AWS RDS event subscriptions not triggered

Question

I created an event subscription has:

• "Target": my-topic
• "Source type": "parameter groups"
• "Parameter groups to include": "All parameter groups"
• "Event categories to include": "Specific event categories [configuration change]"

The expected behavior is to see an event and receive an email when someone updates the configuration of a parameter group. After I edit the parameters, there are no events type "parameter groups" and no email from SNS (I'm able to receive emails of another event type.).

Docs for event type: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html#USER_Events.Messages.parameter-group

What should I do to see "parameter group" event type?

Answer 1

I did some tests and I faced the same issue as you. I did some test on Amazon EventBridge as well and the issue here is mismatching event details. The following is the sample event for DB paramter group event as given by aws in Amazon EventBridge.

{
  "version": "0",
  "id": "844e2571-85d4-695f-b930-0153b71dcb42",
  "detail-type": "RDS DB Parameter Group Event",
  "source": "aws.rds",
  "account": "123456789012",
  "time": "2018-10-06T12:26:13Z",
  "region": "us-east-1",
  "resources": ["arn:aws:rds:us-east-1:123456789012:db:mysql-instance-2018-10-06-12-24"],
  "detail": {
    "EventCategories": ["configuration change"],
    "SourceType": "DB_PARAM",
    "SourceArn": "arn:aws:rds:us-east-1:123456789012:db:mysql-instance-2018-10-06-12-24",
    "Date": "2018-10-06T12:26:13.882Z",
    "SourceIdentifier": "rds:mysql-instance-2018-10-06-12-24",
    "Message": "Updated parameter time_zone to UTC with apply method immediate"
  }
}  

While the following is the event you get when you make any changes to the DB Paramter Group

{
  "version": "0",
  "id": "bcbed019-e426-1b4e-0e66-17ef9c1cd4d0",
  "detail-type": "AWS API Call via CloudTrail",
  "source": "aws.rds",
  "account": "xxxx",
  "time": "2022-07-15T15:16:21Z",
  "region": "eu-west-1",
  "resources": [],
  "detail": {
    "eventVersion": "1.08",
    "userIdentity": {
      "type": "AssumedRole",
      "principalId": "xxxx",
      "arn": "xxxx",
      "accountId": "xxxx",
      "accessKeyId": "xxxx",
      "sessionContext": {
        "sessionIssuer": {
          "type": "Role",
          "principalId": "xxxx",
          "arn": "xxxx",
          "accountId": "xxxx",
          "userName": "xxxx"
        },
        "webIdFederationData": {},
        "attributes": {
          "creationDate": "2022-07-15T08:39:39Z",
          "mfaAuthenticated": "true"
        }
      }
    },
    "eventTime": "2022-07-15T15:16:21Z",
    "eventSource": "rds.amazonaws.com",
    "eventName": "ModifyDBParameterGroup",
    "awsRegion": "eu-west-1",
    "sourceIPAddress": "AWS Internal",
    "userAgent": "AWS Internal",
    "requestParameters": {
      "dBParameterGroupName": "test",
      "parameters": [{
        "parameterName": "default_password_lifetime",
        "parameterValue": "0",
        "isModifiable": false,
        "applyMethod": "immediate"
      }]
    },
    "responseElements": {
      "dBParameterGroupName": "test"
    },
    "requestID": "51917b3f-c08a-4713-a9fe-98da55f090fa",
    "eventID": "a0ddcd12-6ddb-4a4d-a772-89c52abfae0e",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "xxxx",
    "eventCategory": "Management",
    "sessionCredentialFromConsole": "true"
  }
}

Now you can make an event pattern which can match the above patter(not the sample but the original).

You can use

{
  "detail-type": ["AWS API Call via CloudTrail"],
  "source": ["aws.rds"],
  "detail": {
    "eventSource": ["rds.amazonaws.com"],
    "eventName": ["ModifyDBParameterGroup"]
  }
}

for your purpose. You can modify this pattern for other purposes as well.