Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

EventBridge Rule not triggering SNS Topic & Lambda Function

0

I have created some resources in ap-south-1 region which is not behaving in expected manner.

I have an RDS Instance for which password is managed by AWS Secrets Manager. Whenever the password is changed I can see RotationSucceeded event in Cloudtrail. Accordingly I have created an EventBridge rule named RDSPasswordRotation that matches the RotationSucceeded event and an SNS Topic named SecretRotationRDS (To notify via mail) & Lambda Function named Jenkins_Pipeline_Trigger_P-3-7 (For Jenkins Build) is configured as targets. I have provided all the necessary permissions but the EventBridge rule is neither invoking the SNS topic nor the Lambda Function.

Can anyone please look into this issue.

The event pattern selected for the EventBridge rule named RDSPasswordRotation is :

{ "source": ["aws.secretsmanager"], "detail-type": ["AWS API Call via CloudTrail"], "detail": { "eventSource": ["secretsmanager.amazonaws.com"], "eventName": ["RotationSucceeded"] } }

Argomenti
ServerlessComputazionaliIntegrazione delle applicazioniSicurezza, identità e conformitàGestione e amministrazione
Tag
AWS LambdaAmazon EventBridgeAmazon Simple Notification Service (SNS)Gestore AWS SecretsAWS CloudTrail
Lingua
English
Sarba
posta 4 mesi fa342 visualizzazioni
2 Risposte
1
Risposta accettata

First, do make sure you have at least one CloudTrail trail enabled (you should double-check but I believe first trail is always free). Otherwise CloudTrail will not be passing events to EventBridge.

After that, I'd recommend creating a more generic rule to grab a sample event that you like. You can forward this to a temporary CloudWatch Log record. Once you have a sample event, you can follow this guide to test your event-pattern https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-pattern-sandbox.html.

profile pictureAWS
baldawar
con risposta 4 mesi fa
profile picture
ESPERTO
Gary Mclean
verificato un mese fa
  • Sarba
    4 mesi fa

    Thanks Mr. baldawar. I have created a trail in cloudtrail and an S3 Bucket along with it to store the event logs. After that Issue got resolved. Also I used below event pattern in eventbridge rule :

    { "source": ["aws.secretsmanager"], "detail-type": ["AWS Service Event via CloudTrail"], "detail": { "eventSource": ["secretsmanager.amazonaws.com"], "eventName": ["RotationSucceeded"] } }

0

Hello.

Change "detail-type" to "AWS Service Event via CloudTrail" as shown in the stackoverflow answer below.
https://stackoverflow.com/questions/70603754/amazon-eventbridge-rotation-succeeded-event

{
    "detail-type": [
      "AWS Service Event via CloudTrail"
    ],
    "detail": {
      "eventSource": [
        "secretsmanager.amazonaws.com"
      ],
      "eventName": [
        "RotationSucceeded"
      ]
    }
  }

I think the event pattern in the following document will be helpful.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring-eventbridge.html#monitoring-eventbridge_examples-rotations

{
    "source": ["aws.secretsmanager"],
    "$or": [
        { "detail-type": ["AWS API Call via CloudTrail"] }, 
        { "detail-type": ["AWS Service Event via CloudTrail"] }
    ],
    "detail": {
        "eventSource": ["secretsmanager.amazonaws.com"],
        "eventName": ["PutSecretValue", "UpdateSecret", "RotationSucceeded"]
    }
}
profile picture
ESPERTO
Riku_Kobayashi
con risposta 4 mesi fa
profile pictureAWS
ESPERTO
Didier_Durand
verificato 4 mesi fa
  • Sarba
    4 mesi fa

    Tried the above solutions but still facing the same issue. In Cloud Watch metrics unable to see event by eventbridge rule name. Even Failed Invocation is not present. I am guessing the eventbridge rule was never invoked and hence the target SNS topic and the Lambda Functions were not triggered. There is some issue with the event pattern because Lambda is getting invoked by a different unrelated rule that i used for testing. It had similar permissions.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente