Oracle Events Service in Oracle Cloud Infrastructure came available in OCI Console recently, I was part of the limited availability program but couldn’t test it as much as I wanted since the service was only available on certain US region where we didn’t have any use at that point in time. However right now it seems to be available on number of regions.
So what is Events Service? There are number of cases when a resource state changes in your OCI tenancy which you might need to be either notified or actioned further when they happen. Let’s say a resource is created in certain compartment and you want to be notified for this using the Notification Service. Or when a new user is created you want to perform further actions using the Functions Service. If you have been using Amazon Web Services this is similar to the CloudWatch Events so nothing new here so far.
The the actions you can use when the resource state changes are: Notifications, Functions or Streaming service.
Currently Events Service seems to support two types of services, the Database service and the Object Storage service. At this point in time Database service supports only Autonomous Database services including the Autonomous Exadata Service. I’m hoping the normal Exadata service will be introduced later as for me one interesting use case is to use Events Service when scaling event happens in our OCI Exadata.
Events such as instance creation and deletion, maintenance notification and start/end are included. Which is good! I’ve been annoyed by the fact you can’t get any info on the maintenance start and stop other than those emails which sometimes don’t arrive to your mailbox.
For Object Storage it includes usual actions against buckets and objects. This will be my sample case also on this post, getting notified when a new bucket is created.
Use Events Service to get notification when a bucket is created in Object Storage
Simple test case to start with, if anyone creates a bucket in my tenancy I want to get notified by email. Since we are using the Notification Service I will need a new Topic to be created which will be called MyObjectStorageNotification. I have an older post about Notification Service in here, but in short once the topic has been created you need to subscribe into it with your email and click the email the service sends to verify the subscription.
After this I can go to Events Service and Create Rule, my rule will be called CreateBucketEvent and it will be launched each time a bucket is created in my tenancy.
I could also add multiple Event Types so for example all matching Object Storage actions which includes actions againsts Buckets or Objects. You can see also the logic on the right side of the screen. As an action I use the previously used MyObjectStorageNotification. Once I’m ready I can click the Test Rule to see if sample event matches my rule.
At this point I thought I was ready to create my first rule but I didn’t review the Policy Prerequisites which are highlighted in the screen when creating the rule.
Required Policies
As highlighted you will need to create policies for users and actions. Clicking the expansion shows you what policies you need to have which serves as a good starting point. Remember it’s not only policies for groups but also the Events service itself so it can use the other services required.
After creating policies I was able to create my first rule in the Events Service. Once created it displays the details and Metrics of the rule.
Creating bucket and adding a condition for the rule
Since my initial rule was to get notified when a bucket is created I did that and within few seconds received the email on my mailbox.
But I don’t really want to be notified on all buckets created within my tenancy. I want to be notified only when certain conditions are being met. There is possibility to use attributes with the rule so for example I can be notified only when specific compartmentId matches. In this case I edit the rule and add the attribute, I could also add other attributes like AvailabilityDomain or compartmentName. Or we can edit the rule and add condition to filter with Tags.
Once I added the rule I tried to test the rule in similar way as earlier, but in this case the sample events data does not match so I can’t verify it. However once I create the bucket I only get notification when the rule matches and bucket is created in the specific compartment which I defined.
Summary
Events Service is a great addition to growing number of services in OCI and something I’ve been waiting for some time already! Hopefully in the upcoming months they add more available services which are linked together with Events Service so there will be more use cases for it.
Although this post concentrated on the Notifications I’m more excited on using the Functions Service together with this. This gives more options on the automation of your infrastructure and performing multiple events based when a resource state changes.
can events be used to get notified when a bucket is not encrypted?
I think you can filter on anything based on what is on the event JSON file but each object is already encrypted by default and can’t be turned off so I guess you wouldn’t need to monitor it?
Read more on here about filtering: https://docs.cloud.oracle.com/iaas/Content/Events/Concepts/filterevents.htm
Excellent post, Simo. I played around with the create/delete object events, too. After it not working I realized that you have to enable the bucket to emit events.
I assume you added the action policies in the root compartment, correct?
Cheers!
Ok it seems I have all my demo buckets set as “disabled” to emit events and I can’t recall this would have been needed during the time of the test. Perhaps this was added later on? I need to edit my post then!
Also the policies were added to root compartment, good catch. 🙂