# Group lifecycle events: Monitoring resource groups for changes
After you use AWS Resource Groups to organize your resources into groups, you can monitor those groups for changes that are exposed to you as *events*. You can receive a notification about a group event as a signal for you to take some kind of action. For example, you could configure a notification that is sent whenever a group's membership changes. You could use an event from adding a new group member to trigger a Lambda function that programmatically reviews the change to ensure that new group members meet compliance requirements set by your organization. Such a Lambda function could perform automatic remediation for any new group members that fail to meet those requirements. An event caused by the removal of a group member could trigger a Lambda function that performs any required cleanup, such as deleting linked resources.
By turning on group lifecycle events for your resource groups, you allow events about changes to your groups to be captured by Amazon EventBridge and made available to all of the various EventBridge supported target services. You can then configure those target services to automatically take whatever actions your scenario requires. These targets include a variety of AWS services such as Amazon Simple Notification Service (Amazon SNS), Amazon Simple Queue Service (Amazon SQS), and AWS Lambda. With services like Lambda, your events can trigger *programmatic* responses that use code to perform whatever actions you require. For a list of the AWS services that you can target with EventBridge, see [Amazon EventBridge targets](https://docs.aws.amazon.com//eventbridge/latest/userguide/eventbridge-targets.html) in the *Amazon EventBridge User Guide*.
When you turn on group lifecycle events, AWS Resource Groups creates the following items:
+ An AWS Identity and Access Management (IAM) service-linked role that has permission to monitor your resources for any changes to their tags and your CloudFormation stacks for any changes to the resources that are part of a stack.
+ A Resource Groups managed EventBridge rule that captures the details of any tag or stack changes to your resources. EventBridge uses this rule to notify Resource Groups about those changes. Then, Resource Groups generates membership events to send to EventBridge for your custom rules to process.
The service-linked role can be assumed by *only* the Resource Groups service. For more information about the service-linked role used by Resource Groups for this feature, see [Using service-linked roles for Resource Groups](security_iam_service-linked-roles.md).
When this feature is turned on, Resource Groups generates an event when you make any of the following changes to a resource group:
+ Create a new resource group.
+ Update the query which defines the membership of [query-based resource group](gettingstarted-query.md).
+ Update the configuration of a [service linked resource group](https://docs.aws.amazon.com//ARG/latest/APIReference/about-slg.html).
+ Update the description of a resource group.
+ Delete a resource group.
+ Change a resource group's membership by adding or removing a resource from the group. A membership change can also happen when tags change, or when a CloudFormation stack changes.
**Important**
To successfully receive and respond to group events, you must make changes to both Resource Groups and EventBridge. You can perform the changes in any order, but no group events are published to EventBridge targets until after you make changes to both services.
The resource group changes don't include changes to any tags attached to the resource group itself. To generate events based on tag changes to your groups, you must use an EventBridge rule that uses the `aws.tag` source, instead of the `aws.resource-groups` source. For more information, see [Tag change events on AWS Resources](https://docs.aws.amazon.com//eventbridge/latest/userguide/event-types.html#tag-event-types) in the *Amazon EventBridge User Guide*.
**Topics**
+ [Turning on group lifecycle events in Resource Groups](monitor-groups-turn-on.md)
+ [Creating an EventBridge rule to capture group lifecycle events and publish notifications](monitor-groups-create-rule.md)
+ [Turning off group lifecycle events](monitor-groups-turn-off.md)
+ [Structure and syntax of Resource Groups lifecycle events](monitor-groups-syntax.md)
# Turning on group lifecycle events in Resource Groups
To receive notifications about lifecycle changes to your resource groups, you can turn on group lifecycle events. Resource Groups then provides information about your groups' changes to Amazon EventBridge. In EventBridge, you can evaluate and act on the changes using [rules you define in the EventBridge service](monitor-groups-create-rule.md).
**Minimum permissions**
To turn on group lifecycle events in your AWS account, you must sign in as an AWS Identity and Access Management (IAM) principal with the following permissions:
`resource-groups:UpdateAccountSettings`
`iam:CreateServiceLinkedRole`
`events:PutRule`
`events:PutTargets`
`events:DescribeRule`
`events:ListTargetsByRule`
`cloudformation:DescribeStacks`
`cloudformation:ListStackResources`
`tag:GetResources`
When you initially turn on group lifecycle events in an AWS account, Resource Groups creates a [service-linked role named `AWSServiceRoleForResourceGroups`](security_iam_service-linked-roles.md). This managed role has permission to use a Resource Groups managed EventBridge rule. The rule monitors the tags attached to your resources and the CloudFormation stacks in your account for any changes. Resource Groups then publishes those changes to the default event bus in Amazon EventBridge. The service also creates an EventBridge managed rule named `[Managed.ResourceGroups.TagChangeEvents](https://console.aws.amazon.com/events/home#/eventbus/default/rules/Managed.ResourceGroups.TagChangeEvents)`. This rule captures the details of tag changes of your resources. This lets Resource Groups generate membership events to send to EventBridge for your custom rules to process. Your EventBridge rules can then respond to events by sending notifications to the rules' configured targets.
After you complete these steps, rules that look for these events should start receiving them in a few minutes.
You can turn on group lifecycle events by using either the AWS Management Console or by using a command from the AWS CLI or one of the SDK APIs.
**Note**
You can't turn on group lifecycle events if your resource groups quota is too high. For more information, review [Viewing service quotas](https://docs.aws.amazon.com/servicequotas/latest/userguide/gs-request-quota).
------
#### [ AWS Management Console ]
**To turn on group lifecycle events in the Resource Groups console**
1. Open the **[Settings](https://console.aws.amazon.com/resource-groups/groups/settings)** page in the Resource Groups console.
1. In the **Group lifecycle events** section, choose the switch next to **Notifications are turned off**.
1. On the confirmation dialog, choose **Turn on notifications**.
The feature switch displays **Notifications are turned on**.
That completes the first part of the process. After you turn on event notifications, you can [create rules in Amazon EventBridge](monitor-groups-create-rule.md) that capture the events and send them to specific AWS services for processing.
------
#### [ AWS CLI ]
**To turn on group lifecycle events by using the AWS CLI or the AWS SDKs**
The following example show how to use the AWS CLI to turn on group lifecycle events in Resource Groups. Enter the command with the service principal parameter exactly as shown. The output shows both the current status and the desired status of the feature.
```
$ aws resource-groups update-account-settings \
--group-lifecycle-events-desired-status ACTIVE
{
"AccountSettings": {
"GroupLifecycleEventsDesiredStatus": "ACTIVE",
"GroupLifecycleEventsStatus": "IN_PROGRESS"
}
}
```
You can confirm that the feature is turned on by running the following example command. When both status fields show the same value, then the operation is complete.
```
$ aws resource-groups get-account-settings
{
"AccountSettings": {
"GroupLifecycleEventsDesiredStatus": "ACTIVE",
"GroupLifecycleEventsStatus": "ACTIVE"
}
}
```
For more information, see the following resources:
+ AWS CLI – [aws resource-groups update-account-settings](https://docs.aws.amazon.com//cli/latest/reference/resource-groups/update-account-settings.html) and [aws resource-groups get-account-settings](https://docs.aws.amazon.com//cli/latest/reference/resource-groups/get-account-settings.html)
+ API – [UpdateAccountSettings](https://docs.aws.amazon.com//ARG/latest/APIReference/API_UpdateAccountSettings.html) and [GetAccountSettings](https://docs.aws.amazon.com//ARG/latest/APIReference/API_GetAccountSettings.html)
------
# Creating an EventBridge rule to capture group lifecycle events and publish notifications
You can [turn on group lifecycle events for your resource groups](monitor-groups-turn-on.md) in AWS Resource Groups to publish events to Amazon EventBridge. Then, you can create EventBridge rules that respond to those events by sending them to other AWS services for further processing.
------
#### [ AWS CLI ]
The process to create a rule in EventBridge that captures events and sends them to your desired target service takes two separate CLI commands:
1. [Create the EventBridge rule to capture the events you want](#monitor-cli-create-rule)
1. [Attach a target that can process the events to the EventBridge rule ](#monitor-cli-attach-target)
Step 1: Create the EventBridge rule to capture the events
The following AWS CLI `[put-rule](https://docs.aws.amazon.com//cli/latest/reference/events/put-rule.html)` example command creates an EventBridge rule that captures ***all*** Resource Groups lifecycle event changes.
