Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Event pattern for retrieving secret values

0

I would like to get notified when someone retrieves a secret value. I created an event rule (see below) and set an SNS topic as a target, to which I had subscribed. However, it does not appear to be working. Is there anything I need to do in the event pattern to make it work?

{ "source": ["aws.secretsmanager"], "detail-type": ["AWS API Call via CloudTrail"], "detail": { "eventSource": ["secretsmanager.amazonaws.com"], "eventName": ["GetSecretValue"] } }

Themen
ServerlosAnwendungsintegrationManagement & Unternehmensführung
Tags
Amazon EventBridgeAmazon CloudWatchAmazon Simple Notification Service (SNS)
Sprache
English
Anonymous
gefragt vor 5 Monaten366 Aufrufe
1 Antwort
1
Akzeptierte Antwort

Hello.

The following documentation may be helpful.
https://aws.amazon.com/jp/blogs/compute/introducing-support-for-read-only-management-events-in-amazon-eventbridge/

Perhaps the rule you created does not have "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" enabled.
Please run the following AWS CLI command to enable it.

aws events put-rule --name "rule-name" --event-pattern "{ \"source\": [\"aws.secretsmanager\"], \"detail-type\": [\"AWS API Call via CloudTrail\"], \"detail\": { \"eventName\": [\"GetSecretValue\"] } }" --state ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS

In addition to the above, you also need to set up a trail for your account in CloudTrail.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 5 Monaten
  • Anonymous
    vor 5 Monaten

    Works like a charm. Thank you so much!

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt