AWS Cloud formation for Cloud Trail put event selector

0
votes

In short, I want to enable cloud trail for several objects in different S3 buckets. I am able to directly mention all the objects when creating CloudTrail from CloudFormation. But i want to add them at later point in time.

  • Create an AWS CloudTrail trail in a CloudFormation stack and export the trail's ARN.
  • Then when creating objects in S3 bucket to which i need CloudTrail data events for, I want to add them as this existing CloudTrail.

Here is the spot in console where I can manually add it. CloudTrail AWS Console

So, Looking to add data events to an existing CloudTrail via CloudFormation.

Looked entire documentation several times, I can only see a way to add while creating the CloudTrail: Create a CloudWatch Events Rule for an Amazon S3 Source (AWS CloudFormation Template) - CodePipeline

Please advice what is the resource type that supports this?

1
amazon-web-servicesamazon-s3amazon-cloudformation
Sorry, but I don't understand your second bullet-point. Can you explain it in more detail, perhaps referring to how you would do this in the management console?John Rotenstein
I am sorry , its not very clear. I just edited and added a screen shot, hope this helps.Balu Vyamajala
What are you wanting to capture in CloudTrail for these objects? If you want to capture information about when the objects are accessed, you can use Amazon S3 Server Access Logging.John Rotenstein
I am triggering code pipeline based on these events. docs.aws.amazon.com/codepipeline/latest/userguide/…Balu Vyamajala

1 Answers

1
votes

you can probably get some hint from the CFT I have created - from an S3 Event probably an putObject operations logs the events details into an separate bucket from where using CloudWatch Events trigger the execution of the Step Function State Machine.

cloudtrail:
    Type: AWS::CloudTrail::Trail
    Properties:       
      EnableLogFileValidation: Yes
      EventSelectors: 
        - DataResources:
            - Type: AWS::S3::Object
              Values: 
                - arn:aws:s3:::s3-event-step-bucket/    
          IncludeManagementEvents: Yes
          ReadWriteType: All
      IncludeGlobalServiceEvents: Yes
      IsLogging: Yes
      IsMultiRegionTrail: Yes
      S3BucketName: s3-event-step-bucket-storage       
      TrailName: xyz

When you deploy this CFT , it will update the existing Trail with CloudTrail data events as the Trigger Point.