```
$ aws events put-rule \
--name "CatchAllResourceGroupEvents" \
--event-pattern '{"source":["aws.resource-groups"]}'
{
"RuleArn": "arn:aws:events:us-east-1:123456789012:rule/CatchAllResourceGroupEvents"
}
```
The output includes the Amazon Resource Name (ARN) of the new rule.
Parameter values that include quoted strings have different formatting rules based on the operating system and shell that you use. For the examples in this guide, we show commands that work on a Linux BASH shell. For instructions about formatting strings with embedded quotes for other operating systems, such as the Windows command prompt, see [Using quotation marks inside strings](https://docs.aws.amazon.com//cli/latest/userguide/cli-usage-parameters-quoting-strings.html#cli-usage-parameters-quoting-strings-containing) in the *AWS Command Line Interface User Guide*.
As parameter strings get more complex, it can be easier and less error prone to [accept a parameter value from a text file](https://docs.aws.amazon.com//cli/latest/userguide/cli-usage-parameters-file.html) instead of typing it directly on the command line.
The following event pattern restricts the events to only those that are related to the specified group, identified by its ARN. This event pattern is a complex JSON string that is much less readable when compressed into a single-line, properly escaped JSON string. You can store it in a file instead.
Store the event pattern JSON string in a file. In the following code example, the file is `eventpattern.txt`.
```
{
"source": [ "aws.resource-groups" ],
"detail": {
"group": {
"arn": [ "my-resource-group-arn" ]
}
}
}
```
Then, issue the following command to create the rule, retrieving the custom event pattern from the file.
```
$ aws events put-rule \
--name "CatchResourceGroupEventsForMyGroup" \
--event-pattern file://eventpattern.txt
{
"RuleArn": "arn:aws:events:us-east-1:123456789012:rule/CatchResourceGroupEventsForMyGroup"
}
```
To capture other types of Resource Groups events, replace the `--event-pattern` string with filters like those presented in the section [Example EventBridge custom event patterns for different use cases](monitor-groups-example-eventbridge-filters.md).
Step 2: Attach a target that can process the events to the EventBridge rule
Now that you have a rule that captures the events of interest to you, you can attach one or more targets to do some type of processing on the events.
The following AWS CLI `[put-targets](https://docs.aws.amazon.com//cli/latest/reference/events/put-targets.html)` command attaches an Amazon Simple Notification Service (Amazon SNS) topic named `my-sns-topic` to the rule you created in the previous example. All subscribers to the topic receive a notification when a change occurs to the group specified in the rule.
```
$ aws events put-targets \
--rule CatchResourceGroupEventsForMyGroup \
--targets Id=1,Arn=arn:aws:sns:us-east-1:123456789012:my-sns-topic
{
"FailedEntryCount": 0,
"FailedEntries": []
}
```
At this point, any group changes that match the event pattern in your rule are automatically sent to the configured target or targets. If, as in the previous example, the target is an Amazon SNS topic, then all subscribers to the topic receive a message containing the event as described in [Structure and syntax of Resource Groups lifecycle events](monitor-groups-syntax.md).
For more information, see the following resources:
+ AWS CLI – [aws events put-rule](https://docs.aws.amazon.com//cli/latest/reference/events/put-rule.html) and [aws events put-targets](https://docs.aws.amazon.com//cli/latest/reference/events/put-targets.html)
+ API – [PutRule](https://docs.aws.amazon.com//eventbridge/latest/APIReference/API_PutRule.html) and [PutTargets](https://docs.aws.amazon.com//eventbridge/latest/APIReference/API_PutTargets.html)
------
## Creating a rule to capture only specific group lifecycle event types
You can create a rule with a custom event pattern that captures only the events that you are interested in. For complete details about how to filter incoming events using a custom event pattern, see [Amazon EventBridge events](https://docs.aws.amazon.com//eventbridge/latest/userguide/eventbridge-and-event-patterns.html) in the *Amazon EventBridge User Guide*.
For example, suppose you want a rule to process only those Resource Groups notifications that indicate the creation of a new resource group. You could use a custom event pattern similar to the following example.
```
{
"source": [ "aws.resource-groups" ],
"detail-type": [ "ResourceGroups Group State Change" ],
"detail": {
"state-change": "create"
}
}
```
That filter captures only those events that have those exact values in the specified fields. For a complete list of the fields available for you to match, see [Structure and syntax of Resource Groups lifecycle events](monitor-groups-syntax.md).
# Turning off group lifecycle events
You can turn off group lifecycle events to stop AWS Resource Groups from emitting events to Amazon EventBridge. You can do this by using either the AWS Management Console or by using a command from the AWS CLI or one of the SDK APIs.
**Note**
Turning off group lifecycle events deletes the Resource Groups managed EventBridge rule used to scan your resource tags and CloudFormation stacks for changes. Resource Groups can no longer pass those changes to EventBridge. Any rules you defined in EventBridge that look for Resource Groups events stop receiving events to process. If you intend to turn on group lifecycle events again in the future, you can disable your rules. If you don't intend to use those rules again, you can delete them. For more information, see [Disabling or deleting an EventBridge rule](https://docs.aws.amazon.com//eventbridge/latest/userguide/delete-or-disable-rule.html) in the *Amazon EventBridge User Guide*.
Turning off group lifecycle events does ***not*** delete the service-linked role. You can [delete the service-linked role manually](security_iam_service-linked-roles.md#delete-service-linked-role) if you wish using IAM. If you later need to turn on group lifecycle events again and the service-linked role doesn't exist, Resource Groups recreates it automatically.
**Minimum permissions**
To turn off group lifecycle events in your current AWS account, you must sign in as an AWS Identity and Access Management (IAM) principal with the following permissions:
`resource-groups:UpdateAccountSettings`
`events:DeleteRule`
`events:RemoveTargets`
`events:DescribeRule`
`events:ListTargetsByRule`
------
#### [ AWS Management Console ]
**To turn off group lifecycle event notifications to EventBridge**
1. Open the **[Settings](https://console.aws.amazon.com/resource-groups/groups/settings)** page in the Resource Groups console.
1. In the **Group lifecycle events** section, choose the switch next to **Notifications are turned on**.
1. On the confirmation dialog, choose **Turn off notifications**.
The feature switch is displayed: **Event notifications are turned off**.
At this point, Resource Groups no longer sends events to the EventBridge default event bus, and any rules that you have no longer receive group notification events to process. You can optionally delete those rules to complete the clean up.
------
#### [ AWS CLI ]
**To turn off group lifecycle event notifications to EventBridge**
The following example show how to use the AWS CLI to turn off group lifecycle events in Resource Groups.
```
$ aws resource-groups update-account-settings \
----group-lifecycle-events-desired-status INACTIVE
{
"AccountSettings": {
"GroupLifecycleEventsDesiredStatus": "INACTIVE",
"GroupLifecycleEventsStatus": "INACTIVE"
}
}
```
------
For more information, see the following resources:
+ AWS CLI – [aws resource-groups update-account-settings](https://docs.aws.amazon.com//cli/latest/reference/resource-groups/update-account-settings.html) and [aws resource-groups get-account-settings](https://docs.aws.amazon.com//cli/latest/reference/resource-groups/get-account-settings.html)
+ API – [UpdateAccountSettings](https://docs.aws.amazon.com//ARG/latest/APIReference/API_UpdateAccountSettings.html) and [GetAccountSettings](https://docs.aws.amazon.com//ARG/latest/APIReference/API_GetAccountSettings.html)
# Structure and syntax of Resource Groups lifecycle events
**Topics**
+ [Structure of the `detail` field](monitor-groups-syntax-detail.md)
+ [Example EventBridge custom event patterns for different use cases](monitor-groups-example-eventbridge-filters.md)
The lifecycle events for AWS Resource Groups take the form of [JSON](https://json.org) object strings in the following general format.
```
{
"version": "0",
"id": "08f00e24-2e30-ec44-b824-8acddf1ac868",
"detail-type": "ResourceGroups Group ... Change",
"source": "aws.resource-groups",
"account": "123456789012",
"time": "2020-09-29T09:59:01Z",
"region": "us-east-1",
"resources": [
"arn:aws:resource-groups:us-east-1:123456789012:group/MyGroupName"
],
"detail": {
...
