How to use multiple prefixes in anything-but clause in AWS eventbridge eventpattern?

Asked 1/2, 2021 at 13:40 Answered 7/10, 2021 at 1:20

amazon-web-services amazon-cloudwatch serverless aws-event-bridge amazon-cloudwatch-events

I have a situation where I need to filter out certain events using eventpatterns in eventbridge. I want to run the rule for all events except those where username starts with abc or xyz. I have tried below 2 syntax but none worked :

"userIdentity": {
      "sessionContext": {
        "sessionIssuer": {
          "userName": [
            {
              "anything-but": {
                "prefix": [
                  "abc-",
                  "xyz-"
                ]
              }
            }
          ]
        }
      }
    }

"userIdentity": {
      "sessionContext": {
        "sessionIssuer": {
          "userName": [
            {
              "anything-but": [{
                "prefix": "abc-",
                "prefix": "xyz-"
              }]
            }
          ]
        }
      }
    }

Getting following error on saving the rule : "Event pattern is not valid. Reason: Inside anything but list, start|null|boolean is not supported."

Am I missing something in the syntax or if this is a limitation then is there any alternative to this problem?

Goethe answered 1/2, 2021 at 13:40 Comment(3)

as far as the documentation concerned Content-based Filtering with Event Patterns you can't provide multiple prefixes – Expressly 1/2, 2021 at 17:29

so is there any alternate way of achieving this(apart from having multiple rules) ? – Goethe 1/2, 2021 at 18:52

either split up rules or try not to match based on the prefix – Expressly 1/2, 2021 at 19:16

You can use prefix within an array in event pattern. Here is an example pattern:

{
      "detail": {
        "alarmName": [{
            "prefix": "DemoApp1"
          },
          {
            "prefix": "DemoApp2"
          }
        ],
        "state": {
          "value": [
            "ALARM"
          ]
        },
        "previousState": {
          "value": [
            "OK"
          ]
        }
    }
}

This event will match alarm that has name starting with either DemoApp1 or DemoApp2

Miserere answered 7/10, 2021 at 1:20 Comment(0)

TLDR: user @samtoddler is sort of correct.

Prefix matches only work on values as called out in https://docs.aws.amazon.com/eventbridge/latest/userguide/content-filtering-with-event-patterns.html#filtering-prefix-matching. They do not work with arrays. You can file a feature request with AWS support but if you'd like to unblock yourself; you it's probably best to either control the prefixes you have for userName (guessing this is something IAM related and in your control).

If that's not possible; consider filtering as much as you can via other properties before sending over to a compute (probably lambda) to performing additional filtering.

Professor answered 12/2, 2021 at 3:2 Comment(0)

Recommended topics

Hot tags