Monitor AWS deployments in the cloud by getting a history of AWS API calls for the AWS account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. Identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.
Questions tagged [amazon-cloudtrail]
293 questions
0
votes
0 answers
Can't get aws ebs events data from cloudtrail using CloudTrailClient
I am trying to collect event data for any aws resource using CloudTrailClient. This code below works for ec2 instances but doesn't for ebs volumes. Is this the right way to collect the data I am interested in or am I doing something wrong?
fun…
user20830639
0
votes
0 answers
Getting detailed logs for Amazon Cognito following a failed authentication
Please not that for the purposes of this question, I am not interested in the specifics of what I have misconfigure or the root cause of my issue, but the steps I should take to trouble shoot it.
I have set up an Amazon Cognito user pool and client…
Chopo87
- 1,240
- 4
- 19
- 32
0
votes
1 answer
How to find IAM user who registered a new domain on AWS
I'd like to find which IAM user registered a new domain in route53 from our AWS account. How can I do this?
The domain is registered a week ago and I tried to check CreateDomain, CreateDomainEntry, CreateDomainName in cloudtrail in the past 3 weeks…
Sai Chander
- 829
- 1
- 6
- 15
0
votes
1 answer
How to listen events from amazon Neptune? Event Bridge possible?
I am trying to listen events from event bridge for Neptune but not getting any luck.
I have tried event bridge rule to add amazon Neptune as a source but it is not working.
I am interested in events like, if Instance is created or DBcluster is…
Ali Hasan
- 512
- 1
- 4
- 18
0
votes
1 answer
Is it possible to log end user in cloudtrail when using dynamodb behind an API Gateway?
When receiving a request from a user, the following flow gets executed in my serverless infrastructure:
API Gateway => Custom authorizer (performs a bunch of checks and sets principalId with user id) => Lambda function.
The lambda function has a…
AnonBird
- 570
- 13
- 27
0
votes
0 answers
Athena table to query cloudTrail logs
I created an Athena table in order to query cloudTrail logs.
I used AWS documentation to do that.
Attached the link to the documentation.
https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html
The table DDL is as follows:
CREATE…
Amico cohen
- 13
- 2
0
votes
1 answer
Getting AWS Cloud Trail events using Find-CTEvent with multiple lookup attributes
I need to retrieve CreateImage and CreateSnapshot events from AWS Cloud Trail using Find-CTEvent cmdlet.
So I try the following:
Find-CTEvent -LookupAttribute @(@{ AttributeKey="EventName"; AttributeValue="CreateSnapshot"},@{…
Sergey
- 118
- 1
- 3
- 13
0
votes
0 answers
AWS Cloudtrail: how does Cloudtrail logs look when instance state goes to "Terminating:Wait" state?
As you can see in this link:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks-overview.html
instances in AWS can go to "Terminating:Wait" state. My question is how cloudtrail log show look when an instance goes from "running" to…
CrazySynthax
- 13,662
- 34
- 99
- 183
0
votes
1 answer
Deny CloudTrail from logging my S3 bucket
In my company we have an AWS account and I have a bucket that holds personal information about workers of the company. As the names of the files sometimes disclose information about the workers, I don't want the files to be listable to anyone. The…
0
votes
1 answer
Send notification when a CloudTrail event occurs for AWS SSO assume role
My requirement is to:
Trace the log event in cloud trail when a SSO user assumes a
specific role (developer-full-access) using AWS SSO home page.
Send an email notification to a destination that says which SSO user
has assumed that role.
What is…
Benjamin
- 3,499
- 8
- 44
- 77
0
votes
1 answer
PutLifecycleHook events not showing up?
I have an autoscaling group with lifecycle hooks for autoscaling:EC2_INSTANCE_LAUNCHING and autoscaling:EC2_INSTANCE_TERMINATING.
I have EventBridge configured to watch for those events and as I understand it they are supposed to go to CloudTrail. …
OPP
- 43
- 5
0
votes
1 answer
How to use CloudWatch after Control Tower version 3.0 update
We have a multi-account setup where we deployed an organizational-level CloudTrail in our root account's Control Tower.
For the newest version of the Control Tower (3.0), AWS introduced Organizational-level CloudTrail, this service deploys a…
Tegue Morrison
- 21
- 4
0
votes
1 answer
How do I edit a bucket policy deployed by organizational-level CloudTrail
we have a multi-account setup where we deployed an organizational-level CloudTrail in our root account's Control Tower.
Organizational-level CloudTrail allows us to deploy CloudTrail in each of our respective accounts and provides them the ability…
Tegue Morrison
- 21
- 4
0
votes
0 answers
AWS - Is there a way to generate a list of users who haven't accessed their account via SSO within 90 days?
I am looking to generate a list of users who haven't accessed their account via SSO in the last 90 days.
I have looked at CloudTrails and found SSO event history but it's a rather large list of users so I want to a way to filter for those who…
JayCoop
- 19
- 2
0
votes
1 answer
AWS cloud watch event pattern to detect S3 buckets creation/modification with public access
I am trying to create an AWS Cloud watch event which will trigger an email whenever a S3 bucket is created or modified to allow public access.
I have created the cloud trail, log stream and am tracking all the S3 events logs. When i am trying to…
