3.3.1.1. AWS Services that Generate, Capture, and Process Events (Health, EventBridge, CloudTrail)

3.3.1.1. AWS Services that Generate, Capture, and Process Events (Health, EventBridge, CloudWatch)

Every operational incident starts with an event. Understanding which services generate events and how to route them determines whether your team learns about problems from dashboards or from angry customers.

Event sources and what they detect:

Event routing through EventBridge:

{
  "source": ["aws.health"],
  "detail-type": ["AWS Health Event"],
  "detail": {
    "eventTypeCategory": ["issue"],
    "service": ["EC2", "RDS"]
  }
}

AWS Health events are particularly important for incident response — they notify you when AWS itself is having issues that affect your resources. Personal Health Dashboard events are account-specific (your scheduled maintenance), while Service Health Dashboard events are global.

Event processing architecture:

• Simple alerting: EventBridge → SNS → Email/Slack
• Automated remediation: EventBridge → Lambda → fix the issue
• Complex workflows: EventBridge → Step Functions → multi-step incident response
• Audit trail: EventBridge → Kinesis Firehose → S3 → Athena

Exam Trap: AWS Health events for planned maintenance include an eventScopeCode of ACCOUNT_SPECIFIC — meaning the maintenance affects your resources specifically. If you see a Health event with ACCOUNT_SPECIFIC scope, you must act on it. PUBLIC scope events are informational about the broader service. The exam may ask you to distinguish between these scopes when designing alerting rules.