Switching to new mechanism to store and retrieve events that matched …

…an alert (#334)

api/graphql/schema.graphql

@@ -71,7 +71,7 @@ type AlertDetails {
   alertId: ID!
   ruleId: ID
   creationTime: AWSDateTime!
-  lastEventMatched: AWSDateTime!
+  updateTime: AWSDateTime!
   eventsMatched: Int!
   events: [AWSJSON!]!
   eventsLastEvaluatedKey: String
@@ -86,7 +86,7 @@ type AlertSummary {
   alertId: String!
   creationTime: AWSDateTime!
   eventsMatched: Int!
-  lastEventMatched: AWSDateTime!
+  updateTime: AWSDateTime!
   ruleId: String
   severity: String
 }

api/lambda/alerts/models/api.go

@@ -23,7 +23,6 @@ import "time"
 // LambdaInput is the request structure for the alerts-api Lambda function.
 type LambdaInput struct {
 	GetAlert   *GetAlertInput   `json:"getAlert"`
-	GetEvent   *GetEventInput   `json:"getEvent"`
 	ListAlerts *ListAlertsInput `json:"listAlerts"`
 }
 
@@ -53,16 +52,6 @@ type GetAlertInput struct {
 // }
 type GetAlertOutput = Alert
 
-// GetEventInput retrieves a single event
-type GetEventInput struct {
-	EventID *string `json:"eventId" validate:"required"`
-}
-
-// GetEventOutput contains the event
-type GetEventOutput struct {
-	Event *string `json:"event"`
-}
-
 // ListAlertsInput lists the alerts in reverse-chronological order (newest to oldest)
 // If "ruleId" is not set, we return all the alerts for the organization
 // If the "exclusiveStartKey" is not set, we return alerts starting from the most recent one. If it is set,
@@ -94,20 +83,20 @@ type ListAlertsOutput struct {
 
 // AlertSummary contains summary information for an alert
 type AlertSummary struct {
-	AlertID          *string    `json:"alertId"`
-	RuleID           *string    `json:"ruleId"`
-	CreationTime     *time.Time `json:"creationTime"`
-	LastEventMatched *time.Time `json:"lastEventMatched"`
-	EventsMatched    *int       `json:"eventsMatched"`
-	Severity         *string    `json:"severity"`
+	AlertID       *string    `json:"alertId"`
+	RuleID        *string    `json:"ruleId"`
+	CreationTime  *time.Time `json:"creationTime"`
+	UpdateTime    *time.Time `json:"updateTime"`
+	EventsMatched *int       `json:"eventsMatched"`
+	Severity      *string    `json:"severity"`
 }
 
 // Alert contains the details of an alert
 type Alert struct {
 	AlertID                *string    `json:"alertId"`
 	RuleID                 *string    `json:"ruleId"`
 	CreationTime           *time.Time `json:"creationTime"`
-	LastEventMatched       *time.Time `json:"lastEventMatched"`
+	UpdateTime             *time.Time `json:"updateTime"`
 	EventsMatched          *int       `json:"eventsMatched"`
 	Events                 []*string  `json:"events"`
 	EventsLastEvaluatedKey *string    `json:"eventsLastEvaluatedKey,omitempty"`

deployments/backend.yml

@@ -365,9 +365,10 @@ Resources:
         LayerVersionArns: !Join [',', !Ref LayerVersionArns]
         TracingMode: !Ref TracingMode
 
-        SQSKeyId: !Ref QueueEncryptionKey
+        ProcessedDataBucket: !Ref ProcessedData
         AnalysisApiId: !GetAtt AnalysisAPI.Outputs.GatewayId
         AlertDedupTableStreamArn: !GetAtt RulesEngine.Outputs.AlertDedupTableStreamArn
+        SQSKeyId: !Ref QueueEncryptionKey
       TemplateURL: log_analysis/alerts.yml
 
   RulesEngine: