search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.11k stars 54 forks source link

Log stack name in Request Parameters in the UpdateStack CloudTrail event whenever there are 'no updates are to be performed' #1900

Open cmogeni opened 8 months ago

cmogeni commented 8 months ago

Name of the resource

Other

Resource name

No response

Description

When a stack update is attempted and there aren't any updates the CloudTrail event doesn't provide the stack name in the parameters.

Sample of current event:

{
    "eventVersion": "1.08",
    "userIdentity": {},
    "eventTime": "",
    "eventSource": "cloudformation.amazonaws.com",
    "eventName": "UpdateStack",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "1.1.1.1",
    "userAgent": "xxxxxx",
    "errorCode": "ValidationException",
    "errorMessage": "No updates are to be performed.",
    "requestParameters": null,
    "responseElements": null,
    "requestID": "xxxxxx",
    "eventID": "xxxxxx",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "xxxxxx",
    "eventCategory": "Management",
    "tlsDetails": {},
    "sessionCredentialFromConsole": "true"
}

Desired Event:

{
    "eventVersion": "1.08",
    "userIdentity": {},
    "eventTime": "",
    "eventSource": "cloudformation.amazonaws.com",
    "eventName": "UpdateStack",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "1.1.1.1",
    "userAgent": "xxxxxx",
    "errorCode": "ValidationException",
    "errorMessage": "No updates are to be performed.",
     "requestParameters": {
        "stackName": "mystack",
    },
    "responseElements": null,
    "requestID": "xxxxxx",
    "eventID": "xxxxxx",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "xxxxxx",
    "eventCategory": "Management",
    "tlsDetails": {},
    "sessionCredentialFromConsole": "true"
}

Having the stack name logged will make it easier to review which stacks are being updated/update attempts being made on

Other Details

No response