We Keep Coding

AWS EventBridge Pattern not capturing all events from SecretManager

I have the following pattern in event bridge:
{
"source": [
"aws.secretsmanager"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"secretsmanager.amazonaws.com"
],
"eventName": [
"CreateSecret",
"UpdateSecret",
"DeleteSecret",
"PutSecretValue",
"GetSecretValue",
"ListSecrets",
"RotationFailed",
"RotationSucceeded",
"DescribeSecret"
]
}
}
it is pointing to a Lambda that prints the event to Cloudwatch. Works just fine but when i try to capture events like:
"ListSecrets",
"RotationFailed",
"RotationSucceeded",
"DescribeSecret"
They never get capture by the event system filter i created. Other actions like Update/Create/Delete works just fine.
Is there any steps i am missing to get those?
Documentation Reference: https://docs.amazonaws.cn/en_us/secretsmanager/latest/userguide/retrieve-ct-entries.html
Thanks

All events that are delivered via CloudTrail have AWS API Call via CloudTrail as the value for detail-type. Events from API actions that start with the keywords List, Get, or Describe are not processed by EventBridge, with the exception of events from the following STS actions: GetFederationToken and GetSessionToken. Data events (for example, for Amazon S3 object level events, DynamoDB, and AWS Lambda) must have trails configured to receive those events. Learn more.
Warning from AWS at EventBridge page about Secrets Manager

Is it possible to trigger a Lambda function on a VPC creation/ edit event?

I have a Lambda function that I want to take action on a transit gateway when a new VPC is created, or when a VPC is updated. I've used CloudWatch Events for similar triggers in the past (such as when an EC2 instance was terminated) and was hoping to do something similar for this use case. What I've found is that VPC is not listed as one of the services available in Events, and the CloudTrail trail I have configured doesn't appear to be catching CreateVpc or DeleteVpc events, so I'm not sure that using the CloudTrail event pattern is possible either.
I was hoping to use an event similar to what's below, but have not had any luck -
{
"source": ["aws.cloudtrail"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["cloudtrail.amazonaws.com"],
"eventName": ["CreateVpc"]
}
}
Is it possible to catch a CreateVpc event for use as a Lambda trigger?

doesn't appear to be catching CreateVpc or DeleteVpc events
You have to double check your trail setup. CreateVpc and DeleteVpc are for sure captured by the CloudTrial.
However, it may be problem with your rule. The source should be aws.ec2:
{
"source": ["aws.ec2"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ec2.amazonaws.com"],
"eventName": ["CreateVpc"]
}
}

How can I trigger a lambda when a log group is created in cloudwatch?

How can I trigger a lambda when a log group is created in cloudwatch? What I am thinking the easiest way to do is to create a cloudwatch rule to send cloudtrail event to lambda. Is it reasonable to do? If yes, how can I filter out other events but only trigger lambda when a log group is created?

The only event type supported by CloudWatch Events (CWE) for CW Logs (CWL) is:
AWS API Call via CloudTrail
Therefore, you can catch the events of interests when you enabled CloudTrail (CT) trail. Once enable, API events would be available in CWE. Then, you would have to create CWE rule which captures CreateLogGroup API call. The rule would trigger your lambda function.
An example CWE rule could be:
{
"source": [
"aws.logs"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"logs.amazonaws.com"
],
"eventName": [
"CreateLogGroup"
]
}
}

How to trigger AWS Cloudwatch event only via put_events

My end goal is to start an ECS (fargate) task/Lambda based on API call (manually).
When creating the CloudWatch Rule I have to select a service to listen events on. I'm not sure what service I should use for my purpose.
What is the best thing to do? Should I create a CloudWatch alarm that I manually trigger?
Thanks

So you want to trigger a lambda function/ECS task based on an API call.This cloudwatch event rule service will depend on the type of API call you are running.
For example if there is a S3 Put event ,then you will select the S3 as the service and then the specific S3 operation you are running
{
"source": [
"aws.s3"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"PutObject"
]
}
}
If this a non-aws API call then you can use cloudwatch logs to trigger the Cloudwatch event rule.

How to create a custom event trigger to invoke a lambda whenever a new bucket is created?

I have a lambda function in Python that I want to invoke whenever a new s3 bucket is created. I want to create a custom event trigger to invoke it. What would be the best way to go ahead implementing this.

You can create a cloudwatch rule (see below) that triggers when a bucket is created or deleted and launches a lambda as its target.
In Cloud watch create rule > Choose
Service Name: Simple Storage Service s3
Event type: Bucket Level Operations
and select Specific Operations, specifying CreateBucket (and DeleteBucket) if you need it.
This will produce "custom" code similar to below.
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"source": [
"aws.s3"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"CreateBucket",
"DeleteBucket"
]
}
}

I could answer here, but have a look on this: How to Execute Lambda Functions on S3 Event Triggers

Hello You can monitor new bucket creation from AWS Config or AWS Cloud Trail services and call Lambda function for such event.