search

fivexl / terraform-aws-cloudtrail-to-slack

Parse AWS CloudTrail events and send alerts to Slack for events that match pre-configured rules
https://registry.terraform.io/modules/fivexl/cloudtrail-to-slack/aws/latest
Apache License 2.0
93 stars 26 forks source link

Add possibility to filter out events on subscription level #2

Closed Andrey9kin closed 2 years ago

cageyv commented 3 years ago

This is good example for add to filter:

Case:

Event:

arn:aws:sts::XXXXXXXX:assumed-role/AWSReservedSSO_XXXXXX/vladimir.XXXX@XXXXX.com called ListAccounts but failed due to AccessDenied
Error message: CallerValidation check failed

Why: image image

chrispicht commented 2 years ago

I want to filter out messages about tenableio-connector making calls that will never succeed.

arn:aws:sts::123104204098:assumed-role/tenableio-connector/tenable-get-trails-0ca39b30-f227-44cb-acc8-e096c7657527 called GetTrailStatus but failed due to
AccessDenied
Error message:
User: arn:aws:sts::123104204098:assumed-role/tenableio-connector/tenable-get-trails-0ca39b30-f227-44cb-acc8-e096c7657527 is not authorized to perform: cloudtrail:GetTrailStatus on resource: arn:aws:cloudtrail:us-east-1:045758098048:trail/main because no identity-based policy allows the cloudtrail:GetTrailStatus action
Time: 2021-11-11 13:34:32 UTC
Id: 3e6f5ab6-da6e-43cd-9997-6710fd2aad1f
Account Id: 123104204098
Event location in s3:
AWSLogs/o-rrdq1iyird/123104204098/CloudTrail/us-east-1/2021/11/11/123104204098_CloudTrail_us-east-1_20211111T1335Z_jloPdYM4UTJFcMaz.json.gz
Andrey9kin commented 2 years ago

@chrispicht just added possibility to filter out stuff 52ad1f4b10a16a7fe4e3212338e918a004ef7971

going to release as 2.3.0