0

当从 Secrets Manager 中修改/创建/删除特定密钥时,我想运行 Lambda。

我已经部署了具有以下事件模式的 cloudwatch 事件规则和目标 lambda。

{
  "source": [
    "aws.secretsmanager"
  ],
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "secretsmanager.amazonaws.com"
    ],
    "eventName": [
      "CreateSecret",
      "UpdateSecret",
      "DeleteSecret",
      "PutSecretValue"
    ]
  }
}

任何访问 secretsmanager.amazonaws.com 的 API 请求都会触发该规则。有没有办法过滤我感兴趣的特定秘密?

4

1 回答 1

0

requestParameters 和 secretId:

{
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "secretsmanager.amazonaws.com"
    ],
    "eventName": [
      "CreateSecret",
      "UpdateSecret",
      "DeleteSecret",
      "PutSecretValue"
    ],
    "requestParameters": {
      "secretId": [
        "arn:aws:secretsmanager:*:*:secret:secret_name"
      ]
    }
  }
}
于 2021-04-27T15:45:35.110 回答