I am working for a solution to monitor events the below, whenever this event occurs, send an email to a few users:-
- Start / Stop / Terminate Instances
=> **I was able to get this done using EventBridge by providing the predefined event pattern **
{
"source": ["aws.ec2"],
"detail-type": ["EC2 Instance State-change Notification"],
"detail": {
"state": ["running", "stopped"],
"instance-id": ["i-xxxxxxxxxxxx"]
}
}
Similarly, I was trying out the below items using EventBridge, which is not working - whenever the event occurs it did not work.
- Get secret value from the Secrets manager. I tried to get GetSecretValue alone since that didn't work, tried for all events for Secret Manager, that too did not work.
{
"source": ["aws.secretsmanager"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["secretsmanager.amazonaws.com"]
}
}
- Start session
{
"source": ["aws.ssm"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ssm.amazonaws.com"],
"eventName": ["StartSession"],
"requestParameters": {
"target": ["i-0XXXXXXXXXX"],
"documentName": ["AWS-StartPortForwardingSession"],
"parameters": {
"localPortNumber": [
"55555"
],
"portNumber": [
"3389"
]
}
}
}
}
- Terminate session
{
"source": ["aws.ssm"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ssm.amazonaws.com"],
"eventName": ["TerminateSession"],
"requestParameters": {
"sessionId": ["********"]
}
}
}
- Get session token and a few more
Am I missing anything or having an incorrect pattern?
Also please let me know if these can be monitored (email alert) using a different way instead of EventBridge.
Thanks!
