By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SNS ConsoleLogin for every region

0

In the past all ConsoleLogin would dump in CloudTrail because it was Global to the us-east-1 region. So when setting up an EventBridge event to notify of a ConsoleLogin of a user signing in would work for all region logins. But now with the change for CloudTrail they are sorted into their respective regions. With that change you can no longer setup a simple alert for notifying when someone logs in because of the region separation.

Is there a simpler way to do this than what I am doing below?

Go through the usual steps of setting up the SNS, CloudTrail, and the EventBridge for a AWS Event of ConsoleLogin focused on Sign-In which is all for the us-east-1 region similar to the original. Now for every other region we have to create an new EventBridge Event that has similar rules, but has the target arn set to the event bus in the us-east-1 region. This will pass that event to that target bus to be picked up by that rule so the SNS will notify for the other region this event exists in. The only other thing required is to create an Execution role to allow this to cross-regions.

I feel like this is a lot of extra steps just to monitor AWS ConsoleLogin sign-ins. I am building out a terraform script to handle this, but curious if anyone has run into this same scenario and has a different solution?

Topics
ServerlessApplication Integration
Tags
Amazon EventBridgeAmazon Simple Notification Service (SNS)
Language
English
LostNet
asked a month ago249 views
1 Answer
1

AWS CloudTrail does support multi-region trails, you should convert any single-region trails that you have into multi-region trails. This will allow you to capture all global service events, including ConsoleLogin, in their respective regions. You can then set up an EventBridge rule in each region where you want to receive notifications for these events, or centralize the processing by forwarding events to a specific region, as you initially described.

To centralize the processing of ConsoleLogin events in a specific region, create a multi-region CloudTrail trail to capture events from all regions. Then, set up EventBridge rules in each region to forward ConsoleLogin events to a central event bus in your preferred region. Finally, configure a central EventBridge rule in that region to trigger notifications or processing actions based on the forwarded events.

profile picture
EXPERT
Osvaldo Marte
answered a month ago
  • LostNet
    a month ago

    That is currently the process that I am using. Wondering if there is a simpler method seeing that ConsoleLogin which indicates AWS login is something you may want notifications for regardless of where the login region comes from which setting up an EventBridge for every region would be a tedious task after previously being a single step.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content