}
}
```
For details about the fields common to all Amazon EventBridge events, see [Amazon EventBridge events](https://docs.aws.amazon.com//eventbridge/latest/userguide/aws-events.html) in the *Amazon EventBridge User Guide*. Details that are specific to Resource Groups are explained in the following table.
| Field name | Type | Description |
| --- | --- | --- |
| detail-type | String | For Resource Groups, the `detail-type` field is always one of the following values: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/ARG/latest/userguide/monitor-groups-syntax.html) |
| source | String | For Resource Groups, this value is always "aws.resource-groups". |
| resources | An array of Amazon Resource Names (ARNs) | This field always includes the [Amazon resource name (ARN)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the group with the change that triggered this event. This field can also include the ARNs of any resources added to or removed from the group, if applicable. |
| `detail` | JSON object string | This is the payload of the event. The contents of the detail field vary based on the value of the detail-type. [See the next section for more information.](monitor-groups-syntax-detail.md) |
# Structure of the `detail` field
The `detail` field includes all of the Resource Groups service-specific details about a specific change. The `detail` field can take one of two forms, a group state change or membership change, based on the value of the `detail-type` field described in the previous section.
**Important**
Resource groups in these events are identified by a combination of the group's ARN and a `"unique-id"` field that contains a [UUID](https://wikipedia.org/wiki/Universally_unique_identifier). By including a UUID as part of the identity of a resource group, you can distinguish between a group that is deleted and a different group that is later created with the same name. We recommend that you treat a concatenation of the ARN and unique id as the key for the group in your programs that interact with these events.
## Group state change
`"detail-type": "ResourceGroups Group State Change"`
This `detail-type` value indicates that the state of the group itself, including its metadata, has changed. This change occurs when a group is created, updated, or deleted, as indicated by the `"change"` field within the `detail`.
The information included in the `details` section when this `detail-type` is specified include the fields described in the following table.
| Field name | Type | Description |
| --- | --- | --- |
| event-sequence | Double | A monotonically increasing number that specifies the sequence of events for a specific group. The number resets when you delete the group and create another group with the same name. |
| group | [`Group`](#monitor-groups-syntax-detail-group-object) JSON object | The group object associated with the event by its ARN, name, and unique ID. |
| state-change | String | The type of state change that occurred. Can be any of the following values:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/ARG/latest/userguide/monitor-groups-syntax-detail.html) |
| old-state | GroupState JSON object | The state of the group before the change. The object includes only the values of properties that changed. |
| `new-state` | GroupState JSON object | The state of the group after the change. The object includes only the values of properties that changed. |
The `group` JSON object contains the elements described in the following table.
| Field name | Type | Description |
| --- | --- | --- |
| arn | String | The ARN of the group. |
| name | String | The friendly name of the group. |
| unique-id | GUID | A unique GUID value that distinguishes between a group that was deleted and a different group that was later created with the same name and ARN. Use the concatenation of ARN and this value as a unique key for the group when consuming these events in your code. |
The `GroupState` JSON objects contain the elements described in the following table.
| Field name | Type | Description |
| --- | --- | --- |
| description | String | The customer-provided description of the resource group. |
| resource-query | ResourceQuery JSON object | A JSON representation of the query that defines the group's members. This field is present only for groups based on a query. The syntax of this field is defined by the [ResourceQuery API data type](https://docs.aws.amazon.com//organizations/latest/APIReference/API_ResourceQuery.html). Example of this are included in the [Create](#monitor-groups-syntax-detail-state-change-create) and [Update](#monitor-groups-syntax-detail-state-change-update) event examples. |
| group-configuration | Configuration JSON object | A JSON representation of configuration parameters associated with a service-linked group. For more information, see [Service configurations for resource groups](https://docs.aws.amazon.com/ARG/latest/APIReference/about-slg.html) in the AWS Resource Groups API Reference. |
Each of the following code examples illustrates the contents of the `detail` field for each `state-change` type.
### Create
`"state-change": "create"`
The event indicates that a new group was created. The event carries all the group metadata properties set during the group's creation. This event is typically followed by one of more group membership events unless the group is empty. Properties that have a null value are not displayed in the event body.
The following example event indicates a newly created resource group named `my-service-group`. In this example, the group uses a tag-based query that matches only Amazon Elastic Compute Cloud (Amazon EC2) instances that have the tag `"project"="my-service"`.
```
{
"version": "0",
"id": "08f00e24-2e30-ec44-b824-8acddf1ac868",
"detail-type": "ResourceGroups Group State Change",
"source": "aws.resource-groups",
"account": "123456789012",
"time": "2020-09-29T09:59:01Z",
"region": "us-east-1",
"resources": [
"arn:aws:resource-groups:us-east-1:123456789012:group/my-service-group"
],
"detail": {
"event-sequence": 1.0,
"state-change": "create",
"group": {
"arn": "arn:aws:resource-groups:us-east-1:123456789012:group/my-service-group",
"name": "my-service-group",
"unique-id": "3dd07ab7-3228-4410-8cdc-6c4a10fcceea"
},
"new-state": {
"resource-query": {
"type": "TAG_FILTERS_1_0",
"query": "{
\"ResourceTypeFilters\": [\"AWS::EC2::Instance\"],
\"TagFilters\": [{\"Key\":\"project\", \"Values\":[\"my-service\"}]
}"
}
}
}
}
```
### Update
`"state-change": "update"`
The event indicates that an existing group was modified in some way. The event carries only the properties that changed from the previous state. Properties that have not changed are not displayed in the event body.
The following example event indicates that the tag-based query in the previous example's resource group was modified to also include Amazon EC2 volume resources in the group.
```
{
"version": "0",
"id": "08f00e24-2e30-ec44-b824-8acddf1ac868",
"detail-type": "ResourceGroups Group State Change",
"source": "aws.resource-groups",
"account": "123456789012",
"time": "2020-09-29T09:59:01Z",
"region": "us-east-1",
"resources": [
"arn:aws:resource-groups:us-east-1:123456789012:group/my-service-group"
],
"detail": {
"event-sequence": 3.0,
"state-change": "update",
"group": {
"arn": "arn:aws:resource-groups:us-east-1:123456789012:group/my-service-group",
"name": "my-service",
"unique-id": "3dd07ab7-3228-4410-8cdc-6c4a10fcceea"
},
"new-state": {
"resource-query": {
"type": "TAG_FILTERS_1_0",
"query": "{
\"ResourceTypeFilters\": [\"AWS::EC2::Instance\", \"AWS::EC2::Volume\"],
\"TagFilters\": [{\"Key\":\"project\", \"Values\":[\"my-service\"}]
}"
}
},
"old-state": {
"resource-query": {
"type": "TAG_FILTERS_1_0",
"query": "{
\"ResourceTypeFilters\": [\"AWS::EC2::Instance\"],
\"TagFilters\": [{\"Key\":\"Project\", \"Values\":[\"my-service\"}]
}"
}
}
}
}
```
### Delete
`"state-change": "delete"`
The event indicates that an existing group was deleted. The detail field includes no metadata about the group other than its identification. The `event-sequence` field is reset after this event as it is, by definition, the last event for this `arn` and `unique-id`.
```
{
"version": "0",
"id": "08f00e24-2e30-ec44-b824-8acddf1ac868",
"detail-type": "ResourceGroups Group State Change",
"source": "aws.resource-groups",
"account": "123456789012",
"time": "2020-09-29T09:59:01Z",
"region": "us-east-1",
"resources": [
"arn:aws:resource-groups:us-east-1:123456789012:group/my-service"
],
"detail": {
"event-sequence": 4.0,
"state-change": "delete",
"group": {
"arn": "arn:aws:resource-groups:us-east-1:123456789012:group/my-service",
"name": "my-service",
"unique-id": "3dd07ab7-3228-4410-8cdc-6c4a10fcceea"
}
}
}
```
## Group membership change
`"detail-type": "ResourceGroups Group Membership Change"`
This `detail-type` value indicates that the group's membership was changed by a resource being added to or removed from the group. When this `detail-type` is specified, the top-level `resources` field includes the ARN of the group whose membership was changed and the ARNs of any resources that were added to or removed from the group.
The information included in the `details` section when this `detail-type` is specified include the fields described in the following table.
| Field name | Type | Description |
| --- | --- | --- |
| event-sequence | Double | A monotonically increasing number that indicates the sequence of events for a specific group. The number resets when the group is deleted and its unique ID changes. |
| group | Group JSON object | Identifies the group object associated with the event by its ARN, name, and unique ID. |
| `resources` | Array of ResourceChange JSON objects | An array of resources whose group membership has changed. This `ResourceChange` object contains the following fields for each resource: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/ARG/latest/userguide/monitor-groups-syntax-detail.html) |
The following code example illustrates the contents of the event for a typical membership change type. This example shows one resource being added to the group, and one resource being removed from the group.
