问题描述
我正在使用 Cloudformation 自动化 AWS Cloudwatch Events。
我想通过类型:root分离事件,如果发生任何根活动,我们需要得到警报。
InputPathsMap中的代码怎么写
EventRule01:
Type: AWS::Events::Rule
Properties:
Name: !Join
- ""
- - !GetAtt ResourceListAccountAlias.accountAlias
- Root-Account-Change-Detected
Description: "Triggers an alarm when AWS Root Account"
State: "ENABLED"
Targets:
- Arn: !Ref AlarmNotificationTopic01
Id: "001"
InputTransformer:
InputPathsMap:
eventSource: "$.detail.eventSource"
accountId: "$.detail.userIdentity.accountId"
principalId: "$.detail.userIdentity.principalId"
type: "$.detail.userIdentity"
eventTime: "$.detail.eventTime"
eventName: "$.detail.eventName"
InputTemplate: |
"The following event: <eventSource> was detected: <eventName> in account: <accountId>"
"This event was initiated by: <principalId> for this Account: <type> on: <eventTime>"
EventPattern:
detail-type:
- "AWS API Call via CloudTrail"
detail:
eventSource:
- "signin.amazonaws.com"
eventName:
- "ConsoleLogin"
解决方法
InputPathsMap
不是为了隔离事件。所以你不能做你想做的事。您必须为不同的用户创建不同的规则,或者将所有事件定向到 lambda 函数。然后,该函数可以根据事件的主体进一步分发事件。