I have an EventBridge rule that looks like this:
{
"source": ["redshift.amazonaws.com"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["redshift.amazonaws.com"],
"eventName": ["CreateCluster"],
"requestParameters": {
"clusterIdentifier": ["some-redshift-cluster"]
}
}
}
As you can see I want to invoke that rule on the Cluster Creation event. The problem is the rule above doesn’t want to be invoked so it won’t trigger specific Lambda that is set as a target of the rule.
As an experiment I’ve created a mock event on default event bus and sent it. EventBridge rule matches with this event, which looks like this:
{
"version": "0",
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"detail-type": "AWS API Call via CloudTrail",
"source": "redshift.amazonaws.com",
"account": "xxxxxxxxxxxx",
"time": "2023-07-04T10:13:01Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "xxxxxxxxxxxxxxxxxxxxx",
"arn": "arn:aws:iam::xxxxxxxxxxxx:user/[email protected]",
"accountId": "xxxxxxxxxxxx",
"accessKeyId": "xxxxxxxxxxxxxxxxxxxx",
"userName": "[email protected]"
},
"eventTime": "2023-07-04T07:03:13Z",
"eventSource": "redshift.amazonaws.com",
"eventName": "CreateCluster",
"awsRegion": "us-east-1",
"sourceIPAddress": "xx.xx.xx.xxx",
"userAgent": "xxx",
"requestParameters": {
"dBName": "xxx",
"clusterIdentifier": "some-redshift-cluster",
"clusterType": "single-node",
"nodeType": "dc2.large",
"masterUsername": "xxxxxxxxx",
"masterUserPassword": "HIDDEN_DUE_TO_SECURITY_REASONS",
"vpcSecurityGroupIds": [
"xx-xxxxxxxxxxxxxxxxx"
]
}
I’ve changed each sensitive data to x sign. There is much more info in detail key but I’ve skipped it.
Value of this detail key is an Event Record content from the CreateCluster event located in an Event History in the CloudTrail after the Redshit Cluster is created. The are no keys like version, id, source etc. on the higher level and I think that’s the reason why that rule can’t match event of Cluster Creation. How can I edit this rule to make it work on real CreateCluster event that happens while Cluster is created?
2
Answers
The record visible in CloudTrail corresponds to a
CreateClusterevent, not anEventBridgeevent. This is why you were unable to view theid,source, andversionfields. However, when the sameCreateClusterevent is sent through theEventBridge, it will contain all the mentioned fields (id, source, version), as they are mandatory for EventBridge events. In addition to that, thedetailfield in theEventBridgeevent is a placeholder for theCreateClusterevent that you saw in CloudTrail.The
CreateClusterevent on EventBridge resembles the sample response that you mentioned in the question. However, it’s important to note that the actualCreateClusterevent on EventBridge contains the value aws.redshift in thesourcefield, not redshift.amazonaws.com.Therefore, to invoke a lambda function for a
CreateClusterevent, use the following EventBridge rule:To invoke your EventBridge rule on resource creation, I suggest you take the source as aws.config. (with keeping in mind that in future you will move to other resources as well)
You can add "AWS::Redshift::Cluster" as resource type in the event pattern.
For more info please take a look at these pages –
https://medium.com/@TechStoryLines/receive-sns-alerts-when-new-resources-are-created-in-your-aws-account-db749b16445f
https://techstorylines.hashnode.dev/receive-sns-alerts-when-new-resources-are-created-in-your-aws-account