Configure real-time sync with AWS

Early Access release

Real-time sync allows Advanced Server Access to subscribe to compute instance events generated by AWS. Normally, server discovery happens daily, but this feature allows Advanced Server Access to add or remove servers immediately after receiving a notification. Real-time sync works by enabling AWS EventBridge to send webhook events to an endpoint associated with a specific cloud account within a project.

Events are usually generated when a compute instance is launched or terminated. For launch events, Advanced Server Access automatically adds servers to the associated project. You must install the Advanced Server Access server agent on discovered servers before users can connect. For terminate events, Advanced Server Access automatically removes the server from the project inventory.

It may take up to ten minutes before server changes are synchronized with Advanced Server Access.
You must configure separate rules for each AWS region containing servers, unless you use Event bridge cross-region events to centralize events into a single region.

Identify the project details.
1. Go to the Advanced Server Access admin console.
2. Go to the Projects page and select a project.
3. Go to the Enrollment tab and select the AWS account.
4. Under Instance Lifecycle Monitoring, click Create Client ID & Secret.
5. From the Client Secret Created window, store the client ID & secret.
  Note: You cannot retrieve this information after closing the window. If you lose this information, you must generate a new client ID & secret.
6. Click OK.
7. Note the Webhook URL for later use.

Create a connection.

Go to the Amazon EventBridge console.
Go to the API destinations page.
Go to the Connections tab and click Create connection.
From the Create connection window, enter a name and description.
For Authorization type, select OAuth Client Credentials.

Configure the credentials.

Field	Action
Authorization endpoint	Enter `https://app.scaleft.com/v1/oauth_token`.
HTTP method	Select Post.
OAuth HTTP Parameters	Under Parameter, select Body field. Under Key, enter `grant_type`. Under Value, enter `client_credentials`.
Client ID	Enter the Client ID you noted from the Advanced Server Access console.
Client secret	Enter the Client secret you noted from the Advanced Server Access console.

Click Create.

Create a target.
For more information, see the AWS documentation.
1. Go to the API destinations page and click Create API destination.
2. From the Create API destination window, enter a name and description.
3. For API destination endpoint, enter the Webhook URL you noted from the Advanced Server Access console.
4. For HTTP method, select Post.
5. Click Use an existing connection and select the connection you created previously.
6. Click Create.

Create a rule.
For more information, see the AWS documentation.

Go to the Rules page and click Create rule.
Enter a name for the rule.
Under Define pattern, select Event pattern, and then select Custom pattern.
Next to Event pattern, click Edit.

Enter the following JSON pattern.

Pattern	Description
`{ "source": ["aws.ec2"], "detail-type": ["EC2 Instance State-change Notification"], "detail": { "state": ["pending", "terminated"] } }`	Sends a notification when an EC2 instance changes to the `pending` or `terminated` states.

For Target, select the target API destination you created previously.
Click Create.

After creating a rule, AWS sends a notification to Advanced Server Access when a matching event occurs. Advanced Server Access uses these notifications to update the server inventory within the associated project.