AWS EventBridge Pattern not capturing all events from SecretManager

Question

I have the following pattern in event bridge:

{
  "source": [
    "aws.secretsmanager"
  ],
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "secretsmanager.amazonaws.com"
    ],
    "eventName": [
      "CreateSecret",
      "UpdateSecret",
      "DeleteSecret",
      "PutSecretValue",
      "GetSecretValue",
      "ListSecrets",
      "RotationFailed",
      "RotationSucceeded",
      "DescribeSecret"
    ]
  }
}

it is pointing to a Lambda that prints the event to Cloudwatch. Works just fine but when i try to capture events like:

      "ListSecrets",
      "RotationFailed",
      "RotationSucceeded",
      "DescribeSecret"

They never get capture by the event system filter i created. Other actions like Update/Create/Delete works just fine. Is there any steps i am missing to get those?

Documentation Reference: https://docs.amazonaws.cn/en_us/secretsmanager/latest/userguide/retrieve-ct-entries.html

Thanks

Answer 1

All events that are delivered via CloudTrail have AWS API Call via CloudTrail as the value for detail-type. Events from API actions that start with the keywords List, Get, or Describe are not processed by EventBridge, with the exception of events from the following STS actions: GetFederationToken and GetSessionToken. Data events (for example, for Amazon S3 object level events, DynamoDB, and AWS Lambda) must have trails configured to receive those events. Learn more.

---

Warning from AWS at EventBridge page about Secrets Manager