New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Root Account #7931
Comments
This policy should provision a Lambda function (named Later when there's a root login in the same account, it should trigger the already-deployed Lambda function. I believe the docs example was written before changes to how CloudTrail captures global service events like |
It currently is not provisioning a lambda function for this policy. |
The output of
If it's not provisioning the Lambda function, you'll probably see some error messages in the logs instead. Your So far it looks like at a minimum, some doc updates for this example would be helpful |
I am able to get this working if I do a run and pass in the role. The lambda provisions and then logging in with my root account seems to work. If I delete the lambda, then log back in it still will not provision the lambda. What do I need to do to get this to work without having to manually run the policy via custodian run and for it to create and work automatically? |
the lambda isn't provisioned by the event, its provisioned when the cli runs, and invocation triggered by the event. |
Describe the bug
I have created a policy to detect the root login based on this policy.
https://cloudcustodian.io/docs/aws/examples/accountrootlogin.html
When I log in to the root account it is not deploying the lambda function. I am able to see the events in cloudwatch but the lambda never gets deployed based on those events.
What did you expect to happen?
When creating the policy for Account - Detect Root Logins it should generate a lambda that will trigger an email every time the root account login is detected/
Cloud Provider
Amazon Web Services (AWS)
Cloud Custodian version and dependency information
Policy
Relevant log/traceback output
No response
Extra information or context
No response
The text was updated successfully, but these errors were encountered: