如何为 AssumeRole 事件配置 AWS Cloudwatch Events(以触发 SNS 通知)
[英]How to configure AWS Cloudwatch Events for the AssumeRole event (in order to trigger SNS notifications)
问题描述
I am trying to configure a Cloudwatch Event Rule (to trigger an SNS notification) for whenever someone assumes a particular role:
我正在尝试为某人担任特定角色时配置 Cloudwatch 事件规则(以触发 SNS 通知):
{
"detail": {
"eventName": [
"AssumeRole"
],
"eventSource": [
"sts.amazonaws.com"
],
"requestParameters": {
"roleArn": [
"arn:aws:iam::0000:role/the_role_name"
]
}
},
"detail-type": [
"AWS API Call via CloudTrail"
]
}
Where 0000 is the account id and the_role_name is the role I want to alert on.其中0000是帐户 ID,而the_role_name是我要提醒的角色。
This is failing to trigger any notification, however when I search in Cloudtrail Insights for the events:这无法触发任何通知,但是当我在 Cloudtrail Insights 中搜索事件时:
filter eventName = 'AssumeRole'
| filter requestParameters.roleArn =~ 'the_role_name'
| sort @timestamp desc
| display @timestamp, requestParameters.roleSessionName, eventName, requestParameters.roleArn, userAgent, sourceIPAddress
I DO get results that SHOULD have triggered the rule:我确实得到了应该触发规则的结果:
requestParameters.roleSessionName eventName requestParameters.roleArn
my_username AssumeRole arn:aws:iam::0000:role/the_role_name
...
For the sake of trying to dumb things down and catch a broader set of events, I also tried the following Rule (which would catch all AssumeRole events to any role):为了试图简化事情并捕获更广泛的事件集,我还尝试了以下规则(它将所有 AssumeRole 事件捕获到任何角色):
{
"detail": {
"eventName": [
"AssumeRole"
]
},
"detail-type": [
"AWS API Call via CloudTrail"
]
}
This rule also is failing to trigger.此规则也未能触发。
Does anyone have ideas on how to configure Cloudwatch Event Rules to trigger on AssumeRole events?有没有人有关于如何配置 Cloudwatch 事件规则以触发AssumeRole事件的AssumeRole ?
I read through this related question (which is trying to achieve something similar), but it did not have a solution: AWS CloudWatch Events trigger SNS on STS role assuming for cross account我通读了这个相关问题(它试图实现类似的目标),但它没有解决方案: AWS CloudWatch Events trigger SNS on STS role assuming for cross account
1 个解决方案
解决方案1
0 2020-02-05 22:44:58
First of all make sure whether the event is invoked or not by checking the monitoring metrics for the rule.首先通过检查规则的监控指标来确定事件是否被调用。 It is possible that it is triggered, but it fails to invoke the target.有可能它被触发了,但它无法调用目标。 In this case, you should check your IAM policies.在这种情况下,您应该检查您的 IAM 策略。
If it is not triggered, there could be issues with trail delivery to Cloudwatch Logs.如果未触发,则跟踪传送到 Cloudwatch Logs 可能会出现问题。 Make sure that you created a trail in the same region, which delivers events to Cloudwatch Logs.确保您在同一区域创建了一个跟踪,将事件传送到 Cloudwatch Logs。
I've the following rule in us-east-1 region, which works fine:我在 us-east-1 区域有以下规则,效果很好:
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"sts.amazonaws.com"
],
"eventName": [
"AssumeRole"
]
},
"source": [
"aws.sts"
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.