I got severals cloudwatch filter for cloudtrails logs, for example:
{ ($.eventName = "ConsoleLogin") && ($.additionalEventData.MFAUsed = "No") }
Each filter trigger an alarm and I receive an SNS notification on my mailbox telling me something like A user has logged in withtout MFA
But what I would like to receive is the log line from cloudwatch that triggered this alarm, so i could know immediately which user is faulty by parsing the log, and trigger a bot that would ask the user to fix this, without having to go to cloudwatch , check manually and contact the user myself.
I could make a program that does this somehow automatically, but I would like to make sure first that there is not a proper AWS way to do it already.
Is there any way to receive automatically the logs in the mail, or by any other automatic means?
Thanks a lot
