Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

how to trigger aws lambda function upon a new event being detected by cloudtrail

byMR
April 16, 2023

I currently have a lambda function in AWS that I am trying to trigger whenever a new event is detected by Cloudtrail. In Amazon EventBridge, I have set a rule with the following event pattern:

{
   "source": ["aws.cloudtrail"]
}

I have also configured the target to be the lambda function. However, when I go to AWS WAF -> IP SETS, and edit one of the IP Sets, even though I can see the event in the Event History tab of cloudtrail, the lambda function does not get triggered. I have checked the event JSON in cloudtrail and the eventSource property is given as wafv2.amazonaws.com. Should I take this to mean that my rule in eventbridge is not working as the source is never going to be cloudtrail itself, but the service that the change actually occurs in? If so, is there any other way I could possibly configure an eventbridge rule such that any event detected by cloudtrail will trigger the lambda? (I need the lambda function to be triggered on a variety of events, not just updating IP sets, so I can’t set the source as WAF)

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

Yes, based on the information you provided, it appears that the event source for the event you’re interested in is not "aws.cloudtrail" but rather "wafv2.amazonaws.com", as indicated in the "eventSource" property in the CloudTrail event JSON. This means that your current EventBridge rule with the source set to "aws.cloudtrail" may not capture events triggered by changes in AWS WAF IP sets.

To capture events related to changes in AWS WAF IP sets, you can update your EventBridge rule to use "eventSource" instead of "source" in your event pattern. The "eventSource" field in the event pattern allows you to specify the service that generates the event. Here’s an example of an updated event pattern:

{
 "detail-type": ["AWS API Call via      CloudTrail"],
 "detail": {
    "eventSource":    ["wafv2.amazonaws.com"],
  "eventName": ["UpdateIPSet"]
   }
 }

In this example, the "eventSource" is set to "wafv2.amazonaws.com" and the "eventName" is set to "UpdateIPSet", which is the specific event you’re interested in. You can modify the event pattern to capture other events related to AWS WAF IP sets, such as "CreateIPSet", "DeleteIPSet", etc., as needed.

By updating your event pattern to specify "eventSource" and "eventName" in the CloudTrail events related to AWS WAF IP sets, you should be able to trigger your Lambda function in response to those events through EventBridge. Remember to also update the target of your EventBridge rule to point to your Lambda function, so that the Lambda function is triggered correctly when the desired events occur.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading