and AWS Health events with the `SECURITY` persona field. You can use sample use cases to verify that your rule captures the events you need. Sample use cases are available in [Reference: AWS Health events Amazon EventBridge schema](aws-health-events-eventbridge-schema.md). You can also find them in the EventBridge console under the **Use Sample events provided** option in the **Test event pattern - optional** panel ## Using the API or AWS Command Line Interface For a new or existing rule, use the [PutRule](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_PutRule.html) API operation or the `aws events put-rule` command to update the event pattern. To view an example AWS CLI command, see [put-rule](https://docs.aws.amazon.com//cli/latest/reference/events/put-rule.html) in the *AWS CLI Command Reference*. **Example: Setting up rules for issues for only the Amazon EC2 service** The following event pattern creates a rule to monitor issue events for the Amazon EC2 service. ``` { "detail": { "eventTypeCategory": [ "issue" ], "service": [ "EC2" ] }, "detail-type": [ "AWS Health Event" ], "source": [ "aws.health" ] } ``` **Example: Setting up rules for all action required AWS Health events, including planned lifecycle events** The following event pattern creates a rule to monitor all AWS Health events that require action, including planned lifecycle events. ``` { "detail": { "eventTypeCategory": [ "accountNotification", "scheduledChange" ], "actionability": [ "ACTION_REQUIRED" ] }, "detail-type": [ "AWS Health Event" ], "source": [ "aws.health" ] } ``` **Example: Setting up rules for all AWS Health events for multiple services and event type categories** The following event pattern creates a rule to monitor events for the `issue`, `accountNotification`, and `scheduledChange` event type categories for three AWS services: Amazon EC2 Auto Scaling, Amazon VPC, and Amazon EC2. ``` { "detail": { "eventTypeCategory": [ "issue", "accountNotification", "scheduledChange" ], "service": [ "AUTOSCALING", "VPC", "EC2" ] }, "detail-type": [ "AWS Health Event" ], "source": [ "aws.health" ] } ``` # Configuring Amazon Q Developer in chat applications to send notifications about events in AWS Health Configuring Amazon Q Developer in chat applications to send notifications about events You can receive AWS Health events directly in your chat clients, such as Slack and Amazon Chime. You can use this event to identify recent AWS service issues that might affect your AWS applications and infrastructure. Then, you can sign in to your [AWS Health Dashboard](https://health.aws.amazon.com/health/home) to learn more about the update. For example, if you're monitoring for the `AWS_EC2_INSTANCE_STOP_SCHEDULED` event type in your AWS account, the AWS Health event can appear directly to your Slack channel. ## Prerequisites Before you get started, you must have the following: + A chat client configured with Amazon Q Developer in chat applications. You can configure Amazon Chime and Slack. For more information, see [Getting started with Amazon Q Developer in chat applications](https://docs.aws.amazon.com//chatbot/latest/adminguide/getting-started.html) in the *Amazon Q Developer in chat applications Administrator Guide*. + An Amazon SNS topic that you created and to which you're subscribed. If you already have an SNS topic, you can use an existing one. For more information, see [Getting started with Amazon SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html) in the *Amazon Simple Notification Service Developer Guide*. **To receive AWS Health events with Amazon Q Developer in chat applications** 1. Follow the procedure in [Configuring an EventBridge rule to send notifications about events in AWS Health](creating-event-bridge-events-rule-for-aws-health.md) through step 13. 1. When you finish setting up the event pattern in step 13, add a comma to the last line of the pattern, and add the following line to remove unnecessary chat messages from paginated AWS Health events. See [Viewing paginated lists of AWS Health events on EventBridge](pagnation-of-health-events.md). `"detail.page": ["1"]` 1. When you choose the target in step 16, choose an SNS topic. You will use this same SNS topic in the Amazon Q Developer in chat applications console. 1. Complete the rest of the procedure to create the rule. 1. Navigate to the [Amazon Q Developer in chat applications console](https://console.aws.amazon.com/chatbot). 1. Choose your chat client, such as your Slack channel name, and then choose **Edit**. 1. In the **Notifications - optional** section, for **Topics**, choose the same SNS topic that you specified in step 1. 1. Choose **Save**. When AWS Health sends an event to EventBridge that matches your rule, the AWS Health event will appear in your chat client. 1. Choose the event name to see more information in your AWS Health Dashboard. **Example : AWS Health events sent to Slack** The following is an example of two AWS Health events for Amazon EC2 and Amazon Simple Storage Service (Amazon S3) in the US East (N. Virginia) Region that appear in the Slack channel. ![\[Screenshot of how two AWS Health events appear in a Slack channel.\]](http://docs.aws.amazon.com/health/latest/ug/images/slack-chat-notification-for-health-events.png) # Running operations on EC2 instances automatically in response to events in AWS Health Running operations on EC2 instances automatically in response to events You can automate actions that respond to scheduled events for your Amazon EC2 instances. When AWS Health sends an event to your AWS account, your EventBridge rule can then invoke targets, such as AWS Systems Manager Automation documents, to automate actions on your behalf. For example, when an Amazon EC2 instance retirement event is scheduled for an Amazon Elastic Block Store (Amazon EBS)-backed EC2 instance, AWS Health will send the `AWS_EC2_PERSISTENT_INSTANCE_RETIREMENT_SCHEDULED` event type to your AWS Health Dashboard. When your rule detects this event type, you can automate the stop and start of the instance. This way, you don't have to perform these actions manually. **Note** To automate actions for your Amazon EC2 instances, the instances must be managed by Systems Manager. For more information, see [Automating Amazon EC2 with EventBridge](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/automating_with_cloudwatch_events.html) in the *Amazon EC2 User Guide*. ## Prerequisites You must create an AWS Identity and Access Management (IAM) policy, create an IAM role, and update the role's trust policy before you can create a rule. ### Create an IAM policy Follow this procedure to create a customer managed policy for your role. This policy gives the role permission to perform actions on your behalf. This procedure uses the JSON policy editor in the IAM console. **To create an IAM policy** 1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). 1. In the navigation pane, choose **Policies**. 1. Choose **Create policy**. 1. Choose the **JSON** tab. 1. Copy the following JSON and then replace the default JSON in the editor. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:StartInstances", "ec2:StopInstances", "ec2:DescribeInstanceStatus" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ssm:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:*:*:Automation*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::123456789012:role/AutomationEVRole" } ] } ``` ------ 1. In the `Resource` parameter, for the Amazon Resource Name (ARN), enter your AWS account ID. 1. You can also replace the role name or use the default. This example uses *AutomationEVRole*. 1. Choose **Next: Tags**. 1. (Optional) You can use tags as key–value pairs to add metadata to the policy. 1. Choose **Next: Review**. 1. On the **Review policy** page, enter a **Name**, such as *AutomationEVRolePolicy* and an optional **Description**. 1. Review the **Summary** page to see the permissions that the policy allows. If you're satisfied with your policy, choose **Create policy**. This policy defines the actions that the role can take. For more information, see [Creating IAM policies (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html) in the *IAM User Guide*. ### Create an IAM role After you create the policy, you must create an IAM role, and then attach the policy to that role. **To create a role for an AWS service** 1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). 1. In the navigation pane, choose **Roles**, and then choose **Create role**. 1. For **Select type of trusted entity**, choose **AWS service**. 