I was wondering how we can match boolean type value of false instead of checking just exists?
I am unable to find anything for a boolean value in the documentation Content filtering in Amazon EventBridge event patterns
Thank you in advance
Sample Event:
"requestParameters": {
"publicAccessBlock": "",
"bucketName": "sri123publicaccess",
"PublicAccessBlockConfiguration": {
"xmlns": "http://s3.amazonaws.com/doc/2006-03-01/",
"RestrictPublicBuckets": true,
"BlockPublicPolicy": true,
"BlockPublicAcls": true,
"IgnorePublicAcls": true
},
"Host": "s3.amazonaws.com"
},
Event Pattern:
{
"source": ["aws.s3"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["s3.amazonaws.com"],
"eventName": ["PutBucketPublicAccessBlock", "DeleteBucketPublicAccessBlock"],
"$or": [{
"RestrictPublicBuckets": [{
"exists": false
}]
}, {
"BlockPublicPolicy": [{
"exists": false
}]
}, {
"BlockPublicAcls": [{
"exists": false
}]
}, {
"IgnorePublicAcls": [{
"exists": false
}]
}]
}
}
The pattern to match boolean values is the one you'd expect:
"RestrictPublicBuckets": [true]
Beyond that, for your pattern to match your event, you must also properly nest the attributes:
"detail": {
"requestParameters": {
"PublicAccessBlockConfiguration": {
"$or": [
{"RestrictPublicBuckets": [true]},
{"BlockPublicPolicy": [true]},
{"BlockPublicAcls": [true]},
{"IgnorePublicAcls": [true]},
]
}
},
}