En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

EventBridge Rule not triggering SNS Topic & Lambda Function

0

I have created some resources in ap-south-1 region which is not behaving in expected manner.

I have an RDS Instance for which password is managed by AWS Secrets Manager. Whenever the password is changed I can see RotationSucceeded event in Cloudtrail. Accordingly I have created an EventBridge rule named RDSPasswordRotation that matches the RotationSucceeded event and an SNS Topic named SecretRotationRDS (To notify via mail) & Lambda Function named Jenkins_Pipeline_Trigger_P-3-7 (For Jenkins Build) is configured as targets. I have provided all the necessary permissions but the EventBridge rule is neither invoking the SNS topic nor the Lambda Function.

Can anyone please look into this issue.

The event pattern selected for the EventBridge rule named RDSPasswordRotation is :

{ "source": ["aws.secretsmanager"], "detail-type": ["AWS API Call via CloudTrail"], "detail": { "eventSource": ["secretsmanager.amazonaws.com"], "eventName": ["RotationSucceeded"] } }

Sujets
Sans serveurCalculIntégration d'applicationsSécurité, identité et conformitéGestion et gouvernance
Balises
AWS LambdaAmazon EventBridgeService de notifications simple Amazon (SNS)Gestionnaire de secrets AWSAWS CloudTrail
Langue
English
Sarba
demandé il y a 4 mois342 vues
2 réponses
1
Réponse acceptée

First, do make sure you have at least one CloudTrail trail enabled (you should double-check but I believe first trail is always free). Otherwise CloudTrail will not be passing events to EventBridge.

After that, I'd recommend creating a more generic rule to grab a sample event that you like. You can forward this to a temporary CloudWatch Log record. Once you have a sample event, you can follow this guide to test your event-pattern https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-pattern-sandbox.html.

profile pictureAWS
baldawar
répondu il y a 4 mois
profile picture
EXPERT
Gary Mclean
vérifié il y a un mois
  • Sarba
    il y a 4 mois

    Thanks Mr. baldawar. I have created a trail in cloudtrail and an S3 Bucket along with it to store the event logs. After that Issue got resolved. Also I used below event pattern in eventbridge rule :

    { "source": ["aws.secretsmanager"], "detail-type": ["AWS Service Event via CloudTrail"], "detail": { "eventSource": ["secretsmanager.amazonaws.com"], "eventName": ["RotationSucceeded"] } }

0

Hello.

Change "detail-type" to "AWS Service Event via CloudTrail" as shown in the stackoverflow answer below.
https://stackoverflow.com/questions/70603754/amazon-eventbridge-rotation-succeeded-event

{
    "detail-type": [
      "AWS Service Event via CloudTrail"
    ],
    "detail": {
      "eventSource": [
        "secretsmanager.amazonaws.com"
      ],
      "eventName": [
        "RotationSucceeded"
      ]
    }
  }

I think the event pattern in the following document will be helpful.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring-eventbridge.html#monitoring-eventbridge_examples-rotations

{
    "source": ["aws.secretsmanager"],
    "$or": [
        { "detail-type": ["AWS API Call via CloudTrail"] }, 
        { "detail-type": ["AWS Service Event via CloudTrail"] }
    ],
    "detail": {
        "eventSource": ["secretsmanager.amazonaws.com"],
        "eventName": ["PutSecretValue", "UpdateSecret", "RotationSucceeded"]
    }
}
profile picture
EXPERT
Riku_Kobayashi
répondu il y a 4 mois
profile pictureAWS
EXPERT
Didier_Durand
vérifié il y a 4 mois
  • Sarba
    il y a 4 mois

    Tried the above solutions but still facing the same issue. In Cloud Watch metrics unable to see event by eventbridge rule name. Even Failed Invocation is not present. I am guessing the eventbridge rule was never invoked and hence the target SNS topic and the Lambda Functions were not triggered. There is some issue with the event pattern because Lambda is getting invoked by a different unrelated rule that i used for testing. It had similar permissions.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents