Events provides a collection of real-time data that can be used to observe, monitor, and build event-driven applications based on actions that have occurred within your Stax tenancy and the AWS accounts it manages.
Events are delivered via different channels depending on the source of the activity:
- AWS EventBridge
- Notifications (e.g. Slack or Webhook)
Consider the following when determining how to best consume events:
Stax-Generated Events | AWS-Generated Events | Cost & Compliance Notifications | |
---|---|---|---|
Overview | Events that reflect activity which occur within your Stax tenancy, such as logging in to the console, creating accounts, or creating an API token | Events generated by AWS, such as launching an EC2 instance or creating a VPC | Cost alerts, or non-compliant resource alerts based on your configured views and segments |
Destination | EventBridge in your logging account | EventBridge in your security account | Notifications |
Producer | Stax | AWS | Stax |
Location | Per Region | Per Region | Global |
Technology | Amazon EventBridge | Amazon EventBridge | Notifications |
Event Types |
Review the events schema for a list of Stax-generated events | A comprehensive list of AWS-generated events can be found in the Amazon EventBridge User Guide |
Alerts generated by the Stax Cost & Compliance module can be found here |
Stax-Generated Events
Stax provides a stream of real-time events that are generated by your Stax tenancy and Stax-managed AWS accounts. These events allow you to automate actions from activities occurring within your Stax tenancy. The events are generated as users and systems interact with Stax. They include actions, such as, authentication, AWS account creation, and API token creation.
Stax-generated events are collected and centralized for enrichment. Within your Stax-managed AWS accounts, events from every region are captured.
Enriched events contain more meaningful and consumable data. This can be beneficial for security, auditing, and automation purposes.
One example of enrichment is evident when an event contains a resource ID, for example, UserID. This field is typically a UUID that is challenging to associate back to a user or system. The enrichment process will enhance the event payload by including additional human-friendly attributes associated with that resource ID, for example, the user's Name.
Events Schema
Review the format of Stax Events:
AWS-Generated Events
As part of the Account Assurance process, Stax configures the default EventBridge Event Bus for every region to publish AWS Service Events to the respective event bus for that region in the security account. Centralizing all AWS Service Events within the security account ensures you can easily integrate third-party monitoring tools. It removes the requirement to orchestrate the required configuration in each individual Stax-managed AWS account.
Important: AWS Service Events are delivered to your security account. When consuming these events, consider the volume of events and apply filtering where appropriate.
Cost & Compliance Module Notifications
In addition to the default email-based notifications, Stax can publish targeted budget or non-compliant resource alerts using Notifications.