Exemple d'événements

Règle AmazonCloudWatch

{
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "autoscaling.amazonaws.com",
      "ec2.amazonaws.com",
      "elasticloadbalancing.amazonaws.com",
      "lambda.amazonaws.com",
      "rds.amazonaws.com"
    ],
    "eventName": [
      "RunInstances",
      "TerminateInstances",
      "CreateLoadBalancer",
      "DeleteLoadBalancer",
      "CreateFunction20150331",
      "CreateDBInstance",
      "DeleteDBInstance"
    ]
  }
}

Ec2

RunInstances

const state = {
  'arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr': {
    Arn: 'arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr',
    name: 'teamTest',
    events: {
      'aws.ec2': {
        RunInstances: [
          {
            version: '0',
            id: '0cdc5423-ed4e-71d8-c4f7-9c4ab361748c',
            'detail-type': 'AWS API Call via CloudTrail',
            source: 'aws.ec2',
            account: '448878779811',
            time: '2020-03-30T14:21:45Z',
            region: 'eu-west-3',
            resources: [],
            detail: {
              eventVersion: '1.05',
              userIdentity: {
                type: 'AssumedRole',
                principalId: 'AROAINFIQBWI23BCMVNQQ:wlenoir@ippon.fr',
                arn: 'arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr',
                accountId: '448878779811',
                accessKeyId: 'ASIAWRA2CTWRXWA72XA2',
                sessionContext: {
                  sessionIssuer: {
                    type: 'Role',
                    principalId: 'AROAINFIQBWI23BCMVNQQ',
                    arn: 'arn:aws:iam::448878779811:role/role-admin-sre-ops-federated',
                    accountId: '448878779811',
                    userName: 'role-admin-sre-ops-federated'
                  },
                  webIdFederationData: {},
                  attributes: {
                    mfaAuthenticated: 'false',
                    creationDate: '2020-03-30T13:59:41Z'
                  }
                }
              },
              eventTime: '2020-03-30T14:21:45Z',
              eventSource: 'ec2.amazonaws.com',
              eventName: 'RunInstances',
              awsRegion: 'eu-west-3',
              sourceIPAddress: '86.249.63.69',
              userAgent: 'console.ec2.amazonaws.com',
              requestParameters: {
                instancesSet: {
                  items: [
                    {
                      imageId: 'ami-051ebe9615b416c15',
                      minCount: 1,
                      maxCount: 1
                    }
                  ]
                },
                groupSet: { items: [ { groupId: 'sg-02cfebf8b6d97ae6c' } ] },
                instanceType: 't2.micro',
                blockDeviceMapping: {
                  items: [
                    {
                      deviceName: '/dev/sda1',
                      ebs: {
                        volumeSize: 8,
                        deleteOnTermination: true,
                        volumeType: 'gp2'
                      }
                    },
                    { deviceName: '/dev/sdb', noDevice: {} },
                    { deviceName: '/dev/sdc', noDevice: {} }
                  ]
                },
                monitoring: { enabled: false },
                disableApiTermination: false,
                ebsOptimized: false,
                tagSpecificationSet: {
                  items: [
                    {
                      resourceType: 'instance',
                      tags: [
                        { key: 'Name', value: 'test4gmd' },
                        { key: 'UserName', value: 'myteam' }
                      ]
                    },
                    {
                      resourceType: 'volume',
                      tags: [
                        { key: 'Name', value: 'test4gmd' },
                        { key: 'UserName', value: 'myteam' }
                      ]
                    }
                  ]
                },
                creditSpecification: { cpuCredits: 'standard' },
                metadataOptions: {
                  httpTokens: 'optional',
                  httpPutResponseHopLimit: 1,
                  httpEndpoint: 'enabled'
                }
              },
              responseElements: {
                requestId: '5b94d4bd-6fe8-4ade-9435-5ace7f66e2ca',
                reservationId: 'r-08fdfd1d259e8af35',
                ownerId: '448878779811',
                groupSet: {},
                instancesSet: {
                  items: [
                    {
                      instanceId: 'i-0b46ca2e08cffc531',
                      imageId: 'ami-051ebe9615b416c15',
                      instanceState: { code: 0, name: 'pending' },
                      privateDnsName: 'ip-172-31-47-119.eu-west-3.compute.internal',
                      amiLaunchIndex: 0,
                      productCodes: {},
                      instanceType: 't2.micro',
                      launchTime: 1585578104000,
                      placement: {
                        availabilityZone: 'eu-west-3c',
                        tenancy: 'default'
                      },
                      monitoring: { state: 'disabled' },
                      subnetId: 'subnet-0778cdae74930b079',
                      vpcId: 'vpc-0287576cc8fd41999',
                      privateIpAddress: '172.31.47.119',
                      stateReason: { code: 'pending', message: 'pending' },
                      architecture: 'x86_64',
                      rootDeviceType: 'ebs',
                      rootDeviceName: '/dev/sda1',
                      blockDeviceMapping: {},
                      virtualizationType: 'hvm',
                      hypervisor: 'xen',
                      tagSet: {
                        items: [
                          { key: 'UserName', value: 'myteam' },
                          { key: 'Name', value: 'test4gmd' }
                        ]
                      },
                      groupSet: {
                        items: [
                          {
                            groupId: 'sg-02cfebf8b6d97ae6c',
                            groupName: 'launch-wizard-3'
                          }
                        ]
                      },
                      sourceDestCheck: true,
                      networkInterfaceSet: {
                        items: [
                          {
                            networkInterfaceId: 'eni-084248ec4ac327f84',
                            subnetId: 'subnet-0778cdae74930b079',
                            vpcId: 'vpc-0287576cc8fd41999',
                            ownerId: '448878779811',
                            status: 'in-use',
                            macAddress: '0e:d1:ae:41:e9:42',
                            privateIpAddress: '172.31.47.119',
                            privateDnsName: 'ip-172-31-47-119.eu-west-3.compute.internal',
                            sourceDestCheck: true,
                            interfaceType: 'interface',
                            groupSet: {
                              items: [
                                {
                                  groupId: 'sg-02cfebf8b6d97ae6c',
                                  groupName: 'launch-wizard-3'
                                }
                              ]
                            },
                            attachment: {
                              attachmentId: 'eni-attach-052d85eb41492b267',
                              deviceIndex: 0,
                              status: 'attaching',
                              attachTime: 1585578104000,
                              deleteOnTermination: true
                            },
                            privateIpAddressesSet: {
                              item: [
                                {
                                  privateIpAddress: '172.31.47.119',
                                  privateDnsName: 'ip-172-31-47-119.eu-west-3.compute.internal',
                                  primary: true
                                }
                              ]
                            },
                            ipv6AddressesSet: {},
                            tagSet: {}
                          }
                        ]
                      },
                      ebsOptimized: false,
                      cpuOptions: { coreCount: 1, threadsPerCore: 1 },
                      capacityReservationSpecification: { capacityReservationPreference: 'open' },
                      enclaveOptions: { enabled: false },
                      metadataOptions: {
                        state: 'pending',
                        httpTokens: 'optional',
                        httpPutResponseHopLimit: 1,
                        httpEndpoint: 'enabled'
                      }
                    }
                  ]
                }
              },
              requestID: '5b94d4bd-6fe8-4ade-9435-5ace7f66e2ca',
              eventID: '11e4d4c9-73b3-4fa3-8729-9de4d5814c09',
              eventType: 'AwsApiCall'
            }
          }
        ]
      }
    }
  }
}

TerminateInstances

const state = {
  'arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr': {
    Arn: 'arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr',
    name: 'teamTest',
    events: {
      'aws.ec2': {
        RunInstances: [],
        TerminateInstances: [
          {
            version: '0',
            id: '498b7b33-2923-6464-04eb-11eb41140401',
            'detail-type': 'AWS API Call via CloudTrail',
            source: 'aws.ec2',
            account: '448878779811',
            time: '2020-03-30T15:13:38Z',
            region: 'eu-west-3',
            resources: [],
            detail: {
              eventVersion: '1.05',
              userIdentity: {
                type: 'AssumedRole',
                principalId: 'AROAINFIQBWI23BCMVNQQ:wlenoir@ippon.fr',
                arn: 'arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr',
                accountId: '448878779811',
                accessKeyId: 'ASIAWRA2CTWRQ3QQ3YXJ',
                sessionContext: {
                  sessionIssuer: {
                    type: 'Role',
                    principalId: 'AROAINFIQBWI23BCMVNQQ',
                    arn: 'arn:aws:iam::448878779811:role/role-admin-sre-ops-federated',
                    accountId: '448878779811',
                    userName: 'role-admin-sre-ops-federated'
                  },
                  webIdFederationData: {},
                  attributes: {
                    mfaAuthenticated: 'false',
                    creationDate: '2020-03-30T14:27:16Z'
                  }
                }
              },
              eventTime: '2020-03-30T15:13:38Z',
              eventSource: 'ec2.amazonaws.com',
              eventName: 'TerminateInstances',
              awsRegion: 'eu-west-3',
              sourceIPAddress: '86.249.63.69',
              userAgent: 'console.ec2.amazonaws.com',
              requestParameters: {
                instancesSet: { items: [ { instanceId: 'i-0b46ca2e08cffc531' } ] }
              },
              responseElements: {
                instancesSet: {
                  items: [
                    {
                      instanceId: 'i-0b46ca2e08cffc531',
                      currentState: { code: 32, name: 'shutting-down' },
                      previousState: { code: 16, name: 'running' }
                    }
                  ]
                }
              },
              requestID: '039beaab-2bbe-4762-a5f5-8b3c86d6736c',
              eventID: 'db32dac2-d9af-409f-b2d8-f6feaaded256',
              eventType: 'AwsApiCall'
            }
          }
        ]
      }
    }
  }
}

RunInstances for AutoScaling

{
    "version": "0",
    "id": "99daf23e-9b5b-b1ef-1a39-874ff8f13ec2",
    "detail-type": "AWS API Call via CloudTrail",
    "source": "aws.ec2",
    "account": "448878779811",
    "time": "2020-03-30T12:39:03Z",
    "region": "eu-west-3",
    "resources": [],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
            "type": "AssumedRole",
            "principalId": "AROAJBULYMOBODGEXUHAO:AutoScaling",
            "arn": "arn:aws:sts::448878779811:assumed-role/AWSServiceRoleForAutoScaling/AutoScaling",
            "accountId": "448878779811",
            "sessionContext": {
                "sessionIssuer": {
                    "type": "Role",
                    "principalId": "AROAJBULYMOBODGEXUHAO",
                    "arn": "arn:aws:iam::448878779811:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling",
                    "accountId": "448878779811",
                    "userName": "AWSServiceRoleForAutoScaling"
                },
                "webIdFederationData": {},
                "attributes": {
                    "mfaAuthenticated": "false",
                    "creationDate": "2020-03-30T12:39:02Z"
                }
            },
            "invokedBy": "autoscaling.amazonaws.com"
        },
        "eventTime": "2020-03-30T12:39:03Z",
        "eventSource": "ec2.amazonaws.com",
        "eventName": "RunInstances",
        "awsRegion": "eu-west-3",
        "sourceIPAddress": "autoscaling.amazonaws.com",
        "userAgent": "autoscaling.amazonaws.com",
        "requestParameters": {
            "instancesSet": {
                "items": [
                    {
                        "imageId": "ami-096b8af6e7e8fb927",
                        "minCount": 1,
                        "maxCount": 1
                    }
                ]
            },
            "groupSet": {
                "items": [
                    {
                        "groupId": "sg-044631da6ccd45897"
                    }
                ]
            },
            "instanceType": "t2.micro",
            "blockDeviceMapping": {
                "items": [
                    {
                        "deviceName": "/dev/sda1",
                        "ebs": {
                            "snapshotId": "snap-07b9ef478e74b57dc",
                            "volumeSize": 8,
                            "deleteOnTermination": true,
                            "volumeType": "gp2"
                        }
                    }
                ]
            },
            "availabilityZone": "eu-west-3a",
            "monitoring": {
                "enabled": false
            },
            "subnetId": "subnet-078e5006692d22eb9",
            "disableApiTermination": false,
            "clientToken": "d195c4ad-cf3e-5994-3c1e-c95c5b576c81",
            "tagSpecificationSet": {
                "items": [
                    {
                        "resourceType": "instance",
                        "tags": [
                            {
                                "key": "aws:autoscaling:groupName",
                                "value": "gmd_asg"
                            }
                        ]
                    }
                ]
            }
        },
        "responseElements": {
            "requestId": "54bec80b-67d2-493b-9eab-8a2b1ac7f312",
            "reservationId": "r-0e3f9e76f982ffe10",
            "ownerId": "448878779811",
            "groupSet": {},
            "instancesSet": {
                "items": [
                    {
                        "instanceId": "i-0140e7329c73b5889",
                        "imageId": "ami-096b8af6e7e8fb927",
                        "instanceState": {
                            "code": 0,
                            "name": "pending"
                        },
                        "privateDnsName": "ip-172-31-3-118.eu-west-3.compute.internal",
                        "amiLaunchIndex": 0,
                        "productCodes": {},
                        "instanceType": "t2.micro",
                        "launchTime": 1585571943000,
                        "placement": {
                            "availabilityZone": "eu-west-3a",
                            "tenancy": "default"
                        },
                        "monitoring": {
                            "state": "disabled"
                        },
                        "subnetId": "subnet-078e5006692d22eb9",
                        "vpcId": "vpc-0287576cc8fd41999",
                        "privateIpAddress": "172.31.3.118",
                        "stateReason": {
                            "code": "pending",
                            "message": "pending"
                        },
                        "architecture": "x86_64",
                        "rootDeviceType": "ebs",
                        "rootDeviceName": "/dev/sda1",
                        "blockDeviceMapping": {},
                        "virtualizationType": "hvm",
                        "hypervisor": "xen",
                        "tagSet": {
                            "items": [
                                {
                                    "key": "aws:autoscaling:groupName",
                                    "value": "gmd_asg"
                                }
                            ]
                        },
                        "clientToken": "d195c4ad-cf3e-5994-3c1e-c95c5b576c81",
                        "groupSet": {
                            "items": [
                                {
                                    "groupId": "sg-044631da6ccd45897",
                                    "groupName": "AutoScaling-Security-Group-1"
                                }
                            ]
                        },
                        "sourceDestCheck": true,
                        "networkInterfaceSet": {
                            "items": [
                                {
                                    "networkInterfaceId": "eni-0c334cf73b6859c0e",
                                    "subnetId": "subnet-078e5006692d22eb9",
                                    "vpcId": "vpc-0287576cc8fd41999",
                                    "ownerId": "448878779811",
                                    "status": "in-use",
                                    "macAddress": "06:99:c7:e3:4c:f0",
                                    "privateIpAddress": "172.31.3.118",
                                    "privateDnsName": "ip-172-31-3-118.eu-west-3.compute.internal",
                                    "sourceDestCheck": true,
                                    "interfaceType": "interface",
                                    "groupSet": {
                                        "items": [
                                            {
                                                "groupId": "sg-044631da6ccd45897",
                                                "groupName": "AutoScaling-Security-Group-1"
                                            }
                                        ]
                                    },
                                    "attachment": {
                                        "attachmentId": "eni-attach-01450efb5139290f8",
                                        "deviceIndex": 0,
                                        "status": "attaching",
                                        "attachTime": 1585571943000,
                                        "deleteOnTermination": true
                                    },
                                    "privateIpAddressesSet": {
                                        "item": [
                                            {
                                                "privateIpAddress": "172.31.3.118",
                                                "privateDnsName": "ip-172-31-3-118.eu-west-3.compute.internal",
                                                "primary": true
                                            }
                                        ]
                                    },
                                    "ipv6AddressesSet": {},
                                    "tagSet": {}
                                }
                            ]
                        },
                        "ebsOptimized": false,
                        "cpuOptions": {
                            "coreCount": 1,
                            "threadsPerCore": 1
                        },
                        "capacityReservationSpecification": {
                            "capacityReservationPreference": "open"
                        },
                        "enclaveOptions": {
                            "enabled": false
                        },
                        "metadataOptions": {
                            "state": "pending",
                            "httpTokens": "optional",
                            "httpPutResponseHopLimit": 1,
                            "httpEndpoint": "enabled"
                        }
                    }
                ]
            },
            "requesterId": "260509346910"
        },
        "requestID": "54bec80b-67d2-493b-9eab-8a2b1ac7f312",
        "eventID": "c84e0226-be90-4bcc-9010-52107bb98d5e",
        "eventType": "AwsApiCall"
    }
}

TerminateInstances for AutoScaling

{
    "version": "0",
    "id": "5728621f-904f-d3f0-464b-65e55b11e422",
    "detail-type": "AWS API Call via CloudTrail",
    "source": "aws.ec2",
    "account": "448878779811",
    "time": "2020-03-31T12:19:15Z",
    "region": "eu-west-3",
    "resources": [],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
            "type": "AssumedRole",
            "principalId": "AROAJBULYMOBODGEXUHAO:AutoScaling",
            "arn": "arn:aws:sts::448878779811:assumed-role/AWSServiceRoleForAutoScaling/AutoScaling",
            "accountId": "448878779811",
            "sessionContext": {
                "sessionIssuer": {
                    "type": "Role",
                    "principalId": "AROAJBULYMOBODGEXUHAO",
                    "arn": "arn:aws:iam::448878779811:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling",
                    "accountId": "448878779811",
                    "userName": "AWSServiceRoleForAutoScaling"
                },
                "webIdFederationData": {},
                "attributes": {
                    "mfaAuthenticated": "false",
                    "creationDate": "2020-03-31T12:19:15Z"
                }
            },
            "invokedBy": "autoscaling.amazonaws.com"
        },
        "eventTime": "2020-03-31T12:19:15Z",
        "eventSource": "ec2.amazonaws.com",
        "eventName": "TerminateInstances",
        "awsRegion": "eu-west-3",
        "sourceIPAddress": "autoscaling.amazonaws.com",
        "userAgent": "autoscaling.amazonaws.com",
        "requestParameters": {
            "instancesSet": {
                "items": [
                    {
                        "instanceId": "i-06edff5569415cb79"
                    }
                ]
            }
        },
        "responseElements": {
            "instancesSet": {
                "items": [
                    {
                        "instanceId": "i-06edff5569415cb79",
                        "currentState": {
                            "code": 32,
                            "name": "shutting-down"
                        },
                        "previousState": {
                            "code": 16,
                            "name": "running"
                        }
                    }
                ]
            }
        },
        "requestID": "14d4094a-0bcc-4e7a-94e2-da8f56f0dfad",
        "eventID": "e942badd-cdb9-4f66-865e-511ff626f3ad",
        "eventType": "AwsApiCall"
    }
}

Load Balancer

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ELB-API-Logs.html

CreateLoadBalancer

{
    "version": "0",
    "id": "856df7f7-d2a8-c184-1be0-cecaa12dd380",
    "detail-type": "AWS API Call via CloudTrail",
    "source": "aws.elasticloadbalancing",
    "account": "448878779811",
    "time": "2020-03-31T16:32:38Z",
    "region": "eu-west-3",
    "resources": [],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
            "type": "AssumedRole",
            "principalId": "AROAINFIQBWI23BCMVNQQ:wlenoir@ippon.fr",
            "arn": "arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr",
            "accountId": "448878779811",
            "accessKeyId": "ASIAWRA2CTWRRL4YMTE6",
            "sessionContext": {
                "sessionIssuer": {
                    "type": "Role",
                    "principalId": "AROAINFIQBWI23BCMVNQQ",
                    "arn": "arn:aws:iam::448878779811:role/role-admin-sre-ops-federated",
                    "accountId": "448878779811",
                    "userName": "role-admin-sre-ops-federated"
                },
                "webIdFederationData": {},
                "attributes": {
                    "mfaAuthenticated": "false",
                    "creationDate": "2020-03-31T15:47:38Z"
                }
            }
        },
        "eventTime": "2020-03-31T16:32:38Z",
        "eventSource": "elasticloadbalancing.amazonaws.com",
        "eventName": "CreateLoadBalancer",
        "awsRegion": "eu-west-3",
        "sourceIPAddress": "86.249.63.69",
        "userAgent": "console.ec2.amazonaws.com",
        "requestParameters": {
            "securityGroups": [
                "sg-0716123b178471a34"
            ],
            "type": "application",
            "ipAddressType": "ipv4",
            "subnetMappings": [
                {
                    "subnetId": "subnet-0222dcee2260f071a"
                },
                {
                    "subnetId": "subnet-0bed965a72eaf526b"
                }
            ],
            "name": "gmdlb",
            "scheme": "internet-facing"
        },
        "responseElements": {
            "loadBalancers": [
                {
                    "loadBalancerName": "gmdlb",
                    "securityGroups": [
                        "sg-0716123b178471a34"
                    ],
                    "state": {
                        "code": "provisioning"
                    },
                    "dNSName": "gmdlb-494548509.eu-west-3.elb.amazonaws.com",
                    "canonicalHostedZoneId": "Z3Q77PNBQS71R4",
                    "loadBalancerArn": "arn:aws:elasticloadbalancing:eu-west-3:448878779811:loadbalancer/app/gmdlb/e5529152962a614b",
                    "type": "application",
                    "vpcId": "vpc-030b0a471cec6d744",
                    "availabilityZones": [
                        {
                            "loadBalancerAddresses": [],
                            "subnetId": "subnet-0222dcee2260f071a",
                            "zoneName": "eu-west-3a"
                        },
                        {
                            "loadBalancerAddresses": [],
                            "subnetId": "subnet-0bed965a72eaf526b",
                            "zoneName": "eu-west-3b"
                        }
                    ],
                    "ipAddressType": "ipv4",
                    "createdTime": "Mar 31, 2020 4:32:38 PM",
                    "scheme": "internet-facing"
                }
            ]
        },
        "requestID": "e54dde0a-ade0-4555-b3c2-f62bd3ff4890",
        "eventID": "fbf2f558-94f5-47eb-9cf2-4ca9580e1f30",
        "eventType": "AwsApiCall",
        "apiVersion": "2015-12-01"
    }
}

DeleteLoadBalancer

{
    "version": "0",
    "id": "bf1e2212-4620-e0af-7492-ab1a9458302f",
    "detail-type": "AWS API Call via CloudTrail",
    "source": "aws.elasticloadbalancing",
    "account": "448878779811",
    "time": "2020-03-31T16:37:40Z",
    "region": "eu-west-3",
    "resources": [],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
            "type": "AssumedRole",
            "principalId": "AROAINFIQBWI23BCMVNQQ:wlenoir@ippon.fr",
            "arn": "arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr",
            "accountId": "448878779811",
            "accessKeyId": "ASIAWRA2CTWRRL4YMTE6",
            "sessionContext": {
                "sessionIssuer": {
                    "type": "Role",
                    "principalId": "AROAINFIQBWI23BCMVNQQ",
                    "arn": "arn:aws:iam::448878779811:role/role-admin-sre-ops-federated",
                    "accountId": "448878779811",
                    "userName": "role-admin-sre-ops-federated"
                },
                "webIdFederationData": {},
                "attributes": {
                    "mfaAuthenticated": "false",
                    "creationDate": "2020-03-31T15:47:38Z"
                }
            }
        },
        "eventTime": "2020-03-31T16:37:40Z",
        "eventSource": "elasticloadbalancing.amazonaws.com",
        "eventName": "DeleteLoadBalancer",
        "awsRegion": "eu-west-3",
        "sourceIPAddress": "86.249.63.69",
        "userAgent": "console.ec2.amazonaws.com",
        "requestParameters": {
            "loadBalancerArn": "arn:aws:elasticloadbalancing:eu-west-3:448878779811:loadbalancer/app/gmdlb/e5529152962a614b"
        },
        "responseElements": null,
        "requestID": "64ec9b6c-4677-4fd0-b5a4-7fc24c900aa5",
        "eventID": "d6d3fb48-b499-4877-a0a1-c24727915ee2",
        "eventType": "AwsApiCall",
        "apiVersion": "2015-12-01"
    }
}

Lambda

CreateFunction20150331

{
    "version": "0",
    "id": "64f678b4-72ff-5709-213f-72385a0fb50a",
    "detail-type": "AWS API Call via CloudTrail",
    "source": "aws.lambda",
    "account": "448878779811",
    "time": "2020-04-06T08:44:27Z",
    "region": "eu-west-3",
    "resources": [],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
            "type": "AssumedRole",
            "principalId": "AROAINFIQBWI23BCMVNQQ:wlenoir@ippon.fr",
            "arn": "arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr",
            "accountId": "448878779811",
            "accessKeyId": "ASIAWRA2CTWRSU26YKQL",
            "sessionContext": {
                "sessionIssuer": {
                    "type": "Role",
                    "principalId": "AROAINFIQBWI23BCMVNQQ",
                    "arn": "arn:aws:iam::448878779811:role/role-admin-sre-ops-federated",
                    "accountId": "448878779811",
                    "userName": "role-admin-sre-ops-federated"
                },
                "webIdFederationData": {},
                "attributes": {
                    "mfaAuthenticated": "false",
                    "creationDate": "2020-04-06T08:37:18Z"
                }
            }
        },
        "eventTime": "2020-04-06T08:44:27Z",
        "eventSource": "lambda.amazonaws.com",
        "eventName": "CreateFunction20150331",
        "awsRegion": "eu-west-3",
        "sourceIPAddress": "86.249.193.42",
        "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0",
        "errorCode": "InvalidParameterValueException",
        "errorMessage": "The role defined for the function cannot be assumed by Lambda.",
        "requestParameters": {
            "functionName": "hello",
            "runtime": "nodejs12.x",
            "role": "arn:aws:iam::448878779811:role/service-role/hello-role-wm878cxu",
            "handler": "index.handler",
            "code": {},
            "timeout": 3,
            "memorySize": 128,
            "publish": false,
            "vpcConfig": {},
            "deadLetterConfig": {},
            "environment": {},
            "tracingConfig": {
                "mode": "PassThrough"
            }
        },
        "responseElements": null,
        "requestID": "04141ba0-9f92-472e-a608-d52428bd63ff",
        "eventID": "f4155571-2a4e-4aac-906e-decf3938e265",
        "eventType": "AwsApiCall"
    }
}

ECS

ECS Task State Change

Dans ECS : Cluster Service Task definition Task#1 ... Task#2 ... Chaque task lance un ou plusieurs containers, la task possède un status "desiredStatus" et "lastStatus" en fonction des health checks sur les containers que lance la task. Les containers d'une task sont listés dans "containers" : prendre arn du container et début du scoring au "lastStatus" : "RUNNING", fin scoring "lastStatus" : "STOPPED"

{
    "version": "0",
    "id": "dd43deb2-b8bc-112b-df88-d275ca268290",
    "detail-type": "ECS Task State Change",
    "source": "aws.ecs",
    "account": "448878779811",
    "time": "2020-04-06T14:19:46Z",
    "region": "eu-west-3",
    "resources": [
        "arn:aws:ecs:eu-west-3:448878779811:task/11c6c253-a6f4-4c41-a3de-79b4862f958d"
    ],
    "detail": {
        "attachments": [
            {
                "id": "e82b108a-9759-4d6d-aa50-d0687a116dea",
                "type": "eni",
                "status": "ATTACHED",
                "details": [
                    {
                        "name": "subnetId",
                        "value": "subnet-042d59d44e55e66f4"
                    },
                    {
                        "name": "networkInterfaceId",
                        "value": "eni-0b5d21ecbd85087f6"
                    },
                    {
                        "name": "macAddress",
                        "value": "0a:11:1b:ef:39:e0"
                    },
                    {
                        "name": "privateIPv4Address",
                        "value": "10.0.101.119"
                    }
                ]
            }
        ],
        "availabilityZone": "eu-west-3b",
        "clusterArn": "arn:aws:ecs:eu-west-3:448878779811:cluster/team101-cluster",
        "containers": [
            {
                "containerArn": "arn:aws:ecs:eu-west-3:448878779811:container/1c792ba7-7e68-4e9b-ae38-46a8d39ebb1e",
                "lastStatus": "RUNNING",
                "name": "team101ctnr",
                "image": "448878779811.dkr.ecr.eu-west-3.amazonaws.com/server-team-gameday",
                "imageDigest": "sha256:7b8d66a41c1c48c727768b22d37863f2e87a117e448eb2f4bc0246d9bea0a32b",
                "runtimeId": "32e9cf4bb68fe2fa48cf94fd6c7ff3f0aa85a979a90ceb0a2972c3053e241cd1",
                "taskArn": "arn:aws:ecs:eu-west-3:448878779811:task/11c6c253-a6f4-4c41-a3de-79b4862f958d",
                "networkInterfaces": [
                    {
                        "attachmentId": "e82b108a-9759-4d6d-aa50-d0687a116dea",
                        "privateIpv4Address": "10.0.101.119"
                    }
                ],
                "cpu": "0",
                "memoryReservation": "1024"
            }
        ],
        "createdAt": "2020-04-06T14:19:28.331Z",
        "launchType": "FARGATE",
        "cpu": "512",
        "memory": "1024",
        "desiredStatus": "RUNNING",
        "group": "service:team101-svc",
        "lastStatus": "RUNNING",
        "overrides": {
            "containerOverrides": [
                {
                    "name": "team101ctnr"
                }
            ]
        },
        "connectivity": "CONNECTED",
        "connectivityAt": "2020-04-06T14:19:32.282Z",
        "pullStartedAt": "2020-04-06T14:19:40.419Z",
        "startedAt": "2020-04-06T14:19:46.419Z",
        "startedBy": "ecs-svc/4151897634615917319",
        "pullStoppedAt": "2020-04-06T14:19:45.419Z",
        "updatedAt": "2020-04-06T14:19:46.419Z",
        "taskArn": "arn:aws:ecs:eu-west-3:448878779811:task/11c6c253-a6f4-4c41-a3de-79b4862f958d",
        "taskDefinitionArn": "arn:aws:ecs:eu-west-3:448878779811:task-definition/team101-taskdef:1",
        "version": 3,
        "platformVersion": "1.3.0"
    }
}

RDS

CreateDBInstance

{
    "version": "0",
    "id": "b13ddf6c-d230-b847-bddf-322d2514aeb0",
    "detail-type": "AWS API Call via CloudTrail",
    "source": "aws.rds",
    "account": "448878779811",
    "time": "2020-04-07T12:02:42Z",
    "region": "eu-west-3",
    "resources": [],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
            "type": "AssumedRole",
            "principalId": "AROAINFIQBWI23BCMVNQQ:wlenoir@ippon.fr",
            "arn": "arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr",
            "accountId": "448878779811",
            "accessKeyId": "ASIAWRA2CTWRS4L357FM",
            "sessionContext": {
                "attributes": {
                    "mfaAuthenticated": "false",
                    "creationDate": "2020-04-07T11:56:20Z"
                },
                "sessionIssuer": {
                    "type": "Role",
                    "principalId": "AROAINFIQBWI23BCMVNQQ",
                    "arn": "arn:aws:iam::448878779811:role/role-admin-sre-ops-federated",
                    "accountId": "448878779811",
                    "userName": "role-admin-sre-ops-federated"
                }
            }
        },
        "eventTime": "2020-04-07T12:02:42Z",
        "eventSource": "rds.amazonaws.com",
        "eventName": "CreateDBInstance",
        "awsRegion": "eu-west-3",
        "sourceIPAddress": "86.249.193.42",
        "userAgent": "aws-internal/3 aws-sdk-java/1.11.538 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.202-b08 java/1.8.0_202 vendor/Oracle_Corporation",
        "requestParameters": {
            "enableCloudwatchLogsExports": [],
            "iops": 1000,
            "vpcSecurityGroupIds": [
                "sg-09ff060692392df8d"
            ],
            "copyTagsToSnapshot": true,
            "dBInstanceIdentifier": "database-1",
            "storageType": "io1",
            "enablePerformanceInsights": true,
            "deletionProtection": true,
            "dBSubnetGroupName": "default-vpc-0b5585f6d0ebf234d",
            "engine": "mysql",
            "publiclyAccessible": false,
            "enableIAMDatabaseAuthentication": false,
            "masterUsername": "admin",
            "dBParameterGroupName": "default.mysql5.7",
            "storageEncrypted": true,
            "engineVersion": "5.7.22",
            "monitoringRoleArn": "arn:aws:iam::448878779811:role/rds-monitoring-role",
            "allocatedStorage": 100,
            "backupRetentionPeriod": 7,
            "performanceInsightsRetentionPeriod": 7,
            "maxAllocatedStorage": 1000,
            "dBName": "",
            "monitoringInterval": 60,
            "dBInstanceClass": "db.m5.xlarge",
            "port": 3306,
            "multiAZ": true,
            "masterUserPassword": "****",
            "autoMinorVersionUpgrade": true,
            "optionGroupName": "default:mysql-5-7"
        },
        "responseElements": {
            "dBInstanceArn": "arn:aws:rds:eu-west-3:448878779811:db:database-1",
            "storageEncrypted": true,
            "preferredBackupWindow": "09:40-10:10",
            "preferredMaintenanceWindow": "tue:02:29-tue:02:59",
            "backupRetentionPeriod": 7,
            "allocatedStorage": 100,
            "storageType": "io1",
            "engineVersion": "5.7.22",
            "dbInstancePort": 0,
            "associatedRoles": [],
            "optionGroupMemberships": [
                {
                    "status": "in-sync",
                    "optionGroupName": "default:mysql-5-7"
                }
            ],
            "dBParameterGroups": [
                {
                    "dBParameterGroupName": "default.mysql5.7",
                    "parameterApplyStatus": "in-sync"
                }
            ],
            "maxAllocatedStorage": 1000,
            "performanceInsightsKMSKeyId": "arn:aws:kms:eu-west-3:448878779811:key/b6385a8d-31a2-4248-a66a-13b88ceb3503",
            "monitoringInterval": 60,
            "dBInstanceClass": "db.m5.xlarge",
            "readReplicaDBInstanceIdentifiers": [],
            "dBSubnetGroup": {
                "dBSubnetGroupName": "default-vpc-0b5585f6d0ebf234d",
                "dBSubnetGroupDescription": "Created from the RDS Management Console",
                "subnets": [
                    {
                        "subnetAvailabilityZone": {
                            "name": "eu-west-3a"
                        },
                        "subnetIdentifier": "subnet-0b326cc9861c0dd99",
                        "subnetOutpost": {},
                        "subnetStatus": "Active"
                    },
                    {
                        "subnetAvailabilityZone": {
                            "name": "eu-west-3b"
                        },
                        "subnetIdentifier": "subnet-0b1f984b74d0828b4",
                        "subnetOutpost": {},
                        "subnetStatus": "Active"
                    },
                    {
                        "subnetAvailabilityZone": {
                            "name": "eu-west-3c"
                        },
                        "subnetIdentifier": "subnet-01b1bddff7c786c30",
                        "subnetOutpost": {},
                        "subnetStatus": "Active"
                    }
                ],
                "vpcId": "vpc-0b5585f6d0ebf234d",
                "subnetGroupStatus": "Complete"
            },
            "masterUsername": "admin",
            "multiAZ": true,
            "autoMinorVersionUpgrade": true,
            "engine": "mysql",
            "httpEndpointEnabled": false,
            "cACertificateIdentifier": "rds-ca-2019",
            "dbiResourceId": "db-PXYTBAXI5NNY5ZVSV5QKQT6QPI",
            "deletionProtection": true,
            "dBSecurityGroups": [],
            "performanceInsightsRetentionPeriod": 7,
            "pendingModifiedValues": {
                "masterUserPassword": "****"
            },
            "dBInstanceStatus": "creating",
            "publiclyAccessible": false,
            "domainMemberships": [],
            "copyTagsToSnapshot": true,
            "monitoringRoleArn": "arn:aws:iam::448878779811:role/rds-monitoring-role",
            "dBInstanceIdentifier": "database-1",
            "licenseModel": "general-public-license",
            "iops": 1000,
            "iAMDatabaseAuthenticationEnabled": false,
            "performanceInsightsEnabled": true,
            "vpcSecurityGroups": [
                {
                    "status": "active",
                    "vpcSecurityGroupId": "sg-09ff060692392df8d"
                }
            ],
            "kmsKeyId": "arn:aws:kms:eu-west-3:448878779811:key/b6385a8d-31a2-4248-a66a-13b88ceb3503"
        },
        "requestID": "527cd8bb-8542-4acd-89fc-ca07dd9cd036",
        "eventID": "a1cd89d9-5d05-41c8-b2cb-ea2c5cbc2fa5",
        "eventType": "AwsApiCall"
    }
}

DeleteDBInstance

{
    "version": "0",
    "id": "83b6d515-ee0d-77a7-bf3f-8b6411f28aff",
    "detail-type": "AWS API Call via CloudTrail",
    "source": "aws.rds",
    "account": "448878779811",
    "time": "2020-04-07T12:16:32Z",
    "region": "eu-west-3",
    "resources": [],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
            "type": "AssumedRole",
            "principalId": "AROAINFIQBWI23BCMVNQQ:wlenoir@ippon.fr",
            "arn": "arn:aws:sts::448878779811:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr",
            "accountId": "448878779811",
            "accessKeyId": "ASIAWRA2CTWRS4L357FM",
            "sessionContext": {
                "attributes": {
                    "mfaAuthenticated": "false",
                    "creationDate": "2020-04-07T11:56:20Z"
                },
                "sessionIssuer": {
                    "type": "Role",
                    "principalId": "AROAINFIQBWI23BCMVNQQ",
                    "arn": "arn:aws:iam::448878779811:role/role-admin-sre-ops-federated",
                    "accountId": "448878779811",
                    "userName": "role-admin-sre-ops-federated"
                }
            }
        },
        "eventTime": "2020-04-07T12:16:32Z",
        "eventSource": "rds.amazonaws.com",
        "eventName": "DeleteDBInstance",
        "awsRegion": "eu-west-3",
        "sourceIPAddress": "86.249.193.42",
        "userAgent": "console.amazonaws.com",
        "requestParameters": {
            "dBInstanceIdentifier": "database-1",
            "skipFinalSnapshot": true,
            "deleteAutomatedBackups": true
        },
        "responseElements": {
            "dBInstanceIdentifier": "database-1",
            "dBInstanceClass": "db.m5.xlarge",
            "engine": "mysql",
            "dBInstanceStatus": "deleting",
            "masterUsername": "admin",
            "endpoint": {
                "address": "database-1.cnfktbjuwqzr.eu-west-3.rds.amazonaws.com",
                "port": 3306,
                "hostedZoneId": "ZMESEXB7ZGGQ3"
            },
            "allocatedStorage": 100,
            "instanceCreateTime": "Apr 7, 2020 12:06:11 PM",
            "preferredBackupWindow": "09:40-10:10",
            "backupRetentionPeriod": 7,
            "dBSecurityGroups": [],
            "vpcSecurityGroups": [
                {
                    "vpcSecurityGroupId": "sg-09ff060692392df8d",
                    "status": "active"
                }
            ],
            "dBParameterGroups": [
                {
                    "dBParameterGroupName": "default.mysql5.7",
                    "parameterApplyStatus": "applying"
                }
            ],
            "availabilityZone": "eu-west-3c",
            "dBSubnetGroup": {
                "dBSubnetGroupName": "default-vpc-0b5585f6d0ebf234d",
                "dBSubnetGroupDescription": "Created from the RDS Management Console",
                "vpcId": "vpc-0b5585f6d0ebf234d",
                "subnetGroupStatus": "Complete",
                "subnets": [
                    {
                        "subnetIdentifier": "subnet-0b326cc9861c0dd99",
                        "subnetAvailabilityZone": {
                            "name": "eu-west-3a"
                        },
                        "subnetOutpost": {},
                        "subnetStatus": "Active"
                    },
                    {
                        "subnetIdentifier": "subnet-0b1f984b74d0828b4",
                        "subnetAvailabilityZone": {
                            "name": "eu-west-3b"
                        },
                        "subnetOutpost": {},
                        "subnetStatus": "Active"
                    },
                    {
                        "subnetIdentifier": "subnet-01b1bddff7c786c30",
                        "subnetAvailabilityZone": {
                            "name": "eu-west-3c"
                        },
                        "subnetOutpost": {},
                        "subnetStatus": "Active"
                    }
                ]
            },
            "preferredMaintenanceWindow": "tue:02:29-tue:02:59",
            "pendingModifiedValues": {},
            "multiAZ": true,
            "engineVersion": "5.7.22",
            "autoMinorVersionUpgrade": true,
            "readReplicaDBInstanceIdentifiers": [],
            "licenseModel": "general-public-license",
            "iops": 1000,
            "optionGroupMemberships": [
                {
                    "optionGroupName": "default:mysql-5-7",
                    "status": "in-sync"
                }
            ],
            "publiclyAccessible": false,
            "storageType": "io1",
            "dbInstancePort": 0,
            "storageEncrypted": true,
            "kmsKeyId": "arn:aws:kms:eu-west-3:448878779811:key/b6385a8d-31a2-4248-a66a-13b88ceb3503",
            "dbiResourceId": "db-PXYTBAXI5NNY5ZVSV5QKQT6QPI",
            "cACertificateIdentifier": "rds-ca-2019",
            "domainMemberships": [],
            "copyTagsToSnapshot": true,
            "monitoringInterval": 60,
            "enhancedMonitoringResourceArn": "arn:aws:logs:eu-west-3:448878779811:log-group:RDSOSMetrics:log-stream:db-PXYTBAXI5NNY5ZVSV5QKQT6QPI",
            "monitoringRoleArn": "arn:aws:iam::448878779811:role/rds-monitoring-role",
            "dBInstanceArn": "arn:aws:rds:eu-west-3:448878779811:db:database-1",
            "iAMDatabaseAuthenticationEnabled": false,
            "performanceInsightsEnabled": true,
            "performanceInsightsKMSKeyId": "arn:aws:kms:eu-west-3:448878779811:key/b6385a8d-31a2-4248-a66a-13b88ceb3503",
            "performanceInsightsRetentionPeriod": 7,
            "deletionProtection": false,
            "associatedRoles": [],
            "httpEndpointEnabled": false,
            "maxAllocatedStorage": 1000
        },
        "requestID": "df38482d-e192-4eed-9615-1703ca4f30af",
        "eventID": "04210ff7-f456-4a22-855b-a1abcbd088df",
        "eventType": "AwsApiCall"
    }
}

Multi Account

Exemple d'event dans le cas d'un multi-compte

Le compte master reçoit sur son default event bridge un event ce création d'ec2 effectué par le compte ippon-gameday-easy-01 avec l'account id 112294226762
L'account id apparaît dans le json de l'event sous l'attribut account

{
    "version": "0",
    "id": "88375f64-5c5c-13f1-9cfd-fd05a999a88a",
    "detail-type": "AWS API Call via CloudTrail",
    "source": "aws.ec2",
    "account": "112294226762",
    "time": "2020-04-15T14:08:18Z",
    "region": "eu-west-3",
    "resources": [],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
            "type": "AssumedRole",
            "principalId": "AROARUJKB5NFDQMNCUEPU:wlenoir@ippon.fr",
            "arn": "arn:aws:sts::112294226762:assumed-role/role-admin-sre-ops-federated/wlenoir@ippon.fr",
            "accountId": "112294226762",
            "accessKeyId": "ASIARUJKB5NFFKBSFNBE",
            "sessionContext": {
                "sessionIssuer": {
                    "type": "Role",
                    "principalId": "AROARUJKB5NFDQMNCUEPU",
                    "arn": "arn:aws:iam::112294226762:role/role-admin-sre-ops-federated",
                    "accountId": "112294226762",
                    "userName": "role-admin-sre-ops-federated"
                },
                "webIdFederationData": {},
                "attributes": {
                    "mfaAuthenticated": "false",
                    "creationDate": "2020-04-15T14:04:02Z"
                }
            }
        },
        "eventTime": "2020-04-15T14:08:18Z",
        "eventSource": "ec2.amazonaws.com",
        "eventName": "RunInstances",
        "awsRegion": "eu-west-3",
        "sourceIPAddress": "86.249.78.17",
        "userAgent": "console.ec2.amazonaws.com",
        "requestParameters": {
            "instancesSet": {
                "items": [
                    {
                        "imageId": "ami-00077e3fed5089981",
                        "minCount": 1,
                        "maxCount": 1
                    }
                ]
            },
            "groupSet": {
                "items": [
                    {
                        "groupId": "sg-0fa0e82672f9ccfac"
                    }
                ]
            },
            "instanceType": "t2.micro",
            "blockDeviceMapping": {
                "items": [
                    {
                        "deviceName": "/dev/xvda",
                        "ebs": {
                            "volumeSize": 8,
                            "deleteOnTermination": true,
                            "volumeType": "gp2"
                        }
                    }
                ]
            },
            "monitoring": {
                "enabled": false
            },
            "disableApiTermination": false,
            "ebsOptimized": false,
            "creditSpecification": {
                "cpuCredits": "standard"
            },
            "metadataOptions": {
                "httpTokens": "optional",
                "httpPutResponseHopLimit": 1,
                "httpEndpoint": "enabled"
            }
        },
        "responseElements": {
            "requestId": "01e1891e-f78d-4932-9391-56ea30ba2aa6",
            "reservationId": "r-0ff18c279a6726c61",
            "ownerId": "112294226762",
            "groupSet": {},
            "instancesSet": {
                "items": [
                    {
                        "instanceId": "i-094559fe989b016ed",
                        "imageId": "ami-00077e3fed5089981",
                        "instanceState": {
                            "code": 0,
                            "name": "pending"
                        },
                        "privateDnsName": "ip-172-31-43-179.eu-west-3.compute.internal",
                        "amiLaunchIndex": 0,
                        "productCodes": {},
                        "instanceType": "t2.micro",
                        "launchTime": 1586959698000,
                        "placement": {
                            "availabilityZone": "eu-west-3c",
                            "tenancy": "default"
                        },
                        "monitoring": {
                            "state": "disabled"
                        },
                        "subnetId": "subnet-a81f84e5",
                        "vpcId": "vpc-3bccdc52",
                        "privateIpAddress": "172.31.43.179",
                        "stateReason": {
                            "code": "pending",
                            "message": "pending"
                        },
                        "architecture": "x86_64",
                        "rootDeviceType": "ebs",
                        "rootDeviceName": "/dev/xvda",
                        "blockDeviceMapping": {},
                        "virtualizationType": "hvm",
                        "hypervisor": "xen",
                        "groupSet": {
                            "items": [
                                {
                                    "groupId": "sg-0fa0e82672f9ccfac",
                                    "groupName": "launch-wizard-2"
                                }
                            ]
                        },
                        "sourceDestCheck": true,
                        "networkInterfaceSet": {
                            "items": [
                                {
                                    "networkInterfaceId": "eni-042eba1a173ea53a7",
                                    "subnetId": "subnet-a81f84e5",
                                    "vpcId": "vpc-3bccdc52",
                                    "ownerId": "112294226762",
                                    "status": "in-use",
                                    "macAddress": "0e:60:e2:c8:5c:88",
                                    "privateIpAddress": "172.31.43.179",
                                    "privateDnsName": "ip-172-31-43-179.eu-west-3.compute.internal",
                                    "sourceDestCheck": true,
                                    "interfaceType": "interface",
                                    "groupSet": {
                                        "items": [
                                            {
                                                "groupId": "sg-0fa0e82672f9ccfac",
                                                "groupName": "launch-wizard-2"
                                            }
                                        ]
                                    },
                                    "attachment": {
                                        "attachmentId": "eni-attach-06bc1874fb035e123",
                                        "deviceIndex": 0,
                                        "status": "attaching",
                                        "attachTime": 1586959698000,
                                        "deleteOnTermination": true
                                    },
                                    "privateIpAddressesSet": {
                                        "item": [
                                            {
                                                "privateIpAddress": "172.31.43.179",
                                                "privateDnsName": "ip-172-31-43-179.eu-west-3.compute.internal",
                                                "primary": true
                                            }
                                        ]
                                    },
                                    "ipv6AddressesSet": {},
                                    "tagSet": {}
                                }
                            ]
                        },
                        "ebsOptimized": false,
                        "cpuOptions": {
                            "coreCount": 1,
                            "threadsPerCore": 1
                        },
                        "capacityReservationSpecification": {
                            "capacityReservationPreference": "open"
                        },
                        "enclaveOptions": {
                            "enabled": false
                        },
                        "metadataOptions": {
                            "state": "pending",
                            "httpTokens": "optional",
                            "httpPutResponseHopLimit": 1,
                            "httpEndpoint": "enabled"
                        }
                    }
                ]
            }
        },
        "requestID": "01e1891e-f78d-4932-9391-56ea30ba2aa6",
        "eventID": "adb5203f-5995-4675-99e3-0d61a8d968a2",
        "eventType": "AwsApiCall"
    }
}

Custom event

Générer un event Custom

Certains types d'events ne peuvent pas être monitorés (ex: toutes les opérations qui ne donnent pas lieu à une mutation des ressources, comme l'invocation d'une lambda).

Dans ce cas, on peut créer un nouvel event et l'envoyer sur le bus grâce à la SDK.

Exemple :

Ce code:

var params = {
    Entries: [
        {
            Detail: '{ \"key1\": \"value1\", \"key2\": \"value2\" }',
            DetailType: 'gameday',
            Resources: [
                'RESOURCE_ARN',
            ],
            Source: 'gameday.lambda'
        }
    ]
};

cwevents.putEvents(params, function (err, data) {
    if (err) {
        console.log("Error", err);
    } else {
        console.log("Success", data.Entries);
    }
});

Génère cet event :

{
    "version": "0",
    "id": "51a12787-208c-faf3-6875-25804a3265c9",
    "detail-type": "gameday",
    "source": "gameday.lambda",
    "account": "448878779811",
    "time": "2020-04-06T11:52:50Z",
    "region": "eu-west-3",
    "resources": [
        "RESOURCE_ARN"
    ],
    "detail": {
        "key1": "value1",
        "key2": "value2"
    }
}

Qui peut être capturé par une règle suivant ce pattern :

{
  "detail-type": [
    "gameday"
  ]
}

Quelles informations donner dans son event ?

Les detail-type des events standars pour le gameday est AWS API Call via CloudTrail
Il est recommandé, lors de la création d'un eventu custom, de suivre les même conventions de nommage utilisées pour les events du type AWS API Call via CloudTrail

Un attribut time est automatiquement généré dès que l'event est créé, vous n'avez donc pas besoin de vous en occuper
detail-type indique le type de l'event, dans notre cas il est préférable d'indiquer systématiquement "gameday" pour la valeur de ce champ.

Pour spécifier l'entité à laquelle se rattache l'event, on utilisera le champ "source" avec pour valeur : "gameday.NOM_DU_SERVICE_MONITORE"

Exemple : pour monitorer l'invocation d'une lambda, on aura un event du type :

{
    "source": "gameday.lambda",
    "time": "2020-04-06T11:52:50Z",
    "region": "eu-west-3",
    "resources": [
        "RESOURCE_ARN"
    ],
    "detail": {
        "eventVersion": "1.05",
        "userIdentity": {
           "arn": "arn:aws:sts::448878779811:assumed-role/hello-role-wm878cxu/hello"
        },
        "eventName": "InvokeLambda",
        "requestParameters" : {
          "lambdaName": "lambda-hello"
        },
        "responseElements": {}
    }
}

Règle AmazonCloudWatch​

Ec2​

RunInstances​

TerminateInstances​

RunInstances for AutoScaling​

TerminateInstances for AutoScaling​

Load Balancer​

CreateLoadBalancer​

DeleteLoadBalancer​

Lambda​

CreateFunction20150331​

ECS​

ECS Task State Change​

RDS​

CreateDBInstance​

DeleteDBInstance​

Multi Account​

Exemple d'event dans le cas d'un multi-compte​

Custom event​

Générer un event Custom​