By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is there a way to create a lambda function which track all roles assumed by a user in the last 24 hours ?

0

I want to create a lambda function that sends me an sns alert of the list of all roles assumed by a user over the last 24 hours whenever a role X in account B is assumed by another role from account A .

Topics
ServerlessComputeSecurity, Identity, & ComplianceApplication Integration
Tags
AWS LambdaAWS Identity and Access ManagementAmazon EventBridge
Language
English
rePost-User-8971685
asked a year ago225 views
1 Answer
1

Hi yes.

You can try leveraging CloudTrail to log API calls for assume role: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html

You can combine it with EventBridge rule, which then can trigger a an alert towards SNS, actually without need to use Lambda function.

Hope it helps ;)

profile picture
EXPERT
Antonio_Lagrotteria
answered a year ago
profile pictureAWS
EXPERT
Brettski-AWS
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content