Event pattern for retrieving secret values

Question

I would like to get notified when someone retrieves a secret value. I created an event rule (see below) and set an SNS topic as a target, to which I had subscribed. However, it does not appear to be working. Is there anything I need to do in the event pattern to make it work?

{
  "source": ["aws.secretsmanager"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["secretsmanager.amazonaws.com"],
    "eventName": ["GetSecretValue"]
  }
}

Accepted Answer

Hello.

The following documentation may be helpful.  
https://aws.amazon.com/jp/blogs/compute/introducing-support-for-read-only-management-events-in-amazon-eventbridge/

Perhaps the rule you created does not have "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" enabled.  
Please run the following AWS CLI command to enable it.  
```
aws events put-rule --name "rule-name" --event-pattern "{ \"source\": [\"aws.secretsmanager\"], \"detail-type\": [\"AWS API Call via CloudTrail\"], \"detail\": { \"eventName\": [\"GetSecretValue\"] } }" --state ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
```

In addition to the above, you also need to set up a trail for your account in CloudTrail.  
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html

Event pattern for retrieving secret values

관련 콘텐츠