Event pattern for AWS Secrets Manager with filter pattern

Question

I want to run a Lambda when a specific secret is modified/created/removed from Secrets Manager.

I have deployed a cloudwatch event rule with the below event pattern with a target lambda.

{
  "source": [
    "aws.secretsmanager"
  ],
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "secretsmanager.amazonaws.com"
    ],
    "eventName": [
      "CreateSecret",
      "UpdateSecret",
      "DeleteSecret",
      "PutSecretValue"
    ]
  }
}

The rule gets triggered for any API request hitting secretsmanager.amazonaws.com. Is there a way to filter on specific secrets that interest me?

if I handle that within the lambda, it means the lambda get invoked unnecessarily for events not pertinent to my use case. — fledgling, Nov 10 '20 at 20:39

score 1 · Answer 1 · answered Jun 27 '22 at 21:07

1

{
  "source": ["aws.secretsmanager"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["secretsmanager.amazonaws.com"],
    "eventName": ["CreateSecret", "UpdateSecret", "DeleteSecret", "PutSecretValue"],
    "requestParameters": {
      "secretId": [{
        "prefix": "arn:aws:secretsmanager:**AWS-REGION**:**AWS-ACCNT-ID**:secret:**PREFIX_SECRET_NAME**"
      }]
    }
  }
}

answered Jun 27 '22 at 21:07

Amar Babu

11
1

For event filters we have to use the supported methods to perform filter operations as it won't support wildcard to capture the matching events. https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns-content-based-filtering.html – Amar Babu Jun 27 '22 at 21:09
As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 06 '22 at 00:45

score 0 · Answer 2 · answered Apr 27 '21 at 15:45

requestParameters and secretId:

{
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "secretsmanager.amazonaws.com"
    ],
    "eventName": [
      "CreateSecret",
      "UpdateSecret",
      "DeleteSecret",
      "PutSecretValue"
    ],
    "requestParameters": {
      "secretId": [
        "arn:aws:secretsmanager:*:*:secret:secret_name"
      ]
    }
  }
}

score 0 · Answer 3 · edited Mar 23 '23 at 08:25

I have tried all the previous answers and found not working, following I have created and it's working.

        {
          "source": ["aws.secretsmanager"],
          "detail-type": ["AWS API Call via CloudTrail"],
          "detail": {
            "eventSource": ["secretsmanager.amazonaws.com"],
            "eventName": ["PutSecretValue", "UpdateSecret", "RotationSucceeded"],
            "responseElements": {
              "$or": [{
                "arn": ["arn:aws:secretsmanager:us-east-1:XXXXXXXXXXXXXX:secret:your-secret-name"]
              }, {
                "arn": ["arn:aws:secretsmanager:us-east-1:XXXXXXXXXXXXXX:secret:your-secret-name1"]
              }]
            }
          }
        }

Event pattern for AWS Secrets Manager with filter pattern

3 Answers3