AWS Lambda CloudTrail Events as SAM Event Source

[MaxVynohradov]

Could you please provide information/link how can I create next via AWS SAM:

1. Go to services → CloudWatch → Rules → click on Create rule .
2. Event Source → choose Event Pattern → select CloudWatch Logs in Service Name , AWS API Call via CloudTrail in Event Type (If you don’t have Trail setup in CloudTrail, do first. To get help refer this document), CreateLogGroup in Specific operation(s)→ Targets → select Lambda function → select previously created lambda function → click on Configure details .
3. Give Name, Description, State should be enabled → click on Create rule .
   (taken from https://medium.com/tensult/manage-aws-cloudwatch-log-group-retention-using-automation-26add478b0c5 article.)

I've not found any information how I can describe this Event Source / Event Type (AWS API Call via CloudTrail) for lambda function (step 2) in AWS SAM template.yaml file

** I've already asked this question on StackOverflow, but nobody answers.

[brettstack]

Hi @MaxVinogradov, we don't currently support CloudTrail+Lambda natively in SAM. You can create CloudTrail resources using CloudFormation https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html. There are likely additional Resources you'll need to specify to link CloudTrail with Lambda.

I've tagged this as a feature request to add native support in SAM to make this much simpler (similar to our existing CloudWatchLogs support https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#cloudwatchlogs)

[MaxVynohradov]

Got it, thanks! I think it will be a great feature, that can make our life simpler.

[jniedrauer]

I've been able to get this type of event (AWS API Call via CloudTrail) to work as in this example:

       Events:
        CloudTrailScalerTrigger:
          Properties:
            Pattern:
              detail:
                eventName:
                - CreateService
                - UpdateService
                eventSource:
                - ecs.amazonaws.com
                requestParameters:
                  cluster:
                  - Ref: EcsCluster
              detail-type:
              - AWS API Call via CloudTrail
              source:
              - aws.ecs
          Type: CloudWatchEvent

Maybe this is a hack, I'm not sure. But it seems to work just fine.

[jfuss]

Pinging to clear maintainer/need-response

We do look at prioritizing feature requests based on "+1" reactions.