Configure AWS EventBridge and GCP Pub/Sub Audit Stream
Setupโ
Authress provides external integration for AWS EventBridge, GCP Pub/Sub, and others. With this integration, you can consume authentication and authorization events emitted by Authress to trigger custom actions or integrate with your existing SIEM (Security Information and Event Management) system.
Event catalogโ
AccessChangedโ
accessChanged.json
{
"detail-type": "AccessChanged",
"time": "2021-07-24T12:42:59Z",
"detail": {
"eventId": "uniqueDeduplicationEventId",
"triggeredBy": {
"recordId": "64dfc9d0-fced-4689-b831-5cb75839f6da",
"version": "1627130549422"
},
"changes": [
{
"userId": "userId",
"resourceUri": "/resources/resourceId-1",
"operation": "ADDED"
},
{
"userId": "userId",
"resourceUri": "/resources/resourceId-2",
"operation": "REMOVED"
}
]
}
}
Authorization Requestโ
authorizationRequest.json
{
"detail-type": "AuthorizationRequest",
"time": "2021-07-24T12:42:06Z",
"detail": {
"eventId": "uniqueDeduplicationEventId",
"count": 1,
"user": { "userId": "userId" },
"resource": { "resourceUri": "/resources/requestedResourceId" },
"permission": { "action": "resources:read" },
"authorizationResult": "ALLOWED"
}
}
User Loginโ
userLogin.json
{
"detail-type": "UserLogin",
"time": "2021-07-24T12:42:06Z",
"detail": {
"eventId": "uniqueDeduplicationEventId",
"subType": "Login" | "SignUp" | null,
"user": { "userId": "userId" },
"loginResult": "SUCCESS"
}
}
Additional informationโ
AWS EventBridge does not provide automated deduplication. This causes some events to be sent multiple times. Use the unique eventId field for idempotent handling.