skip to Main Content

for example I have a iam eventbridge rule that is triggered for any changes to the roles as below:

{
  "source": ["aws.iam"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["iam.amazonaws.com"],
    "eventName": ["AttachGroupPolicy", "AttachRolePolicy", "AttachUserPolicy", "DetachGroupPolicy", "DetachRolePolicy", "DetachUserPolicy", "PutGroupPolicy", "PutRolePolicy", "PutUserPolicy"]
  }
}

Is there any way to update this rule and trigger only if this happens for say role testone
?

2

Answers


  1. Chosen as BEST ANSWER

    I am not sure about the EventBridge filter for the purpose but found a very easy technique from the link below: https://aws.amazon.com/premiumsupport/knowledge-center/eventbridge-create-custom-event-pattern/ So basically you have to let the event you are targeting to be in your cloudtrail or get teh email notifications and then copy and paste the only wanted part. So for my problem I did this and it is workng exactly as I wanted.

    {
      "source": ["aws.iam"],
      "detail-type": ["AWS API Call via CloudTrail"],
      "detail": {
        "eventSource": ["iam.amazonaws.com"],
        "eventName": ["AttachGroupPolicy", "AttachRolePolicy", "AttachUserPolicy", "DetachGroupPolicy", "DetachRolePolicy", "DetachUserPolicy", "PutGroupPolicy", "PutRolePolicy", "PutUserPolicy"],
        "requestParameters": {
          "roleName": ["testone"]
        }
      }
    }
    

  2. You would use an EventBridge filter for you rule so that it only matches the specific role.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search