Another day, another exciting news in Serverless: Amazon EventBridge now supports wildcard filters in rules !
With this new feature, you will be able to express more powerful rules to filter events going through your event buses.
Let’s look at a realistic security use case. You want a rule to catch S3 API calls that either update or delete the Block Public Access flags of your buckets.
Before, you could have written the rule as follows:
{
"source": ["aws.s3"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["s3.amazonaws.com"],
"eventName": ["PutBucketPublicAccessBlock", "DeleteBucketPublicAccessBlock"]
}
}Now, you can use a wildcard in the filter:
{
"source": ["aws.s3"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["s3.amazonaws.com"],
"eventName": [{
"wildcard": "*PublicAccessBlock"
}]
}
}You could also use the wildcard filters on the name of the buckets - e.g. with “secret” in the name, such as:
{
"source": ["aws.s3"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["s3.amazonaws.com"],
"eventName": [{
"wildcard": "*PublicAccessBlock"
}],
"requestParameters": {
"bucketName": [{
"wildcard": "*secret*"
}]
}
}
}Your turn ! How will you leverage this new feature in your next builds ?