How to get all the events between start and end times using cloudtrail's lookup_events in boto3 without specifying MaxResults?

Question

I'm trying to fetch AWS cloudtrail events for a particular user using boto3.

I'm using cloudtrail client and lookup_events() function. I can specify the StartTime and EndTime between which I need to get the results.

But I might have number events between that StartTime and EndTime. If I don't provide MaxResults filter for lookup_events(), it is returning 50 events by default.

response = client.lookup_events(
    LookupAttributes=[
        {
            'AttributeKey':'Username',
            'AttributeValue': 'user1'
        },
    ],
    StartTime=datetime(2019, 12, 31),
    EndTime=datetime(2020, 1, 1),
    MaxResults=123
)

If I need to get MaxResults, I need to actually mention MaxResults which is not what I want.

I want to fetch all the events between the StartTime and EndTime.

Is there any way that I can skip MaxResults param and the lookup_events() function fetches all the events between StartTime and EndTime no matter how many events are there in that duration and how long it's gonna take to send the response?

If I specify MaxResults as more than 1000, I'm getting an error saying that it should bet= in range 1 and 1000.

jarmod · Accepted Answer · 2019-12-31T21:17:32.033

2

No, you can't get more than the max allowable results in a single API call. You have to use pagination.

The boto3 SDK provides pagination function for you, however, so see the LookupEvents paginator.

edited Dec 31 '19 at 21:17

answered Dec 31 '19 at 21:10

jarmod

71,565
16
115
122

How to get all the events between start and end times using cloudtrail's lookup_events in boto3 without specifying MaxResults?

1 Answers1