search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.4k stars 3.79k forks source link

(cloudtrail): Simplify advanced event selectors for trails #19398

Open l0b0 opened 2 years ago

l0b0 commented 2 years ago

Description

It is currently difficult and overhead-prone to create a CloudTrail trail with an advanced event selector.

Use Case

To easily be able to link Lambda functions to a trail by a substring of the ARN.

Proposed Solution

The current implementation based on the linked Stack Overflow post:

endpoint_selectors_call_id = custom_resources.PhysicalResourceId.of(
    "endpoint-function-selectors"
)
common_selectors = [
    {"Field": "eventCategory", "Equals": ["Data"]},
    {"Field": "resources.type", "Equals": ["AWS::Lambda::Function"]},
]
endpoint_selectors_call = custom_resources.AwsSdkCall(
    service="CloudTrail",
    action="putEventSelectors",
    parameters={
        "TrailName": trail.trail_arn,
        "AdvancedEventSelectors": [
            {
                "Name": "Log 'dataset-versions' Lambda functions",
                "FieldSelectors": [
                    *common_selectors,
                    {"Field": "resources.ARN", "EndsWith": ["dataset-versions"]},
                ],
            },
            {
                "Name": "Log 'datasets' Lambda functions",
                "FieldSelectors": [
                    *common_selectors,
                    {"Field": "resources.ARN", "EndsWith": ["datasets"]},
                ],
            },
            {
                "Name": "Log 'import-status' Lambda functions",
                "FieldSelectors": [
                    *common_selectors,
                    {"Field": "resources.ARN", "EndsWith": ["import-status"]},
                ],
            },
        ],
    },
    physical_resource_id=endpoint_selectors_call_id,
)
endpoint_selectors_policy = custom_resources.AwsCustomResourcePolicy.from_sdk_calls(
    resources=[trail.trail_arn]
)
custom_resources.AwsCustomResource(
    self,
    "endpoint-function-selectors",
    on_create=endpoint_selectors_call,
    policy=endpoint_selectors_policy,
)

As you can see the only interesting parts of the code above are the field selectors and their connection to the trail. A solution might enable specifying those without the overhead of the physical resource ID, policy, and magic strings like putEventSelectors.

Other information

How to link a trail to functions by partial name in CDK?

Acknowledge

indrora commented 2 years ago

This is looking at an L2 construct with some helper functionality to make the process easier. Something along the lines of EventSelectorByFields(name, fields ... ) perhaps?

AlanStark commented 1 year ago

Hi, is there any update on this feature? Without API call trick, it seems impossible to add the advanced event selectors for CloudTrail in CDK, no matter through L1 or L2 construct. In my case, I have to go to the console and enable it manually as workaround.

haljarrett commented 6 months ago

I don't think an API call is / still is required - I was able to apply advanced selectors using https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudtrail.CfnTrail.html#advancedeventselectors

I would like to see support for advanced selectors added to the L2 construct though, came across this post in the process of opening a feature request for that.