CloudTrail Event

The CloudTrail Event trigger notifies you of selected CloudTrail events.

AWS account permissions

The CloudTrail Event trigger uses the following endpoints on AWS’ CloudWatchEvents API:

The GorillaStack cross-account role needs permission to use these endpoints.

Use of this trigger in a rule

The CloudTrail Event trigger will usually be used in a rule with the Notify on Event action, which generates formatted notification based on selected events. However, it is possible to pair it with any action. For example, this rule notifies you immediately when AutoScalingGroup settings are changed, then waits 10 minutes for any changes to your EC2 instance count to flow through, then notifies you of the new instance count.

Receive instance count 10 minutes after any ASG

Identifying CloudTrail event names

Almost everything that occurs in your AWS account is reported as a CloudTrail event. Use this trigger to list just the specific event types you are interested.

There is no comprehensive list of CloudTrail event names available at present.

However, most of the API endpoints listed in AWS’s documentation generate a CloudTrail event that has the same name as the endpoint. For example, when the CopySnapshots endpoint on the EC2 API is called, a CopySnapshots event is generated. One notable exception to this rule-of-thumb is the Describe* endpoints, which generally do not create monitorable events. To be sure of what events are available to you, log into CloudTrail in the AWS Console, then click Event History.