Skip to content

Commit

Permalink
Merge branch 'master' into huijbers/activate-infuse
Browse files Browse the repository at this point in the history
  • Loading branch information
mergify[bot] authored Oct 28, 2021
2 parents 9d5bf2c + 029eed9 commit 31e973d
Show file tree
Hide file tree
Showing 39 changed files with 954 additions and 447 deletions.
8 changes: 4 additions & 4 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@
"fs-extra": "^9.1.0",
"graceful-fs": "^4.2.8",
"jest-junit": "^12.3.0",
"jsii-diff": "^1.40.0",
"jsii-pacmak": "^1.40.0",
"jsii-reflect": "^1.40.0",
"jsii-rosetta": "^1.40.0",
"jsii-diff": "^1.41.0",
"jsii-pacmak": "^1.41.0",
"jsii-reflect": "^1.41.0",
"jsii-rosetta": "^1.41.0",
"lerna": "^4.0.0",
"patch-package": "^6.4.7",
"standard-version": "^9.3.1",
Expand Down
24 changes: 24 additions & 0 deletions packages/@aws-cdk/aws-cloudtrail/lib/cloudtrail.ts
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,7 @@ export class Trail extends Resource {
values: dataResourceValues,
}],
includeManagementEvents: options.includeManagementEvents,
excludeManagementEventSources: options.excludeManagementEventSources,
readWriteType: options.readWriteType,
});
}
Expand Down Expand Up @@ -424,6 +425,28 @@ export interface AddEventSelectorOptions {
* @default true
*/
readonly includeManagementEvents?: boolean;

/**
* An optional list of service event sources from which you do not want management events to be logged on your trail.
*
* @default []
*/
readonly excludeManagementEventSources?: ManagementEventSources[];
}

/**
* Types of management event sources that can be excluded
*/
export enum ManagementEventSources {
/**
* AWS Key Management Service (AWS KMS) events
*/
KMS = 'kms.amazonaws.com',

/**
* Data API events
*/
RDS_DATA_API = 'rdsdata.amazonaws.com',
}

/**
Expand Down Expand Up @@ -457,6 +480,7 @@ export enum DataResourceType {

interface EventSelector {
readonly includeManagementEvents?: boolean;
readonly excludeManagementEventSources?: string[];
readonly readWriteType?: ReadWriteType;
readonly dataResources?: EventSelectorData[];
}
Expand Down
55 changes: 54 additions & 1 deletion packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import { LogGroup, RetentionDays } from '@aws-cdk/aws-logs';
import * as s3 from '@aws-cdk/aws-s3';
import * as sns from '@aws-cdk/aws-sns';
import { Stack } from '@aws-cdk/core';
import { ReadWriteType, Trail } from '../lib';
import { ManagementEventSources, ReadWriteType, Trail } from '../lib';

const ExpectedBucketPolicyProperties = {
PolicyDocument: {
Expand Down Expand Up @@ -446,6 +446,59 @@ describe('cloudtrail', () => {
});
});

test('exclude management events', () => {
const stack = getTestStack();
const bucket = new s3.Bucket(stack, 'testBucket', { bucketName: 'test-bucket' });
const cloudTrail = new Trail(stack, 'MyAmazingCloudTrail');
cloudTrail.addS3EventSelector([{ bucket }], {
excludeManagementEventSources: [
ManagementEventSources.KMS,
ManagementEventSources.RDS_DATA_API,
],
});
cloudTrail.addS3EventSelector([{ bucket }], {
excludeManagementEventSources: [],
});

expect(stack).toHaveResourceLike('AWS::CloudTrail::Trail', {
EventSelectors: [
{
DataResources: [{
Type: 'AWS::S3::Object',
Values: [{
'Fn::Join': [
'',
[
{ 'Fn::GetAtt': ['testBucketDF4D7D1A', 'Arn'] },
'/',
],
],
}],
}],
ExcludeManagementEventSources: [
'kms.amazonaws.com',
'rdsdata.amazonaws.com',
],
},
{
DataResources: [{
Type: 'AWS::S3::Object',
Values: [{
'Fn::Join': [
'',
[
{ 'Fn::GetAtt': ['testBucketDF4D7D1A', 'Arn'] },
'/',
],
],
}],
}],
ExcludeManagementEventSources: [],
},
],
});
});

test('for Lambda function data event', () => {
const stack = getTestStack();
const lambdaFunction = new lambda.Function(stack, 'LambdaFunction', {
Expand Down
Loading

0 comments on commit 31e973d

Please sign in to comment.