Skip to main content

Configure AWS EventBridge integration

Setup

Authress provides external integration for AWS EventBridge. With this integration, you can consume authentication and authorization events emitted by Authress to trigger custom actions or integrate with your existing SIEM (Security Information and Event Management) system.

Event catalog

AccessChanged

accessChanged.json
{
"detail-type": "AccessChanged",
"time": "2021-07-24T12:42:59Z",
"detail": {
"eventId": "uniqueDeduplicationEventId",
"triggeredBy": {
"recordId": "64dfc9d0-fced-4689-b831-5cb75839f6da",
"version": "1627130549422"
},
"changes": [
{
"userId": "userId",
"resourceUri": "/resources/resourceId-1",
"operation": "ADDED"
},
{
"userId": "userId",
"resourceUri": "/resources/resourceId-2",
"operation": "REMOVED"
}
]
}
}

Authorization Request

authorizationRequest.json
{
"detail-type": "AuthorizationRequest",
"time": "2021-07-24T12:42:06Z",
"detail": {
"eventId": "uniqueDeduplicationEventId",
"count": 1,
"user": { "userId": "userId" },
"resource": { "resourceUri": "/resources/requestedResourceId" },
"permission": { "action": "resources:read" },
"authorizationResult": "ALLOWED"
}
}

Login Request

loginRequest.json
{
"detail-type": "LoginRequest",
"time": "2021-07-24T12:42:06Z",
"detail": {
"eventId": "uniqueDeduplicationEventId",
"user": { "userId": "userId" },
"loginResult": "SUCCESS"
}
}

Additional information

AWS EventBridge does not provide automated deduplication. This causes some events to be sent multiple times. Use the unique eventId field for idempotent handling.