Is there way to monitor all aws iam users activity and send email alert using python lambda?

Question

I have tried send alert notification for AWS IAM all users activity from lambda python, however its not working, please share any other way to work and find below cloudwatch event patter and lambda code I used in my aws account.

Cloudwatch event patter:

  "source": [
    "aws.iam"
  ],
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "iam.amazonaws.com"
    ]
  }```

Lambda python code:

```import boto3

def lambda_handler(event, context):
    # Connect to SNS
    sns = boto3.client('sns')

    # Get the event details
    event_name = event['detail']['eventName']
    user_name = event['detail']['userIdentity']['userName']
    time = event['detail']['eventTime']

    # Create a message for the email
    message = 'IAM user activity detected!\n'
    message += 'Event: ' + event_name + '\n'
    message += 'User: ' + user_name + '\n'
    message += 'Time: ' + time + '\n'

    # Send the email via SNS
    sns.publish(
        TopicArn='arn:aws:sns:ap-southeast-1:858777777777:config-topic',
        Message=message,
        Subject='AWS IAM User Activity Alert'
    )```

Please edit your question so it's more precise about what you're trying to achieve. What kind of criteria - do you want alerts on specific API calls, additionally on specific users, etc. This is probably easiest done by creating a CloudTrail log, having the logs ingested into Cloudwatch Logs, and having a metric filter that alerts you via SNS. Yes that uses four services, but it's standard and easy to set up. — Tim, Jan 31 '23 at 18:32

Is there way to monitor all aws iam users activity and send email alert using python lambda?

0 Answers0