Remove unexpected BYOIPV6 route advertisements

Amazon CloudTrail → Amazon EventBridge → AWS Lambda

Use Amazon EventBridge and AWS Lambda to respond to AdvertiseByoipCidr events and validate if the address space should be advertised.

This sample project demonstrates how to use Amazon EventBridge and AWS Lambda to respond to AWS CloudTrail events. In this example, any AdvertiseByoipCidr call triggers a Lambda function to run and validate whether or not the address space is expected to be advertised by checking for the address space in a list of allowed CIDRs in a DynamoDB table.

If the address space is not permitted to be advertised, the Lambda will publish a message to a SNS Topic to notify an administrator that an unexpected CIDR was advertised and will automatically remove the advertisement of the CIDR.

This pattern deploys an EventBridge rule, a Lambda function, a DynamoDB table and a SNS topic.

< Back to all patterns

Language:: Python
Framework:: AWS SAM

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/cloudtrail-eventbridge-lambda-dynamodb-sam

Deploy

sam deploy

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

Delete the stack: sam delete.

Additional resources

Bring Your IPv6 Address Space to Amazon VPC IP Address Manager

Amazon EventBridge

AWS Lambda

Amazon VPC IP Address Manager (IPAM)

Created by:

John Dwyer

I am a Senior Solutions Architect on the Worldwide Public Sector team at AWS. I help customers build and architect serverless applications at scale.

Follow on LinkedIn