I need an EventBridge rule that matches when an EC2 instance terminates. The only options I've found are matching on instance ID or match ALL instances.
Are there any ways I can limit the matching to a group of instances? For example, if I tagged all of these instances with a specific tag or something like that? My rule currently triggers a lambda so I don't want to trigger it unnecessarily if it's not an instance I care about.
The documentation I've found is very limited...
You can only match on the values that are in the event. Here is the sample event from the official documentation
{
"id":"7bf73129-1428-4cd3-a780-95db273d1602",
"detail-type":"EC2 Instance State-change Notification",
"source":"aws.ec2",
"account":"123456789012",
"time":"2021-11-11T21:29:54Z",
"region":"us-east-1",
"resources":[
"arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111"
],
"detail":{
"instance-id":"i-abcd1111",
"state":"pending"
}
}
As you can see, the only details of the EC2 instance included in the event are the instance ID, and the new instance state. The instance tags are not available in the event, so you can't filter on the tags. To do further filtering of the event, you would have to send it to something like a Lambda function, which would perform further API calls to get the tags of the instance, etc. and decide from that if it should pass the event on to something else. The Lambda function could possibly pass the event to another EventBridge service bus, and then you could subscribe other things to that bus.