-
Notifications
You must be signed in to change notification settings - Fork 11
Retro Tag script does not recognize CloudTrail events for CreateTable on DynamoDb. #12
Comments
Hey ya so there are two separate parts for each resource. The CloudTrail event processing and a check to verify the resource still exists with the ruby sdk. First the CloudTrail event processing below says find the
Sample
Then we check to make sure the resource exists by calling
|
You can try running with |
If auto-tag is enabled, the lambda tags the dynamodb tables correctly, but when running the Ruby script the following is returned:
Completed collecting resources in 34 seconds Found 2 total events to process, looking for events with existing resources... Completed event scan in 0 seconds +------------------------------------------------------------------------------------+ | Retro-Active Tagging for Existing Resources Summary | +---------------------------+------------------------------------------------+-------+ | Service | Event | Count | +--------------------------------------------------------------------------------------+ | DynamoDB Tables | CreateTable | 2 | +---------------------------+------------------------------------------------+-------+ Total CloudTrail Events: 0 Unique CloudTrail S3 Objects: 0 Starting 3 Lambda Function threads... Error: No CloudTrail S3 objects found to process
Obviously the CloudTrail .gz files are in the S3 bucket. Other events are processed successfully.
Keep in mind that the only difference between how the Auto-Tag and the Retro-Tag lambda functions are configured is the handler for each case and that the error is being thrown by the retro_tag.rb script on line 301 because all_cloudtrail_s3_keys.count !> 0.
While services.cloudtrail_s3 prints values for other resources it ALWAYS comes back empty for DynamoDB, regardless of whether the cache contains the path to the CloudTrail event on S3, the resource is available, and the Athena .csv contains the event.
Why is it that the aws_resource/dynamo_db_table.rb file has the following property empty? Where other classes in that module have the arn.
DynamoDB
def aws_response_resource_name '' end
RDS:
def aws_response_resource_name 'db_instance_arn' end
The following elements do NOT exist in the DynamoDB response, hence the arn must be built:
`def resource_name_exists?(**args)
(args[:response_elements]['tableDescription'] &&
args[:response_elements]['tableDescription']['tableArn'])
end
Reference: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/DynamoDB/Client.html#list_tables-instance_method
The text was updated successfully, but these errors were encountered: