cloudtrail-console-actions

command module
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 19, 2021 License: MIT Imports: 19 Imported by: 0

README

CloudTrail Console Actions

Problem: CloudTrail signal to noise ratio is too noisy for a human to understand. This Lambda's goal is to find actionable events and alert/log them.

flow-diagram-2021-05-14

Examples

Event in Slack

image-20210514145815015

CloudWatch Search terms

fields @timestamp, @message
| sort @timestamp desc
| filter msg == "Event"

Example Event

{
  "account_id": "123456789012",
  "event_id": "ec20d295-2332-4871-9a0c-0f3193119eb6",
  "event_name": "PutUserPolicy",
  "event_source": "iam.amazonaws.com",
  "event_time": "2021-05-14T19:03:40Z",
  "level": "info",
  "msg": "Event",
  "principal": "AIDA123456789EXAMPLE:john.doe@example.com",
  "time": "2021-05-14T19:18:19Z",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "user_name": "john.doe@example.com"
}

Environment Reference

The following environmental variables are supported:

  • SLACK_NAME - (Optional) Specifies the name of the default account events are from.
  • SLACK_CHANNEL - (Optional) Specifies the Slack Channel to publish events
  • SLACK_WEBHOOK - (Optional) Specifies the webhook URL to send events to if not set only logs will be emitted.
  • SLACK_NAME_${AWS_ACCOUNT_NUMBER} - (Optional) Specifies the name of the account specific event.

Note: You can uses Slack Emoji's in SLACK_NAME and SLACK_NAME_* by using the standard :maple_leaf: designation.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.