使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

How to find all actions/events that are able to create or modify a specific resource?

0

How to find all actions/events that are able to create or modify a specific resource?

Below are 2 examples, however, the question is more general and applies to any resource:

  1. I tried to capture all events that are able to create/update api gateway stage for automatic WAF hooking. Initially, I identified 2 actions "CreateStage" and "UpdateStage" however, it turned out that apart from these 2 actions, the "CreateDeployment" action also is able to create stage without invoking the "CreateStage" event.

  2. When we run "ec2:RunInstance" it will also generate or trigger another API (and therefore resources), such as "AttachVolume".

Searching each of the possible actions based on type parameters such as "stageName" seems unobvious and inefficient. I am looking for a more efficient way to identify all events that may create or modify a particular resource.

主題
無伺服器應用程式整合管理與治理
標籤
Amazon EventBridgeAWS CloudTrailAWS 資源探索工具
語言
English
AWS-User-5250260
已提問 10 個月前檢視次數 269 次
1 個回答
0

Hi, the most efficient way is usually CloudTrail: it registers all API calls for a given account. So, go to CloudTrail, extract a trace of all API calls on your period of interest. Then you can search on resource name and find all details about who did what when on this resource.

That's how I personally do when I have such a question.

Best,

Didier

profile pictureAWS
專家
Didier_Durand
已回答 10 個月前
  • AWS-User-5250260
    10 個月前

    Thank you for quick answer, unfortunately imho this method requires the action/event to be triggered first. In this way, I am not able to predict what resources will be created by actions that have not yet been triggered.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容