Skip to content

Local Stack - CloudTrail Management Events has missing data #9346

New issue
New issue
Closed
Closed
Local Stack - CloudTrail Management Events has missing data#9346
Labels
aws:cloudtrailAWS CloudTrailaws:eventsAmazon EventBridgestatus: backlogTriaged but not yet being worked ontype: bugBug report
@schinnaswamy

Description

@schinnaswamy
schinnaswamy
opened on Oct 13, 2023

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Hi,

In one our micro-services project we are making use of AWS CloudTrail Management events and a rules defined in the EventBridge to capture the event. This EB triggers a Lambda function to process the event and creates alarms in the AWS cloud-watch service.

For Example : When a new Lambda function is created the AlarmCreationLambda function receives a CreateFunction CloudTrail API event via EventBridge rule.

Actual Issue:

The Lambda function looks for a key data from the event and look for the function_name from event payload field requestParameters for creating specific alarms based on the function name.

The CloudTrail event details in actual AWS infrastructure has the requestParams details field populated with the function_name and few other nested data.

When we emulate the same steps in LocalStack we noticed requestParameters data any is empty from CloudTrail event. A sample event information log for your reference.

event received: {'version': '0', 'id': 'e1f1501c-89a0-4caa-8952-637e7fc7c4e4', 'detail-type': 'AWS API Call via CloudTrail', 'source': 'aws.lambda', 'account': '000000000000', 'time': '2023-10-13T14:41:54Z', 'region': 'us-east-1', 'resources': [], 'detail': {'eventVersion': '1.09', 'eventCategory': 'Management', 'managementEvent': True, 'userIdentity': {'type': 'Root', 'principalId': '000000000000', 'arn': 'arn:aws:iam::000000000000:root', 'accountId': '000000000000', 'accessKeyId': 'ABCTEST0000000123'}, 'eventTime': '2023-10-13T14:41:54.593Z', 'eventSource': '[lambda.amazonaws.com](http://lambda.amazonaws.com/)', 'eventName': 'CreateFunction', 'awsRegion': 'us-east-1', 'sourceIPAddress': '1.2.3.4', 'userAgent': '[console.amazonaws.com](http://console.amazonaws.com/)', 'requestParameters': {}, 'responseElements': None, 'requestID': 'e95571b1-0923-4b7e-a81b-d272301dbf71', 'eventID': '1ada5a6b-6729-416e-a770-f820b432b1c0', 'eventType': 'AwsApiCall', 'apiVersion': '20150331', 'readOnly': False, 'recipientAccountId': '000000000000'}}


image

Expected Behavior

The requestParams should contain value as below

"requestParameters":{"function_name":"localstack-lambda-example","createDeploymentInput":{"stageName":"local"},"template":false}

How are you starting LocalStack?

With a docker-compose file

Steps To Reproduce

Run the LocalStack - Pro latest docker image

During the initialisation hook enable the CloudTrail using awslocal CLI and enable Logging events true and have the eventselectors with All management events true.

Create a new Lambda function in LocalStack and capture the event log.

Environment

- OS: MAC OS 13.6 (Ventura)
- LocalStack: localstack/localstack-pro:latest docker image

Anything else?

NA

Metadata

Metadata

Assignees

No one assigned

    Labels

    aws:cloudtrailAWS CloudTrailaws:eventsAmazon EventBridgestatus: backlogTriaged but not yet being worked ontype: bugBug report

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions