Monitor AWS deployments in the cloud by getting a history of AWS API calls for the AWS account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. Identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.
Questions tagged [amazon-cloudtrail]
293 questions
1
vote
0 answers
How to get Boto3 to append collected cloudtrail client responses to log file when run from a crontask?
I am currently working with a log collection product and want to be able to pull in my CloudTrail logs from AWS. I started using the boto3 client in order to lookup the events in CloudTrail. I got the script to work right when I am running it…
Daniel Giebink
- 21
- 4
1
vote
1 answer
Not getting complete information in SQS topic in the message generated from AWS CloudWatch alarm
I have configured an Alarm on CloudTrail events. The metric of the alarm is to trigger it when it finds the information in the logs that an instance is terminated. The information sends a message to an SNS topic which in turn calls SQS.
It is all…
Ishu Gupta
- 1,071
- 1
- 19
- 43
1
vote
1 answer
reparsing a logstash record? fix extracts?
I'm taking a JSON message (Cloudtrail, many objects concatenated together) and by the time I'm done filtering it, Logstash doesn't seem to be parsing the message correctly. It's as if the hash was simply dumped into a string.
Anyhow, here's the…
tedder42
- 23,519
- 13
- 86
- 102
0
votes
0 answers
Passing metadata of trigger to ECS task -fargate- from S3 via Eventbridge
i am receiving bucket name and key as an empty string which causes script to fail.
I am trying to retrieve filename which caused the trigger by in eventbridge from S3 but unable to get it.
aws events put-targets --rule s3-to-rds --targets '{
…
Vandalism
- 23
- 4
0
votes
0 answers
Can't Retrieve Logs by Tenant ID: Lambda Promtail Logs Loki/Grafana
I am attempting to setup Lambda Promtail to send cloudtrail logs to Loki (hosted in EKS). It appears from Lambda metrics that everything appears to be correct and I am not getting any errors on the client (lambda) side. I am using the recommended…
Keimille
- 345
- 2
- 11
0
votes
0 answers
AWS cloudtrail with S3 data events enabled create logging loop
I've created AWS cloud trail and pointed it to S3 bucket with data event configuration to log all S3 data events:
eventSelector: [
{
readWriteType: 'All',
includeManagementEvents: true,
dataResource: [
{
…
Omer Levi Hevroni
- 1,935
- 1
- 15
- 33
0
votes
0 answers
CloudTrail not logging devicefarm events in CloudWatch
I created a trail with management events and also created a new log group and S3 bucket for logging and storing the logs.
However, even though I see devicefarm.amazonaws.com events in the event History tab of the aws console, I don't see them in the…
Mahima
- 178
- 8
0
votes
0 answers
S3 server access logs VS S3 object-level logs
I am trying to set up logging for my AWS S3 buckets.
I ran accross this AWS Config rule s3-bucket-logging-enabled. The logs here are server access logs.
From the CIS AWS Foundations 1.5.0 I also need to set up object-level logging for read events.
I…
Achi
- 27
- 3
0
votes
1 answer
Create event data source for this query
I am trying to execute this query in cloudwatch lake.
SELECT
*
FROM
$EDS_ID
WHERE
eventsource = 'signin.amazonaws.com'
AND eventname = 'ConsoleLogin'
AND Element_at(additionaleventdata, 'MFAUsed'
) = 'No'
But I am not…
shantanuo
- 31,689
- 78
- 245
- 403
0
votes
3 answers
Invoking AWS CloudWatch Event Rule by some event
I have an EventBridge rule that looks like this:
{
"source": ["redshift.amazonaws.com"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["redshift.amazonaws.com"],
"eventName": ["CreateCluster"],
…
Dawid_K
- 141
- 1
- 1
- 10
0
votes
0 answers
Capturing CloudTrail events from QuickSight
I am trying to catch the CloudTrail events into EventBridge. I am following this article:
https://aws.amazon.com/blogs/big-data/using-administrative-dashboards-for-a-centralized-view-of-amazon-quicksight-objects/
Which also uses this code…
moltar
- 1,372
- 1
- 11
- 18
0
votes
1 answer
Not able to Athena query CloudTrail Logs from KMS CMK Encrypted S3 bucket
I have created S3 bucket encrypted with KMS CMK and configured CloudTrail Logs to store into that same bucket.
CloudTrail is storing logs in the bucket successfully.
However when I execute SELECT * FROM cloudtrail_logs in Athena, it does not return…
Neelesh Gurjar
- 65
- 1
- 10
0
votes
0 answers
In Flask CSV download file and managing CSV file automatically after download existing data file
These instructions demonstrate how to edit a CSV file before installation to automatically add graphs, groups, and sorting to the data. Although I attempted to use a plotly.js variable to automate graph creation, it was unsuccessful. The process…
Aliyev777
- 9
- 2
0
votes
1 answer
how to trigger aws lambda function upon a new event being detected by cloudtrail
I currently have a lambda function in AWS that I am trying to trigger whenever a new event is detected by Cloudtrail. In Amazon EventBridge, I have set a rule with the following event pattern:
{
"source": ["aws.cloudtrail"]
}
I have also…
Sabo Boz
- 1,683
- 4
- 13
- 29
0
votes
0 answers
Monitoring the root activity using terraform code and lambda function
I have my terraform code that is creating the resources: Event Bridge to trigger the root activity and to send to lambda, lambda to send notification via email. So when I'm testing my lambda function and simulate the root activity is sending…
hope
- 1