Amazon CloudWatch Events
User Guide

Scenario 3: Log an AWS API Call

You can use a simple AWS Lambda function that logs each AWS API call. For example, you can create a rule to log any operation within Amazon EC2, or you can limit this rule to log only a specific API call. In this scenario, you log every time an Amazon EC2 instance is stopped.

Step 1: Create an AWS Lambda function

To create an AWS Lambda function

  1. Open the AWS Lambda console at

  2. Choose Create a Lambda function, and then on the Select blueprint screen, choose hello-world.

  3. On the Configure function screen, in the Name field, enter LogIncomingEvent.

  4. In the Lambda function code section, edit the sample code to match the following example:

    console.log('Loading function');
    exports.handler = function(event, context) {
        console.log('Here is the event:', JSON.stringify(event, null, 2));
  5. Under Lambda function handler and role, in the Role field, if you have a lambda_basic_execution_rule, select it. Otherwise, create a new basic execution role.

  6. Choose Next, and then on the Review screen, choose Edit to make any changes. If you're satisfied with the rule, choose Create function.

Step 2: Create an Amazon CloudWatch Events Rule

To create a CloudWatch Events rule

  1. Open the CloudWatch console at

  2. In the navigation pane, choose Events.

  3. Choose Create rule, and then under Event selector, choose AWS API call.

  4. In the Service name list, choose EC2.

  5. Choose the Specific operation radio button, and then in the Specific operation field, choose StopInstances from the list.

  6. Under Targets, choose Add target. In the Select target type list, choose Lambda function.

  7. In the Function list, select the EC2InstanceStopped function that you created in "Step 1: Create an AWS Lambda Function."

  8. Choose Configure input, and then choose one of the following options:

    1. Matched event—Sends all of the data fields in the event to CloudWatch Logs.

    2. Part of the matched event—Sends only the specified data field of the event to CloudWatch Logs. You specify the part of the event using a string formatted $.first_parameter.second_parameter. For example, to send just detail part of the event, type $.detail.

    3. Constant—Sends a JSON-formatted text string that you specify to CloudWatch Logs. For example, to send a text string for the event, type {"Name":"MyInstance"}. The constant must be valid JSON.

  9. Choose Configure details. On the Configure rule details screen, in the Name field, type a name for the rule.

  10. In the Description field, enter a brief description for your rule, for example, Log when an EC2 StopInstances API call is made.

  11. If you're satisfied with the rule, choose Create rule.

Step 3: Test Your Amazon CloudWatch Events Rule by Stopping an Instance

You can test your rule by stopping an Amazon EC2 instance using the Amazon EC2 console. After waiting a few minutes for the instance to stop, check your AWS Lambda metrics in the CloudWatch console to verify that your function was invoked.

To test your CloudWatch Events rule by stopping an instance

  1. Open the Amazon EC2 console at

  2. Launch an Amazon EC2 instance. For more information about how to launch an instance, see Launch Your Instance in the Amazon EC2 User Guide for Linux Instances.

  3. Stop an Amazon EC2 instance. For more information, see Stop and Start Your Instance in the Amazon EC2 User Guide for Linux Instances.

  4. To view your CloudWatch Events metrics, open the CloudWatch console

  5. In the navigation pane, under Metrics, choose Events, and then choose ec2-start-stop-invocations to view the number of invocations on the graph. You should see one data point on the graph from the instance you just stopped.

  6. To view the output from your function, in the navigation pane, choose Logs, and then in the Log Groups list, select the /aws/lambda log group that contains the data.

  7. Under Log Streams, select a log stream to view the data about the instance you launched.