Monitor AWS deployments in the cloud by getting a history of AWS API calls for the AWS account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. Identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.
Questions tagged [amazon-cloudtrail]
293 questions
0
votes
2 answers
Filter out certain events from CloudTrail
My ultimate goal is to build an workflow whereby we can collect Quicksight related events and then visualize them in Quicksight itself (basically to see dashboard/user usage). This is all helpfully described on the AWS Blog…
ben890
- 1,097
- 5
- 25
- 56
0
votes
0 answers
AWS CloudTrail event referenced resources parsing
In CloudTrail, the referenced resources section behaves in unexpected ways. For example, in the CreateUser event, there are 3 referenced resources, but they all actually point to the same user. This makes it difficult to parse programatically. On…
Idan
- 5,365
- 5
- 24
- 28
0
votes
1 answer
Extract key values from CloudTrail Lookup-Events from AWS-CLI using jq
i ran the command to get the lookup-events for ConsoleLogin activities in AWS Account.I want to extract the key values for mfaAuthenticated , eventSource and eventType from this given json output
The output i got from the above command
{
…
danish
- 3
- 1
0
votes
1 answer
Not finding request id in aws cloud trail
I am trying to debug a pipeline failing one of its action with an error 403.
I am reaching cloud trail to find more detail about the action, but I can not find the event linked to the request. When I search in cloud trail for the request id, it…
Djoby
- 602
- 1
- 6
- 22
0
votes
0 answers
How to locate full set of headers and values, the X-Forwarded-For list of IPs in AWS
How to Locate a specific request in AWS,
Request on 2022-11-17T17:07:52.037Z
General:
Request URL: https://0712f1246-1104-y-https-www-abc-com.pblbci.ekb.eg/access
HTTP Version: HTTP/1.1
Request method: GET
Remote Address: 195.41.20.252
I am looking…
sam23
- 57
- 5
0
votes
1 answer
Does All AWS resource CRUD operation update Cloud trail / Cloud Watch
I am writing an application to monitor my resources in AWS. If any changes happen to my resources in Cloud either manually or due to some other changes in Cloud, I need to monitor my application and pull the latest changes.
Want to know, All…
0
votes
0 answers
Lookup API's Request-Response time is too high for region us-east-1
As I am trying to fetch the audit events of the last 90 days through the Lookup API of CloudTrail with java SDK V2.
Currently, I am fetching the audit events for 2 regions: ap-south-1 and us-east-1
I have analyzed and collected some statistics as…
Parth Dadhaniya
- 11
- 2
0
votes
2 answers
How to Monitor EKS Node group Status in CloudWatch
I'm currently trying to monitor the EKS Node group status, sometimes my node groups show degraded and I want a CloudWatch alert whenever the status is in a Degraded state, I checked CloudWatch Metrics there are no standard metrics, and even I'm…
sachin_ur
- 2,375
- 14
- 27
0
votes
1 answer
Are multi-region KMS keys required for encrypting a multi-region CloudTrail trail?
I have a multi-region trail defined with Terraform that I'm trying to encrypt with KMS. My trail covers four AWS regions: us-east-1, us-west-2, eu-west-2, and eu-central-1 and I'm creating a KMS key for encrypting the log files and adding the…
Code Goose
- 87
- 1
- 6
0
votes
0 answers
How can I be alerted if a Fargate RunTask triggered by EventBridge fails
We have very bursty load and use EventBridge to trigger tasks. Sometimes this fails silently. There is no failed invocations in the EventBridge rule. CloudTrail shows RunTask is executed. There is no corresponding CreateLogStream (or for that matter…
Knut Hellan
- 71
- 1
- 8
0
votes
0 answers
How to track AssumeRole events?
I've followed this documentation of AWS And I was just trying to assume some role "TempRole" and using this TempRole I performed some activities like ListBucket using AWS CLI. I was able to track my activities of the assumed role using accessKeyId,…
JPanchal
- 1
0
votes
0 answers
Empty data in username and access key columns
I am using CloudTrail to track the events in our AWS environment. Went under dashboard, clicked "View full Event history", then clicked on "Download Events", then "Download as CSV".
It generated a big file and I can see all the events that occurred…
Tina
- 41
- 3
0
votes
0 answers
How to get user history - SignIn, SignOut, Ip, location, Device name and browser from AWS CLoud
As a beginner, I am trying to fetch Cognito-user history SignIn, SignOut Time, Ip, location, Device name, and browser from AWS Cloud. I tried by looking if there were any Cloudwatch Metrics that I could fetch it using boto3. After then I looked at…
Siranjeevi
- 11
- 3
0
votes
2 answers
Cloudwatch alarm for IAM Policies changes doesn't work
I'm just trying to create fully functional alarm that will change state if there's any IAM Policies changes will be made.
Create an S3 Bucket for Cloudtrail logs.
Create trail in Cloudtrail.
Add Metric…
Igor
- 13
- 4
0
votes
0 answers
Find the User who is Running AWS Athena Query Monitoring Via Cloudwatch. or Cloud Trail
was checking is their a better way to Find out who is running the big expensive queries via Athena (AWS) if possible set some rule or Alarm and send an email to that User.
Any Suggestion would be helpful.
