Event Pattern to match boolean values in Amazon EventBridge-CodePudding

I was wondering how we can match boolean type value of false instead of checking just exists?

I am unable to find anything for a boolean value in the documentation Content filtering in Amazon EventBridge event patterns

Thank you in advance

Sample Event:

"requestParameters": {
        "publicAccessBlock": "",
        "bucketName": "sri123publicaccess",
        "PublicAccessBlockConfiguration": {
            "xmlns": "http://s3.amazonaws.com/doc/2006-03-01/",
            "RestrictPublicBuckets": true,
            "BlockPublicPolicy": true,
            "BlockPublicAcls": true,
            "IgnorePublicAcls": true
        },
        "Host": "s3.amazonaws.com"
    },

Event Pattern:

{
  "source": ["aws.s3"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"],
    "eventName": ["PutBucketPublicAccessBlock", "DeleteBucketPublicAccessBlock"],
    "$or": [{
      "RestrictPublicBuckets": [{
        "exists": false
      }]
    }, {
      "BlockPublicPolicy": [{
        "exists": false
      }]
    }, {
      "BlockPublicAcls": [{
        "exists": false
      }]
    }, {
      "IgnorePublicAcls": [{
        "exists": false
      }]
    }]
  }
}

CodePudding user response：

The pattern to match boolean values is the one you'd expect:

"RestrictPublicBuckets": [true]

Beyond that, for your pattern to match your event, you must also properly nest the attributes:

"detail": {
    "requestParameters": {
                "PublicAccessBlockConfiguration": {
                    "$or": [
                        {"RestrictPublicBuckets": [true]},
                        {"BlockPublicPolicy": [true]},
                        {"BlockPublicAcls": [true]},
                        {"IgnorePublicAcls": [true]},
                    ]
                }
            },
}