```
{
"version": "0",
"id": "08f00e24-2e30-ec44-b824-8acddf1ac868",
"detail-type": "ResourceGroups Group Membership Change",
"source": "aws.resource-groups",
"account": "123456789012",
"time": "2020-09-29T09:59:01Z",
"region": "us-east-1",
"resources": [
"arn:aws:resource-groups:us-east-1:123456789012:group/my-service",
"arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111",
"arn:aws:ec2:us-east-1:123456789012:instance/i-efef2222"
],
"detail": {
"event-sequence": 2.0,
"group": {
"arn": "arn:aws:resource-groups:us-east-1:123456789012:group/my-service",
"name": "my-service",
"unique-id": "3dd07ab7-3228-4410-8cdc-6c4a10fcceea"
},
"resources": [
{
"membership-change": "add",
"arn": "arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111",
"resource-type": "AWS::EC2::Instance"
},
{
"membership-change": "remove",
"arn": "arn:aws:ec2:us-east-1:123456789012:instance/i-efef2222",
"resource-type": "AWS::EC2::Instance"
}
]
}
}
```
# Example EventBridge custom event patterns for different use cases
The following example EventBridge custom event patterns filter the events generated by Resource Groups to only those that you are interested in for a specific event rule and target.
In the following code examples, if a specific group or resource is needed, replace each *user input placeholder* with your own information.
All Resource Groups events
```
{
"source": [ "aws.resource-groups" ]
}
```
Group state or membership change events
The following code example is for all group *state* changes.
```
{
"source": [ "aws.resource-groups" ],
"detail-type": [ "ResourceGroups Group State Change " ]
}
```
The following code example is for all group *membership* changes.
```
{
"source": [ "aws.resource-groups" ],
"detail-type": [ "ResourceGroups Group Membership Change" ]
}
```
Events for a specific group
```
{
"source": [ "aws.resource-groups" ],
"detail": {
"group": {
"arn": [ "my-group-arn" ]
}
}
}
```
The previous example captures changes to the specified group. The following example does the same and also captures changes when the group is a member resource of another group.
```
{
"source": [ "aws.resource-groups" ],
"resources": [ "my-group-arn" ]
}
```
Events for a specific resource
You can filter only group membership change events for specific member resources.
```
{
"source": [ "aws.resource-groups" ],
"detail-type": [ "ResourceGroups Group Membership Change " ],
"resources": [ "arn:aws:ec2:us-east-1:123456789012:instance/i-b188560f" ]
}
```
Events for a specific resource type
You can use prefix matching with ARNs to match events for a specific resource type.
```
{
"source": [ "aws.resource-groups" ],
"resources": [
{ "prefix": "arn:aws:ec2:us-east-1:123456789012:instance" }
]
}
```
Alternatively, you can use exact matching by using `resource-type` identifiers, potentially matching on more than one type concisely. Unlike the previous example, the following example matches only group membership change events because group state change events don't include a `resources` field in their `detail` field.
```
{
"source": [ "aws.resource-groups" ],
"detail": {
"resources": {
"resource-type": [ "AWS::EC2::Instance", "AWS::EC2::Volume" ]
}
}
}
```
All resource removal events
```
{
"source": [ "aws.resource-groups" ],
"detail-type": [ "ResourceGroups Group Membership Change" ],
"detail": {
"resources": {
"membership-change": [ "remove" ]
}
}
}
```
All resource removal events for a specific resource
```
{
"source": [ "aws.resource-groups" ],
"detail-type": [ "ResourceGroups Group Membership Change" ],
"detail": {
"resources": {
"membership-change": [ "remove" ],
"arn": [ "arn:aws:ec2:us-east-1:123456789012:instance/i-b188560f" ]
}
}
}
```
You can't use the **top-level** `resources` array that was used in the first example in this section for this type of event filtering. That's because a resource in the top-level `resources` element might be a resource being added to a group and the event would still match. In other words, the following code example might return unexpected events. Instead, use the syntax shown in the previous example.
```
{
"source": [ "aws.resource-groups" ],
"detail-type": [ "ResourceGroups Group Membership Change" ],
"resources": [ "arn:aws:ec2:us-east-1:123456789012:instance/i-b188560f" ],
"detail": {
"resources": {
"membership-change": [ "remove" ]
}
}
}
```