GuardDuty events sent via CloudWatch rules and SNS emails are ugly.
It is possible to improve them using inputTransformer.
guardduty-event-target.tf
shows an example usage.
GuardDuty events sent via CloudWatch rules and SNS emails are ugly.
It is possible to improve them using inputTransformer.
guardduty-event-target.tf
shows an example usage.
resource "aws_cloudwatch_event_target" "guardduty" { | |
arn = aws_sns_topic.guardduty_sns.arn | |
rule = aws_cloudwatch_event_rule.guardduty_findings.name | |
input_transformer { | |
input_paths = { | |
source = "$.source" | |
awsAccountId = "$.detail.accountId" | |
awsRegion = "$.detail.region" | |
id = "$.detail.id" | |
type = "$.detail.type" | |
resourceType = "$.detail.resource.resourceType" | |
actionType = "$.detail.service.action.actionType" | |
severity = "$.detail.severity" | |
description = "$.detail.description" | |
time = "$.time" | |
} | |
input_template = <<INPUT | |
[{ | |
"title": "GuardDuty finding with severity <severity>/10", | |
"type": "<type>/<resourceType> <actionType>", | |
"info": "https://<awsRegion>.console.aws.amazon.com/guardduty/home?region=<awsRegion>#/findings?macros=current&search=id%3D<id>", | |
"account_id": "<awsAccountId>", | |
"region": "<awsRegion>", | |
"type": "<type>/<resourceType>", | |
"action": "<actionType>", | |
"timestamp": "<time>", | |
"description": "<description>" | |
}] | |
INPUT | |
} | |
} |