1. Choose **EC2** for the service that you want to allow to assume this role. 1. Choose **Next: Permissions**. 1. Enter the policy name that you created, such as *AutomationEVRolePolicy*, and then select the check box next to the policy. 1. Choose **Next: Tags**. 1. (Optional) You can use tags as key–value pairs to add metadata to the role. 1. Choose **Next: Review**. 1. For **Role name**, enter *AutomationEVRole*. This name must be the same name that appears in the ARN of the IAM policy that you created. 1. (Optional) For **Role description**, enter a description for the role. 1. Review the role and then choose **Create role**. For more information, see [Creating a role for an AWS service](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html#roles-creatingrole-service-console) in the *IAM User Guide*. ### Update the trust policy Finally, you can update the trust policy for the role that you created. You must complete this procedure so that you can choose this role in the EventBridge console. **To update the trust policy for the role** 1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). 1. In the navigation pane, choose **Roles**. 1. In the list of roles in your AWS account, choose the name of the role that you created, such as *AutomationEVRole*. 1. Choose the **Trust relationships** tab, and then choose **Edit trust relationship**. 1. For **Policy Document**, copy the following JSON, remove the default policy, and paste the copied JSON in its place. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ssm.amazonaws.com", "events.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } ``` ------ 1. Choose **Update Trust Policy**. For more information, see [Modifying a role trust policy (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy) in the *IAM User Guide*. ## Create a rule for EventBridge Follow this procedure to create a rule in the EventBridge console so that you can automate the stop and start of EC2 instances that are scheduled for retirement. **To create a rule for EventBridge for Systems Manager automated actions** 1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/). 1. In the navigation pane, under **Events**, choose **Rules**. 1. On the **Create rule** page, enter a **Name** and **Description** for your rule. 1. Under **Define pattern**, choose **Event pattern**, and then choose **Pre-defined pattern by service**. 1. For **Service provider**, choose **AWS**. 1. For **Service name**, choose **Health**. 1. For **Event type**, choose **Specific Health events**. 1. Choose **Specific service(s)** and then choose **EC2**. 1. Choose **Specific event type category(s)** and then choose **scheduledChange**. 1. Choose **Specific event types code(s)** and then choose the event type code. For example, for Amazon EC2 EBS-backed instances, choose **`AWS_EC2_PERSISTENT_INSTANCE_RETIREMENT_SCHEDULED`**. For Amazon EC2 instance store-backed instances, choose **`AWS_EC2_INSTANCE_RETIREMENT_SCHEDULED`**. 1. Choose **Any resource**. Your **Event pattern** will look similar to the following example. **Example** ``` { "source": [ "aws.health" ], "detail-type": [ "AWS Health Event" ], "detail": { "service": [ "EC2" ], "eventTypeCategory": [ "scheduledChange" ], "eventTypeCode": [ "AWS_EC2_PERSISTENT_INSTANCE_RETIREMENT_SCHEDULED" ] } } ``` 1. Add the Systems Manager Automation document target. Under **Select targets**, for **Target**, choose **SSM Automation**. 1. For **Document**, choose `AWS-RestartEC2Instance`. 1. Expand the **Configure automation parameters(s)** and then choose **Input Transformer**. 1. For the **Input Path** field, enter **`{"Instances":"$.resources"}`**. 1. For the second field, enter **`{"InstanceId": }`**. 1. Choose **Use existing role**, and then choose the IAM role that you created, such as *AutomationEVRole*. Your target should look like the following example. ![\[Screenshot of the "SSM Automation" example in the EventBridge console.\]](http://docs.aws.amazon.com/health/latest/ug/images/event-bridge-event-pattern-ssm-automation.png) **Note** If you don't have an existing IAM role with the required EC2 and Systems Manager permissions and trusted relationship, your role won't appear in the list. For more information, see [Prerequisites](#prerequisites-automation-ec2-instances). 1. Choose **Create**. If an event occurs in your account that matches your rule, EventBridge will send the event to your specified target. # Reference: AWS Health events Amazon EventBridge schema The following is the schema for AWS Health events. The contents of the details parameter follows in a second table. Sample payloads ares provided after the schema tables. ## AWS Health event schema **AWS Health event schema** | Parameter | Description | Required | | --- | --- | --- | | version | EventBridge version, currently "0". | Yes | | id | The unique identifier for the EventBridge event. | Yes | | detail-type | The type of detail. For AWS Health events, supported values are &AWS Health Event and AWS Health Abuse Event | Yes | | source | The event bus source. For AWS Health events, the supported value is `aws.health` | Yes | | account | The account ID to which the AWS Health event was sent . For organizational views this is a different account than the affected account if it's received in the management account or delegated administrator account. | Yes | | time | The time at which the notification was sent to EventBridge. Format: yyyy-mm-ddThh:mm:ssZ. | Yes | | region | The AWS Region that the notification was delivered to. This field doesn't indicate the impacted Region for this AWS Health event. That information is reported in `detail.eventRegion`. | Yes | | resources | Describes the list of affected resources, if any, within an account. This field is empty if there are no resources referenced. | No | | detail | The section containing details of the AWS Health event, as described in the table immediately following this one. | Yes | ### Schema content of the 'details' parameter The following table documents the content of the **detail** parameter in the AWS Health event schema. **AWS Health event schema: detail parameter content** | 'detail' parameter content | Description | Required | | --- | --- | --- | | eventArn | The unique identifier for the AWS Health event for the specific Region, including the Region and event ID. An event ARN isn't unique to a specific AWS account or Region. | Yes | | service | The AWS service affected by the AWS Health event. For example, Amazon EC2, Amazon Simple Storage Service, Amazon Redshift, or Amazon Relational Database Service. | Yes | | eventTypeCode | The unique identifier for the event type. For example: AWS\$1EC2\$1INSTANCE\$1NETWORK\$1MAINTENANCE\$1SCHEDULED and AWS\$1EC2\$1INSTANCE\$1REBOOT\$1MAINTENANCE\$1SCHEDULED. Events that include MAINTENANCE\$1SCHEDULED are generally pushed out approximately two weeks before the start time. All new planned lifecycle events have the event type `AWS_{SERVICE}_PLANNED_LIFECYCLE_EVENT`. | Yes | | eventTypeCategory | The category code of the event. The supported values include issue, accountNotification, investigation, and scheduledChange. | Yes | | eventScopeCode | Indicates whether the AWS Health event is account-specific or public. Supported values are ACCOUNT\$1SPECIFIC or PUBLIC. | Yes | | communicationId | A unique identifier for this communication for the AWS Health event. Messages with the same communication ID might be backup messages or pages of a single AWS Health event. This identifier can be used with the account ID to help de-duplicate messages. With the AWS Health event pagination support, the communication ID includes the page number to keep the communication ID unique across pages, for example, 12345678910-1. For more information, see [Viewing paginated lists of AWS Health events on EventBridge](pagnation-of-health-events.md). | Yes | | startTime | The start time of the AWS Health event, in the format DoW, DD, MMM, YYYY, HH:MM:SS TZ. The start time can be in the future for scheduled events. | Yes | | endTime | The end time of the AWS Health event, in the format:DoW, DD MMM YYYY HH:MM:SS TZ. The end time can't be provided for events scheduled for a future time. | No | | lastUpdatedTime | The last update time for the AWS Health event, in the format DoW, DD MMM YYYY HH:MM:SS TZ. | Yes | | statusCode | The status of the AWS Health event. Supported values include `open`, `closed`, and `upcoming`. | Yes | | eventRegion | The impacted Region described by this AWS Health event. | Yes | | eventDescription | A section that describes the AWS Health event. This includes fields for language and text to describe the event. