Forwarding the events using Node.js
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
Please note that the following Lambda function explanation is offered only as an illustrative example. Users are solely responsible for the implementation and usage of the Lambda function based on the information and code we provide. Devo does not maintain any piece of code required for this process.
If you have any questions, please contact us.
Introduction
To collect and forward CloudTrail events to Devo, you will set up a trail that will send all AWS management and S3 bucket activity events to Lambda function that will collect, process, and forward the events securely to Devo. We provide the source code and files required to create the function. You only need to use these files to create the function, customize a few environment variables, and set up the CloudTrail rule that will start forwarding data.
Download the source code files
Download the zip file containing what you need to create the Lambda function. There are two folders and three files at the root level.
Prepare the ZIP file for upload
Add the certificate files previously downloaded to the /certs folder and your source code will be complete.
Problems with the initial setup
For troubleshooting the initial setup, you can enable the logging of additional events related to the Lambda function's activity. These will appear in the function's log file available in CloudWatch - Logs. To enable this logging, open the index.js file and uncomment the lines that start with console.log. Once you have confirmed that events are being correctly streamed to your Devo domain, you can edit the file and re-comment the console.log lines.
Create a .zip file containing the certs and node_modules folders, index.js, and package.json. You can name it anything you like.
Create the Lambda function
This procedure guides you through creating the new Lambda function. For this process, you need to have available the .zip file you prepared earlier.
With both the trail and the Lambda function enabled, events should begin to flow to your Devo domain. Look out for the cloud.aws.cloudtrail.events table to appear in your finder.
If the table doesn't appear in your domain's finder after 10 minutes, here are some things you can do to troubleshoot the problem:
Go to the S3 bucket and make sure that it contains data.
Go to CloudTrail - Trails and make sure the trail is active/enabled.
Make sure the Lambda function's environment variable definitions match the certificate file names in the .zip that you uploaded.
Go to CloudWatch - Logs and review the log for the Lambda function you created.
Go to Lambda, select the function you set up for CloudTrail, and click Test to send a test event. We suggest you copy the JSON of an event in the function's CloudWatch logs to use in the test event.