AWS Cloud Operations Blog

AWS Health Events Intelligence Dashboards & Insights

Organizations operating mission-critical workloads on AWS, need the ability to analyze and respond to AWS service events in a timely manner to maintain operational excellence. AWS Health sends AWS Health events on behalf of other AWS services with three main categories: notifications on account administration and security, operational issues that affect AWS services, and scheduled changes to AWS resources. Organizations can use the AWS Health Dashboard to explore and investigate both current and past events. Organizations also have the option to use the AWS Health API to retrieve this information and configure Amazon Simple Notification Service (SNS) to receive notifications via email.

As organizations adopt multi-Region, multi-account, or even multi-organization strategy to leverage the business continuity of the cloud, tracking these events via email or navigating through multiple Health Dashboard can become challenging and time-consuming. Line of Business (LoB) teams that are responsible for managing a specific subset of accounts within the AWS Organizations, do not always have delegated administrator access to the AWS Health organization view which impedes their ability to dive deep into issues. Organizations need a unified method to receive and visualize AWS Health across their extended AWS landscape.

AWS Health Events Intelligence Dashboard & Insights (HEIDI) is a solution that offers insight into events received from AWS Health across multiple Regions, accounts, and Organizations. HEIDI presents an accessible overview of AWS Health events, facilitating easy access and presentation of information via Amazon QuickSight. This is helpful particularly in situations where limited or no AWS console access, like some customers enforce organizational-level guardrails that require them to interact with AWS services exclusively through AWS Command Line Interface (CLI). HEIDI solution can also relay incoming event information simultaneously to chosen communication channel, like Amazon SNS, and AWS Chatbot.

In this blog post, we will walk you through how to use an event-driven architecture to create customizable dashboards and notifications for your AWS Health events leveraging the HEIDI solution, as shown in Figure 1. With this approach, you can easily access historical events, active issues, and upcoming activities. This helps you gain a clear understanding of impact, thereby enabling faster incident response.

Sample AWS Health Events Intelligence Dashboards & Insights (HEIDI)

Figure 1: Sample AWS Health Events Intelligence Dashboard & Insights (HEIDI)

Overview of solution

AWS Health sends events to the default event bus of the respective account and Region. HEIDI’s data collection framework enables the collection of events from different accounts, Regions, and Organizations.  HEIDI is based on a hub-and-spoke model. Its configuration consists of a Data Collection account and multiple Member accounts. The architecture diagram below illustrates a single Data Collection Account and multiple Member accounts. Member accounts transmit notifications to the Data Collection account, which subsequently consolidates and presents the data using Amazon QuickSight.

Architecture for AWS Health Events Intelligence Dashboards & Insights (HEIDI)

Figure 2: Architecture for AWS Health Events Intelligence Dashboards & Insights (HEIDI)

Data Collection Account

The Data Collection account serves as HEIDI’s central hub for data collection. We do not need access to payer or Organizations to implement this solution. HEIDI automates event capture and storage while offering insights through various AWS services:

  • Amazon EventBridge: The Data Collection account includes a Custom Event Bus that receives events from multiple Member accounts, along with an EventBridge rule that matches and forwards these events to processing targets.
  • Amazon Kinesis Data Firehose: EventBridge rule forwards event to Kinesis Data Firehose and stream data into an Amazon Simple Storage Service (S3). Kinesis Data Firehose concatenates multiple incoming records based on buffering configuration of the delivery stream.
  • Amazon S3: Predefined Amazon S3 buckets store the collected AWS Health event data.
  • Amazon Athena: HEIDI’s data collection utilizes Athena databases and tables to structure event data that references data stored in Amazon S3.
  • Amazon QuickSight: HEIDI utilizes QuickSight, leveraging Athena as a data source, to create a unified view for visualizing all AWS Health events received from different accounts and Regions.
  • Amazon SNS: Optionally, EventBridge rule sends AWS Health event to Amazon SNS.
  • AWS Chatbot: AWS Chatbot processes the notification from Amazon SNS and sends them to customers chosen communication channels.

Member Account

The AWS Health service notifies you about AWS Health events in each account and Region. Global events are sent to the US East (N. Virginia) Region. If the affected Region is US East (N. Virginia), global events originate from the US West (Oregon) Region. HEIDI Member account and Region setup consist of following service:

  • Amazon EventBridge: HEIDI creates an Eventbridge rule which captures AWS Health events and forward to centralized event bus.

Prerequisites

To setup this solution, you need:

Setup

Detailed deployment steps are available at HEIDI – GitHub.

Note: HEIDI solution is available in GitHub aws-samples repository. You can report bug or feature requestion through GitHub Issues. The builders of this solution are able to help with raised GitHub issues on a BEST EFFORT basis ONLY. Enterprise Support customers can reach out to their Technical Account Manager (TAM) on any further questions or feature requests.

Cleaning up

To clean up, go to the Data Collection account and delete the CloudFormation root stack as in below figure. The name should be of format “HeidiDataCollection-{AccountID}-{Region}”. Repeat the same process for all Member accounts and Regions. Last, go to Amazon S3, and remove the Data Collection bucket.

HEIDI CloudFormation root stack

Figure 3: HEIDI CloudFormation root stack

Conclusion

In this blog post, you learned how events move from a source account and Region to a target account. You also learned how to create a centralized view for AWS Health events across multiple accounts, Regions, and Organizations using QuickSight and an event-driven architecture. This enables you to understand the impact clearly, allowing for faster response to the events and post-mortem for past events. To get started, visit the aws-samples GitHub repository and download HEIDI.

About the authors:

Kanwar Bajwa

Kanwar Bajwa is an Enterprise Support Lead at AWS who works with customers to optimize their use of AWS services and achieve their business objectives.

Xiaoxue Xu

Xiaoxue Xu is a Solutions Architect for AWS based in Toronto. She primarily works with Financial Services customers to help secure their workload and design scalable solutions on the AWS Cloud.

Debasis Rath

Debasis Rath is a Senior Serverless Specialist Solutions Architect at AWS. Debasis specializes in helping large enterprises adopt serverless and event-driven architectures to modernize their applications and accelerate their pace of innovation.