I can see that an event is being fired by the doppler user, but the rule is not getting triggered for some reason I don't know how to debug.
Event fired:
Rule pattern:
I have this simple rule to catch updates to the secrets manager, I can see secrets are being updated and the event being fired, why would my rule not be fired? How could I debug this?
You are creating a rule with detail-type of AWS API Call via CloudTrail. In order for these events to be picked up, you must create a CloudTrail Trail:
Form the AWS documentation:
To record events with a detail-type value of AWS API Call via CloudTrail, a CloudTrail trail with logging enabled is required.
Related
I've set up an SNS topic that notifies through an email. It's working when I ask to test it through the AWS console. It sends a test email.
I've set up an EventBridge rule that should trigger when security group related actions are executed. I've set the target for that rule to be the SNS topic i described above. But when I make changes to my security groups (through the AWS console or through API calls), no emails are sent.
Can someone look into my configuration and tell me what else I can look into?
Thanks in advance!
You need to have trail enabled for EB to detect API events. From docs:
To record events with a detail-type value of AWS API Call via CloudTrail, a CloudTrail trail with logging enabled is required.
I'm pretty new to AWS but I did some research about my issue and I couldn't find an answer anywhere so hopefully someone can help me with this.
I would like to be notified on Slack whenever someone logs in with a Root account on any of my AWS accounts. I have set up Cloudtrail at the Organisation level to monitor cloudtrail logs on all my AWS account. I have set up a Cloudwatch alarm to trigger whenever a root account is used, the alarm is then sent to a SNS topic that sends it to a Lambda that triggers a message to Slack.
All of this is working fine. However, the message I receive from SNS is basically the following: The alarm (root_login) has been trigerred
Ideally I would want to receive the Cloudwatch event that shows me more information like the IP Address of the user, the AWS account where it occured, etc...
Basically I would like to receive the Cloudwatch event log to the lambda instead of the Cloudwatch alarm trigger. Is that something that is possible?
Thanks
Yes that is possible. Here are some instructions from the AWS site on the aws-sns-to-slack-publisher. The page contains the steps you need to take to deploy .
Here is an example of publishing a health event to slack.
You will ofcourse need to modify the code to meet your requirements.
I have got a AWS CloudWatch Event set-up to trigger whenever a resource is not compliant with a rule in AWS config.
This rule then triggers a Lambda that sends a notification to a general channel to inform people that a rule has been breached.
However, I would ideally like to make use of the tag attached to a resource (as each AWS resource is tagged with the team that owns it) to be able to route these notifications to more specific locations. However, the data sent to the Lambda by the Cloudwatch Event does not contain this information. Is there a good way I can get the tags attached to an AWS resource when an AWS Cloudwatch event is triggered?
Sadly there is not. Your lambda would have to use AWS SDK to check the tags on the resource associated with the event, and then forward the event to different consumers, e.g. SQS queue, or custom EventBridge rule.
I have set up AWS Secret Manager which contains my Redshift credentials. I have enabled secret rotation on my secret. I have used the sample Code given by AWS to set up a lambda function that gets the credentials and have subscribed SNS topic to the lambda which works fine.
I would like AWS Cloudwatch Events to set up a rule that whenever the rotation of secret has Succeeded it triggers my lambda function.
Upon reading the AWS documentation for monitoring my secrets: https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudwatch
I have configured the Cloudtrail logs file to deliver to Cloduwatch Logs.
I have then set up a Cloudwatch Event rule which has Secret Manager as the Service, EventType: AWS API call events and specific operations: ** RotationSucceeded** - a mechanism that notifies you of a successful rotation event.
However, when the secret rotation successfully occurs, the cloud watch event does not trigger the lambda function I have set as the target.
What changes should I make so that the lambda function is triggered every time the Secret is successfully rotated in aws secret manager?
Posting the answer here:
Upon doing more research,
in order to set up AWS Cloudwatch Events rule that whenever rotation of secret has Succeeded it triggers my lambda function.
You will need to reference the RotateSecret API reference. Which in return when the secrtres is rotated will send trigger the lambda function.
RotateSecret would replace RotationSuccessed in specific operations
Have attached the document below for more informtion:
https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html
I am trying to receive an update when a new EC2 security group is created. Haven't had much luck. There have been a lot of resources online however they don't deal with what I'm trying to do. All I need is an SNS notification when a new security group is created for some reason this is proving harder than it should.
Any suggestions on how I may be able to get this to work?
Thanks
The AWS Config service should serve this purpose perfectly.
It allows you to 'listen' for changes on certain (or all) types of resources and perform certain actions in response.
In your situation you could set up listeners for EC2:SecurityGroup events and have these events trigger notifications being sent to an SNS endpoint of your choice.
See some of the docs on streaming AWS Config events to SNS here.
Three are two services of interest:
Amazon CloudWatch Events can use rules to trigger an action when something happens (eg a Security Group is created)
Amazon Config keeps track of historical configurations
For your use-case, I would recommend an Amazon CloudWatch Events Rule:
Service Name: EC2
Event Type: AWS API Call via CloudTrail
Specific Operation: CreateSecurityGroup
Add Target: Specify an SNS Topic to receive the notification