使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

How to find all actions/events that are able to create or modify a specific resource?

0

How to find all actions/events that are able to create or modify a specific resource?

Below are 2 examples, however, the question is more general and applies to any resource:

  1. I tried to capture all events that are able to create/update api gateway stage for automatic WAF hooking. Initially, I identified 2 actions "CreateStage" and "UpdateStage" however, it turned out that apart from these 2 actions, the "CreateDeployment" action also is able to create stage without invoking the "CreateStage" event.

  2. When we run "ec2:RunInstance" it will also generate or trigger another API (and therefore resources), such as "AttachVolume".

Searching each of the possible actions based on type parameters such as "stageName" seems unobvious and inefficient. I am looking for a more efficient way to identify all events that may create or modify a particular resource.

主题
无服务器应用程序集成管理与治理
标签
Amazon EventBridgeAWS CloudTrailAWS 资源浏览器
语言
English
AWS-User-5250260
已提问 10 个月前269 查看次数
1 回答
0

Hi, the most efficient way is usually CloudTrail: it registers all API calls for a given account. So, go to CloudTrail, extract a trace of all API calls on your period of interest. Then you can search on resource name and find all details about who did what when on this resource.

That's how I personally do when I have such a question.

Best,

Didier

profile pictureAWS
专家
Didier_Durand
已回答 10 个月前
  • AWS-User-5250260
    10 个月前

    Thank you for quick answer, unfortunately imho this method requires the action/event to be triggered first. In this way, I am not able to predict what resources will be created by actions that have not yet been triggered.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容