AWS Health API describeEventsForOrganization not returning eventScopeCode in lambda

[sri7vasu]

Confirm by changing [ ] to [x] below to ensure that it's a bug:

• [ x] I've gone through Developer Guide and API reference
• [x ] I've checked AWS Forums and StackOverflow for answers
• [x ] I've searched for previous similar issues and didn't find any solution

Describe the bug For this Health API method describeEventsForOrganization (https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventsForOrganization.html) eventScopeCode attribute is missing in the output when trying with Lambda. I tried with the latest version of the NodJs version as well adding the latest version layer but no luck. The eventScopeCode attribute is being returned when i run it from my local using Javascript AWS SDK.

Is the issue in the browser/Node.js? Node.js

If on Node.js, are you running this on AWS Lambda? Yes

Details of the browser/Node.js version Node.js 12.x

SDK version number 2.631.0

To Reproduce (observed behavior)

let AWS = require("aws-sdk");
let health = new AWS.Health({ region: "us-east-1" });

exports.handler = async (event) => {
    //get all the events
    let events = await describeEventsForOrganization({filter: {}});
    console.log("Events: " + JSON.stringify(events)); //test

   async function describeEventsForOrganization(eventParams) {
        try {
            let token;
            let localEvents = [];
            do {
                const response = await health.describeEventsForOrganization({...eventParams, nextToken: token }).promise();
                token = response.nextToken;
                localEvents.push(response.events);
            } while (token)
            //all events are captured, merge multiple arrays into one array
            const mergedEvents = [].concat.apply([], localEvents);
            return mergedEvents;
        }
        catch(err) {
            console.log("describeEventsForOrganization error: "+ err);
            throw err;
        }
    }
}

Expected behavior eventScopeCode attribute should be shown in the output

[ajredniwja]

Hey @sri7vasu, thank-you for opening this issue.

Do you also get the same response when you run it locally?

Can you check if the eventArn that you specified in the request is valid?

If is is not, then eventScopeCode may not be added to the response.

Can you share what your response looks like?

[sri7vasu]

As mentioned in my issue above, the eventScopeCode attribute is being returned when i run it from my local using CLI or Javascript AWS SDK but not when i am running from lambda. And yes all my eventArn's are valid as they are from my account's PHD dashboard as well the same eventArn's are returning eventScopeCode from my local Javascript SDK. Here is a sample response i get when running my lambda:

{
    "arn": "arn:aws:health:global::event/CONFIG/AWS_CONFIG_OPERATIONAL_NOTIFICATION/AWS_CONFIG_OPERATIONAL_NOTIFICATION_88a43e8a-e419-4ca7-9baa-78ce94c4dba3",
    "service": "CONFIG",
    "eventTypeCode": "AWS_CONFIG_OPERATIONAL_NOTIFICATION",
    "eventTypeCategory": "accountNotification",
    "region": "global",
    "startTime": "2020-08-01T02:55:49.899Z",
    "lastUpdatedTime": "2020-08-01T03:46:31.764Z",
    "statusCode": "open",
    "eventDetails": [
        {
            "awsAccountId": "836551330019",
            "event": {
                "arn": "arn:aws:health:global::event/CONFIG/AWS_CONFIG_OPERATIONAL_NOTIFICATION/AWS_CONFIG_OPERATIONAL_NOTIFICATION_88a43e8a-e419-4ca7-9baa-78ce94c4dba3",
                "service": "CONFIG",
                "eventTypeCode": "AWS_CONFIG_OPERATIONAL_NOTIFICATION",
                "eventTypeCategory": "accountNotification",
                "region": "global",
                "startTime": "2020-08-01T02:55:49.899Z",
                "lastUpdatedTime": "2020-08-01T03:46:31.764Z",
                "statusCode": "open"
            },
            "eventDescription": {
                "latestDescription": "As part of our ongoing efforts to optimize costs associated with recording changes related to certain ephemeral workloads, AWS Config is scheduled to release an update to relationships modeled within ConfigurationItems (CI) for 7 EC2 resource types on August 1, 2021. Examples of ephemeral workloads include changes to Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon Elastic MapReduce jobs, and Amazon EC2 Autoscaling. This update will optimize CI models for EC2 Instance, SecurityGroup, Network Interface, Subnet, VPC, VPN Gateway, and Customer Gateway resource types to record direct relationships and deprecate indirect relationships.\n\nA direct relationship is defined as a one-way relationship (A->B) between a resource (A) and another resource (B), and is typically derived from the Describe API response of resource (A). An indirect relationship, on the other hand, is a relationship that AWS Config infers (B->A), in order to create a bidirectional relationship. For example, EC2 instance -> Security Group is a direct relationship, since security groups are returned as part of the describe API response for an EC2 instance. But Security Group -> EC2 instance is an indirect relationship, since EC2 instances are not returned when describing an EC2 Security group.\n\nUntil now, AWS Config has recorded both direct and indirect relationships. With the launch of Advanced queries in March 2019, indirect relationships can easily be answered by running Structured Query Language (SQL) queries such as:\n\nSELECT\n resourceId,\n resourceType\nWHERE\n resourceType ='AWS::EC2::Instance' \nAND\n relationships.resourceId = 'sg-234213'\n\nBy deprecating indirect relationships, we can optimize the information contained within a Configuration Item while reducing AWS Config costs related to relationship changes. This is especially useful in case of ephemeral workloads where there is a high volume of configuration changes for EC2 resource types.\n\nWhich resource relationships are being removed? \n\nResource Type: Related Resource Type\n1 AWS::EC2::CustomerGateway: AWS::VPN::Connection\n2 AWS::EC2::Instance: AWS::EC2::EIP, AWS::EC2::RouteTable\n3 AWS::EC2::NetworkInterface: AWS::EC2::EIP, AWS::EC2::RouteTable\n4 AWS::EC2::SecurityGroup: AWS::EC2::Instance, AWS::EC2::NetworkInterface\n5 AWS::EC2::Subnet: AWS::EC2::Instance, AWS::EC2::NetworkACL, AWS::EC2::NetworkInterface, AWS::EC2::RouteTable\n6 AWS::EC2::VPC: AWS::EC2::Instance, AWS::EC2::InternetGateway, AWS::EC2::NetworkACL, AWS::EC2::NetworkInterface, AWS::EC2::RouteTable, AWS::EC2::Subnet, AWS::EC2::VPNGateway, AWS::EC2::SecurityGroup\n7 AWS::EC2::VPNGateway: AWS::EC2::RouteTable, AWS::EC2::VPNConnection\n\nAlternate mechanism to retrieve this relationship information:\nThe SelectResourceConfig API accepts a SQL SELECT command, performs the corresponding search, and returns resource configurations matching the properties. You can use this API to retrieve the same relationship information. For example, to retrieve the list of all EC2 Instances related to a particular VPC vpc-1234abc, you can use the following query:\n\nSELECT\n resourceId,\n resourceType\nWHERE\n resourceType ='AWS::EC2::Instance'\nAND\n relationships.resourceId = 'vpc-1234abc'\n\nIf you have any questions regarding this deprecation plan, please contact AWS Support [1]. Additional sample queries to retrieve the relationship information for the resources listed above is provided in [2].\n\n[1] https://aws.amazon.com/support\n[2] https://docs.aws.amazon.com/config/latest/developerguide/examplerelationshipqueries.html"
            }
        }
    ],
    "affectedEntities": [
        {
            "entityArn": "arn:aws:health:global:836551330019:entity/AXOoGfr3PFipjVy4_Kjg",
            "eventArn": "arn:aws:health:global::event/CONFIG/AWS_CONFIG_OPERATIONAL_NOTIFICATION/AWS_CONFIG_OPERATIONAL_NOTIFICATION_88a43e8a-e419-4ca7-9baa-78ce94c4dba3",
            "entityValue": "AWS_ACCOUNT",
            "awsAccountId": "836551330019",
            "lastUpdatedTime": "2020-08-01T03:39:00.800Z",
            "statusCode": "IMPAIRED"
        }
    ]
}

Can you please help fixing this ASAP ? This is an impediment for a customer deliverable.

[sri7vasu]

Looks like the new version v2.712 has been rolled out recently in us-east-2.Now i'm able to see eventScopeCode. Closing the issue. Thanks!