Capturing CloudTrail events from QuickSight

Question

I am trying to catch the CloudTrail events into EventBridge. I am following this article:

https://aws.amazon.com/blogs/big-data/using-administrative-dashboards-for-a-centralized-view-of-amazon-quicksight-objects/

Which also uses this code base:

https://github.com/aws-samples/amazon-quicksight-sdk-proserve/blob/master/Administrative_Dashboard/administrative_dashboard/administrative_dashboard_stack.py

I am pretty much doing everything the same, except in TypeScript:

```ts
Trail.onEvent(this, 'OnEvent', {
  description: 'Catch QuickSight CloudTrail events.',
  target: new aws_events_targets.CloudWatchLogGroup(new LogGroup(this, 'EventLog')),
  eventPattern: {
    source: ['aws.quicksight'],
    detail: {
      eventSource: ['quicksight.amazonaws.com'],
      eventName: ['CreateGroup'],
    },
  },
})
```

Yet, I am not getting any events in my log.

I do see them in the CloudTrail UI though.

The final EventBridge rule is:

```json
{
  "detail-type": ["AWS API Call via CloudTrail"],
  "source": ["aws.quicksight"],
  "detail": {
    "eventSource": ["quicksight.amazonaws.com"],
    "eventName": ["CreateGroup"]
  }
}
```

- QuickSight and everything is in the same region
- I am using AWS CDK, so I can almost rule out any permission issue, as all of that is handled
- I am using the same rules as the linked codebase above, just in TS

Is there anything else that needs to be done on the account to be able to pipe these events to EventBridge?

Thanks.

Answer

It was confirmed by AWS that it appears to be a bug on an individual account. They are looking into it.

Capturing CloudTrail events from QuickSight

相關內容