Immutable audit logs powered by QLDB & EventBridge. Example code for the Immutable audit logs with Amazon Quantum Ledger Database.
This repo outlines a serverless microservice that takes care of generating immutable records in QLDB based on events sent on an EventBridge custom event bus.
The event message should have an entity and an attributes properties in the
detail property of the message. Any event with the source and detail-type
matched by the pattern specified for the auditLogWriter function triggers
will generate a new audit log record.
The entity attribute needs to match the name of any of the tables created in
the ledger.
This project uses Serverless Framework.
The definition of the resources used by the service are defined in the
serverless.yml file.
- A working AWS Account
- Node v12+
- NPM v6+
npm install -g serverless- Follow the instructions of the Serverless Docs to configure your AWS credentials with the serverless framework.
git clonethis repocdinto project's rootnpm installdependencies- Setup the environmental file.
- Duplicate
.env.exampleand rename it.env - This file contains the values for the environment variables required by the application
ACCOUNT_IDThe AWS account 12-digit identifierAWS_COGNITO_USER_POOL_IDYour cognito user pool idDEFAULT_EVENT_BUS_NAMEthe name of the default event bridge bus used by the application- Example value:
my-custom-event-bus
- Example value:
ENVIRONMENT_CODEthe environment code for the application, also used to set the stage of the lambdas- Example value:
dev
- Example value:
NODE_ENVnode's environment (should beproductionin the live app)- Example value:
test
- Example value:
PROFILEthe name of the local AWS credentials profile, used to deploy the lambda app- Example value:
my_aws_profile
- Example value:
REGIONthe AWS region in which the serverless application will be deployed- Example value:
us-east-2
- Example value:
- Duplicate