Global outage event

If you're experiencing issues with your AWS services, then please refer to the AWS Health Dashboard. You can find the overall status of ongoing outages, the health of AWS services, and the latest updates from AWS engineers.

How do I get notified when IAM changes occur in my AWS account?

3 minute read

I created an Amazon EventBridge rule to notify me when someone changes AWS Identity and Access Management (IAM) identities or makes API calls. However, the event rule doesn't initiate and I don't receive notifications.

Short description

Create an Amazon EventBridge rule with an event pattern that matches a specific IAM API call or multiple IAM API calls. Then, associate the rule with an Amazon Simple Notification Service (Amazon SNS) topic. When the rule runs, Amazon SNS sends an SNS notification to the corresponding subscriptions.

Resolution

Prerequisites:

Create an Amazon SNS topic.
You must have a CloudTrail trail configured in the US East (N. Virginia) AWS Region with management events set to Write-only or All.

EventBridge receives IAM API call events through CloudTrail. The IAM service and related AWS API calls are available only in the US East (N. Virginia) Region. This means that the EventBridge rule must also be in the US East (N. Virginia) Region.

The following example custom event pattern starts a notification when CreateUser and DeleteUser API calls are made in your account.

Complete the following steps:

Open the EventBridge console in the US East (N. Virginia) Region.
In the navigation pane, choose Rules, and then select Create rule.
Enter a Name and Description for the rule.
For Event bus, select the default AWS event bus. When IAM emits an event, it goes to your account's default event bus.
For Rule type, choose Rule with an event pattern, and then select Next.
For Event source, choose AWS events or EventBridge partner events.
Under Event pattern, choose the following:
For Event source, choose AWS services.
For AWS service, choose IAM.
For Event type, choose AWS API Call via CloudTrail.
To start the rule for specific API calls, choose Specific operation(s).
In the text box, enter the name of an API call to receive notifications. For example, CreateUser.
To add more API calls, choose Add.
Under the Event pattern preview box, choose Edit pattern.

Copy and paste the following example template into the event pattern preview pane:

{  
  "source": [
    "aws.iam"
  ],
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "iam.amazonaws.com"
    ],
    "eventName": [
      "CreateUser",
      "DeleteUser"
    ]
  }
}

Choose Save.
Choose Next.
For Target types, choose AWS service.
For Select a target, choose SNS topic.
In the Topic dropdown list, select your SNS topic.
(Optional) To add another target for this rule, choose Add another target.
Choose Next.
(Optional) Enter one or more tags for the rule. For more information, see Adding or removing tags on event buses.
Choose Next.
Confirm that the details of the rule are correct, and then choose Create rule.

Related information

How do I get notifications when changes happen to my Route 53 hosted zone records?

How do I configure EventBridge rules for GuardDuty to send custom SNS notifications for specific service finding types?

My rule matches AWS global service API calls but it didn't run

Topics: Serverless Application Integration Management & Governance Networking & Content Delivery
Tags: Amazon CloudWatch Amazon EventBridge
Language: English

AWS OFFICIALUpdated 3 months ago

No comments

Relevant content

AWS IAM Identity Center - EventBridge Rules
Accepted Answer
Peter Eskandar
asked 3 years ago
How to configure existing AWS Config rule to send to SNS ?
Accepted Answer
User-8096553
asked 2 years ago
Cant trigger EventBridge rule with Security Hub Findings - Imported
An Nguyen
asked 2 years ago
Eventbridge pattern in json
Divya
asked 2 years ago
EventBridge Rule not triggering SNS Topic & Lambda Function
Accepted Answer
rePost-User-0498486
asked 2 years ago
How do I configure cross-account targets in EventBridge?
AWS OFFICIALUpdated 4 months ago
How do I configure EventBridge rules for GuardDuty to send custom SNS notifications for specific service finding types?
AWS OFFICIALUpdated 10 months ago
How can I use AWS Config to notify me when an AWS resource is non-compliant?
AWS OFFICIALUpdated 17 days ago
Why didn't my Amazon SNS topic receive EventBridge notifications?
AWS OFFICIALUpdated 4 months ago
How to detect resource changes from outside your trusted sources across Organization accounts ?
EXPERT
Himanshu
published 2 months ago