【以下的问题经过翻译处理】 大家好,
根据安全要求,我们需要使用SNS设置一个通知系统,当有人使用特定的SSO PermissionSet(例如:AdministratorAccess)访问AWS帐户时,通知我们的安全团队。
我正在尝试设置一个简单的EventBridge规则,基于IAM Identity Center Federate Event在Cloudtrail上,使用SNS主题作为目标,但我无法使其工作。
CloudTrail事件:
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "xxxx-43ce-996a-0530772c083a",
"accountId": "xxxxxxxxxxx",
"userName": "userName"
},
"eventTime": "2023-03-23T00:07:29Z",
"eventSource": "sso.amazonaws.com",
"eventName": "Federate",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.1.1.1",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0",
"requestParameters": null,
"responseElements": null,
"requestID": "c99b-48ea-a9e4-fc2194bc0f27",
"eventID": "415e-b57e-99764a0f0fdf",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"recipientAccountId": "xxxxxxxxxx",
"serviceEventDetails": {
"role_name": "AWSAdministratorAccess",
"account_id": "xxxxxxxx"
},
"eventCategory": "Management"
}
EventBridge事件模式如下:
{
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["sso.amazonaws.com"],
"eventName": ["Federate"]
}
}
有人可以帮助我使其工作么?