chilly-tailor-89151
05/08/2023, 10:44 AMsome-notebook-86727
05/08/2023, 2:02 PMaws.cloudtrail.Trail
resource to create a new trail and specify the s3BucketName
property to configure where the CloudTrail logs will be stored. You can then use the aws.cloudwatch.EventTarget
resource to create an event rule that targets the CloudTrail trail.
Here's an example Pulumi program in Python that creates a CloudTrail trail and an event rule to send VPC events to the trail:
import pulumi
import pulumi_aws as aws
# Create a S3 bucket to store CloudTrail logs
bucket = aws.s3.Bucket('my-bucket')
# Create a CloudTrail trail that logs to the S3 bucket
trail = aws.cloudtrail.Trail('my-trail',
s3_bucket_name=bucket.id,
is_multi_region_trail=True, # optional
enable_logging=True,
)
# Create an event rule that targets the CloudTrail trail
rule = aws.cloudwatch.EventRule('my-rule',
event_pattern={
"detail": {
"eventName": [
"CreateNetworkInterface",
"DeleteNetworkInterface"
],
"eventSource": [
"<http://ec2.amazonaws.com|ec2.amazonaws.com>"
]
}
}
)
# Add the CloudTrail trail as a target for the event rule
target = aws.cloudwatch.EventTarget('my-target',
rule=rule.name,
arn=trail.arn,
)
In this example, the CloudTrail trail logs VPC events related to creating and deleting network interfaces from the EC2 service. You can modify the event_pattern
property of the aws.cloudwatch.EventRule
resource to target other types of VPC events.
Once you have created the CloudTrail trail and event rule, you can test that VPC events are being logged to the S3 bucket by creating or deleting a network interface in your VPC and checking the CloudTrail logs in the S3 bucket.