Cloudwatch: Notify IAM changes made to my AWS account – Let us Discuss
Recently, one of our customers created an Amazon CloudWatch Events rule to notify the changes.
However, the event rule isn’t triggering upon the changes made.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how we can notify the IAM change made to our AWS account.
Cloudwatch: Notify IAM changes made to my AWS account
Initially, we need to create a custom event pattern with a CloudWatch Events rule. This will trigger notifications when changes are made to a specific IAM API call.
Then, we route the response to an Amazon Simple Notification Service topic to receive a notification.
To do so, our Support Techs recommend the below steps:
Before we begin, we need to ensure the CloudWatch Events rule is in the US East (N. Virginia) Region.
In addition, we must enable an AWS CloudTrail trail in the same Region as the CloudWatch Events rule.
This is to send notifications to an SNS topic or Amazon Simple Queue Service queue.
Then we make sure to configure trail’s management events as Write-only or All.
For example, here our Support Techs show an event pattern that triggers a notification when CreateUser and DeleteUser API calls are made in your account.
1. Firstly, we open the CloudWatch console in the US East (N. Virginia) Region.
2. In the navigation pane, we select Rules > Create rule.
3. Then in the Service Name drop-down menu, we select IAM.
4. After that, in the Event Type drop-down menu, we select AWS API Call via CloudTrail.
5. In order to trigger the rule for specific API calls, we select Specific operation(s).
6. In the text box, we enter the name of an IAM operation.
7. We can also add more operations. To do so, we need to just click the + icon.
8. Then in Event Pattern Preview, we select Edit.
9. We copy and paste the following example template into the event pattern preview pane, and then select Save.
{ "source": [ "aws.iam" ], "detail-type": [ "AWS API Call via CloudTrail" ], "detail": { "eventSource": [ "iam.amazonaws.com" ], "eventName": [ "CreateUser", "DeleteUser" ] } }
10. In Targets, we select Add target.
11. In Select Target, we select an SNS topic.
12. Finally, in the Topic drop-down menu, we select the SNS topic.
13. Later we go ahead with the option, Configure details.
14. In Configure rule details, we enter a name and description for the rule, and then we select Create rule.
[Need help with the notification settings? We’d be happy to assist]
Conclusion
In short, we saw how our Support Techs go about notifying IAM changes to AWS account.
