By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Capturing CloudTrail events from QuickSight

0

I am trying to catch the CloudTrail events into EventBridge. I am following this article:

https://aws.amazon.com/blogs/big-data/using-administrative-dashboards-for-a-centralized-view-of-amazon-quicksight-objects/

Which also uses this code base:

https://github.com/aws-samples/amazon-quicksight-sdk-proserve/blob/master/Administrative_Dashboard/administrative_dashboard/administrative_dashboard_stack.py

I am pretty much doing everything the same, except in TypeScript:

Trail.onEvent(this, 'OnEvent', {
  description: 'Catch QuickSight CloudTrail events.',
  target: new aws_events_targets.CloudWatchLogGroup(new LogGroup(this, 'EventLog')),
  eventPattern: {
    source: ['aws.quicksight'],
    detail: {
      eventSource: ['quicksight.amazonaws.com'],
      eventName: ['CreateGroup'],
    },
  },
})

Yet, I am not getting any events in my log.

I do see them in the CloudTrail UI though.

The final EventBridge rule is:

{
  "detail-type": ["AWS API Call via CloudTrail"],
  "source": ["aws.quicksight"],
  "detail": {
    "eventSource": ["quicksight.amazonaws.com"],
    "eventName": ["CreateGroup"]
  }
}
  • QuickSight and everything is in the same region
  • I am using AWS CDK, so I can almost rule out any permission issue, as all of that is handled
  • I am using the same rules as the linked codebase above, just in TS

Is there anything else that needs to be done on the account to be able to pipe these events to EventBridge?

Thanks.

  • vtjean
    a year ago

    Have you created a Cloudtrail Trail that monitors that event?

  • m0ltar
    a year ago

    @vtjean I have tried that, yes, but it had no effect. Also, the article I have linked does not indicate that this is a required step.

  • m0ltar
    10 months ago

    Have been trying to solve this with support since posting this question. Still no full resolution, but some updates.

    Indeed, creating a CloudTrail trail does solve the issue and does emit events to EB.

    However, the question still remains, how this works in the other (staging) account, which has no trails?

    And how did it work for that demo code that has been shared on GH, without the trail?

    My guess would be that perhaps, depending on the age of the account, trail events are automatically enabled, but for older accounts, they were not enabled retroactively for some reason.

Topics
ServerlessApplication IntegrationAnalyticsManagement & Governance
Tags
Amazon EventBridgeAmazon QuickSightAWS CloudTrail
Language
English
profile picture
m0ltar
asked a year ago434 views
1 Answer
0

It was confirmed by AWS that it appears to be a bug on an individual account. They are looking into it.

profile picture
m0ltar
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content