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/health/latest/ug/aws-health-events-eventbridge-schema.html) | Yes | | eventMetadata | Additional event metadata that can be provided for the AWS Health event. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/health/latest/ug/aws-health-events-eventbridge-schema.html) | No | | affectedEntities | An array that describes the resource value and status of affected resources within the AWS Health event. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/health/latest/ug/aws-health-events-eventbridge-schema.html) | No | | page | The page this message represents. For more information, see [Viewing paginated lists of AWS Health events on EventBridge](pagnation-of-health-events.md). Pagination occurs only on resources. If the 256KB size limit is exceeded for another reason, the communication to fail. | Yes | | totalPages | The total number of pages for this health event. For more information, see [Viewing paginated lists of AWS Health events on EventBridge](pagnation-of-health-events.md). You can use this value to determine whether you received all of the pages of a multi-page communication for an account. | Yes | | backupEvent | This flag filters out backup events in the designated backup region within a partition if customers don't want to leverage redundancy. This value can be true or false. | Yes | | affectedAccount | The account ID of the impacted account. This may be different from the value in the `account` field if this health event is sent to an account that is part of an AWS Organizations and is received in the management account or delegated administrator account. | Yes | | actionability | Metadata to activate programmatic determination of which events require action without manual inspection. Possible (single) value can be ACTION\$1REQUIRED, ACTION\$1MAY\$1BE\$1REQUIRED, or INFORMATIONAL. | No | | personas | This list of metadata activates programmatic determination of which stakeholder to route the event to. Possible (multiple) values are OPERATIONAL, SECURITY, and BILLING. | No | ## Public Health Event - Amazon EC2 operational issue ``` { "version": "0", "id": "7bf73129-1428-4cd3-a780-95db273d1602", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2023-01-27T09:01:22Z", "region": "af-south-1", "resources": [], "detail": { "eventArn": "arn:aws:health:af-south-1::event/EC2/AWS_EC2_OPERATIONAL_ISSUE/AWS_EC2_OPERATIONAL_ISSUE_7f35c8ae-af1f-54e6-a526-d0179ed6d68f", "service": "EC2", "eventTypeCode": "AWS_EC2_OPERATIONAL_ISSUE", "eventTypeCategory": "issue", "eventScopeCode": "PUBLIC", "communicationId": "01b0993207d81a09dcd552ebd1e633e36cf1f09a-1", "startTime": "Fri, 27 Jan 2023 06:02:51 GMT", "endTime": "Fri, 27 Jan 2023 09:01:22 GMT", "lastUpdatedTime": "Fri, 27 Jan 2023 09:01:22 GMT", "statusCode": "open", "eventRegion": "af-south-1", "eventDescription": [{ "language": "en_US", "latestDescription": "Current severity level: Operating normally\n\n[RESOLVED] \n\n [03:15 PM PST] We continue see recovery \n\nThe following AWS services were previously impacted but are now operating normally: APPSYNC, BACKUP, EVENTS." }], "affectedEntities": [], "page": "1", "totalPages": "1", "backupEvent": "false", "affectedAccount": "123456789012", "personas": ["OPERATIONS"] } } ``` ## Account-specific AWS Health Event - Elastic Load Balancing API Issue ``` { "version": "0", "id": "121345678-1234-1234-1234-123456789012", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2022-06-10T06:27:57Z", "region": "ap-southeast-2", "resources": [], "detail": { "eventArn": "arn:aws:health:ap-southeast-2::event/AWS_ELASTICLOADBALANCING_API_ISSUE_90353408594353980", "service": "ELASTICLOADBALANCING", "eventTypeCode": "AWS_ELASTICLOADBALANCING_API_ISSUE", "eventTypeCategory": "issue", "eventScopeCode": "ACCOUNT_SPECIFIC", "communicationId": "01b0993207d81a09dcd552ebd1e633e36cf1f09a-1", "startTime": "Fri, 10 Jun 2022 05:01:10 GMT", "endTime": "Fri, 10 Jun 2022 05:30:57 GMT", "statusCode": "open", "eventRegion": "ap-southeast-2", "eventDescription": [{ "language": "en_US", "latestDescription": "A description of the event will be provided here" }], "page": "1", "totalPages": "1", "backupEvent": "false", "affectedAccount": "123456789012", "personas": ["OPERATIONS"] } } ``` ## Account-specific AWS Health Event - backup event for Amazon EC2 Instance Store Drive Performance Degraded ``` { "version": "0", "id": "121345678-1234-1234-1234-123456789012", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2022-06-03T06:27:57Z", "region": "us-west-2", "resources": [ "i-abcd1111" ], "detail": { "eventArn": "arn:aws:health:us-east-1::event/AWS_EC2_INSTANCE_STORE_DRIVE_PERFORMANCE_DEGRADED_90353408594353980", "service": "EC2", "eventTypeCode": "AWS_EC2_INSTANCE_STORE_DRIVE_PERFORMANCE_DEGRADED", "eventTypeCategory": "issue", "eventScopeCode": "ACCOUNT_SPECIFIC", "communicationId": "01b0993207d81a09dcd552ebd1e633e36cf1f09a-1", "startTime": "Fri, 3 Jun 2022 05:01:10 GMT", "endTime": "Fri, 3 Jun 2022 05:30:57 GMT", "statusCode": "open", "eventRegion": "us-east-1", "eventDescription": [{ "language": "en_US", "latestDescription": "A description of the event will be provided here" }], "affectedEntities": [{ "entityValue": "i-abcd1111" }], "page": "1", "totalPages": "1", "backupEvent": "true", "affectedAccount": "123456789012", "personas": ["OPERATIONS"] } } ``` ## Account-specific AWS Health Event - Amazon EC2 Instance Retirement ``` { "version": "0", "id": "7bf73129-1428-4cd3-a780-95db273d1602", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2026-01-27T01:43:21Z", "region": "us-east-1", "detail": { "eventArn": "arn:aws:health:us-east-1::event/AWS_EC2_INSTANCE_RETIREMENT_SCHEDULED_90353408594353983", "service": "EC2", "eventTypeCode": "AWS_EC2_INSTANCE_RETIREMENT_SCHEDULED", "eventTypeCategory": "scheduledChange", "eventScopeCode": "ACCOUNT_SPECIFIC", "communicationId": "1234abc01232a4012345678-1", "startTime": "Thu, 27 Aug 2026 13:19:03 GMT", "lastUpdatedTime": "Thu, 27 Jan 2026 13:44:13 GMT", "statusCode": "open", "eventRegion": "us-east-1", "eventDescription": [{ "language": "en_US", "latestDescription": "A description of the event will be provided here" }], "eventMetadata": { "keystring1": "valuestring1", "keystring2": "valuestring2", "keystring3": "valuestring3", "keystring4": "valuestring4", "truncated": "true" }, "affectedEntities": [{ "entityValue": "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0", "lastUpdatedTime": "Thu, 26 Jan 2026 19:01:55 GMT", "status": "PENDING" }], "affectedAccount": "123456789012", "page": "1", "totalPages": "1", "backupEvent": "false", "personas": ["OPERATIONS"], "actionability": "ACTION_REQUIRED" } } ``` ## Account-specific AWS Health Event - Lambda Planned Lifecycle Event ``` { "version": "0", "id": "7bf73129-1428-4cd3-a780-95db273d1602", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2023-01-27T01:43:21Z", "region": "us-west-2", "resources": ["arn:lambda-1-101002929", "arn:lambda-1-101002930", "arn:lambda-1-101002931", "arn:lambda-1-101002932"], "detail": { "eventArn": "arn:aws:health:us-west-2::event/AWS_LAMBDA_PLANNED_LIFECYCLE_EVENT_90353408594353980", "service": "LAMBDA", "eventTypeCode": "AWS_LAMBDA_PLANNED_LIFECYCLE_EVENT", "eventTypeCategory": "scheduledChange", "eventScopeCode": "ACCOUNT_SPECIFIC", "communicationId": "1234abc01232a4012345678-1", "startTime": "Thu, 27 Aug 2026 13:19:03 GMT", "lastUpdatedTime": "Thu, 27 Jan 2026 13:44:13 GMT", "statusCode": "open", "eventRegion": "us-west-2", "eventDescription": [{ "language": "en_US", "latestDescription": "A description of the event will be provided here" }], "eventMetadata": { "keystring1": "valuestring1", "keystring2": "valuestring2", "keystring3": "valuestring3", "keystring4": "valuestring4", "truncated": "true" }, "affectedEntities": [{ "entityValue": "arn:lambda-1-101002929", "lastUpdatedTime": "Thu, 26 Jan 2026 19:01:55 GMT", "status": "PENDING" }, { "entityValue": "arn:lambda-1-101002930", "lastUpdatedTime": "Thu, 26 Jan 2026 19:05:12 GMT", "status": "PENDING" }, { "entityValue": "arn:lambda-1-101002931", "lastUpdatedTime": "Thu, 26 Jan 2026 19:07:13 GMT", "status": "PENDING" }, { "entityValue": "arn:lambda-1-101002932", "lastUpdatedTime": "Thu, 26 Jan 2026 19:10:59 GMT", "status": "RESOLVED" }], "affectedAccount": "123456789012", "page": "1", "totalPages": "10", "backupEvent": "false", "personas": ["OPERATIONS"], "actionability": "ACTION_REQUIRED" } } ```