What EventBridge gets from CloudTrail?

0

Hi, how do we know what CloudTrail events are sent to EventBridge? It looks like (from here: https://repost.aws/knowledge-center/automate-eventbridge-rule-cloudtrail-api) CloudTrail sends to default bus everything for which a Trail is configured, right?

So if I stay on default config (no Trails) then API calls do not land in EventBridge - only if a given service sends it like mentioned here: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-service-event.html

AWS
已提問 4 個月前檢視次數 130 次
1 個回答
0
已接受的答案

That's correct: CloudTrail events that are captured by any of your configured trails in the region are delivered to EventBridge, and events not recorded by any of the trails you've configured do not get delivered. It's summarised in this documentation segment: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-eventbridge

The point about some events being reported both by CloudTrail and the underlying service refers to that information about certain types of events is available directly from the underlying service as well as by listening to CloudTrail events. For example, if an EC2 instance is stopped by the customer calling the StopInstances API, it can be observed either by listening to CloudTrail for that API call or by using the EC2 instance state change notification that EC2 delivers to EventBridge without involving CloudTrail: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instance-state-changes.html.

However, while both methods would detect an operator shutting down an instance, the event from EC2 wouldn't say which IAM role or user requested it, while the CloudTrail event would contain that information. On the other hand, the EC2 instance state notification would also respond to an AWS-initiated event or hardware failure, while CloudTrail would only log events requested explicitly by calling an API in your account.

專家
已回答 4 個月前
  • Thank you fo this clear and thorough answer. Is there also a difference in delivery time of these two mechanisms?

  • In general, both CloudTrail and other services send messages to EventBridge nearly in real time, but semantics can vary. For example, EC2 might notify about an EBS volume creation completing, while CloudTrail would produce a log entry as soon as the API request is made to create the volume. In many cases, there's no major difference in timing, but with long-lasting operations where the service only notifies about the completion, there can be.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南