Stack Overflow
Stack Overflow

Questions tagged [amazon-cloudtrail]

Monitor AWS deployments in the cloud by getting a history of AWS API calls for the AWS account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. Identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.

293 questions
0
votes
0 answers

Find which instances got terminated via Athena query

I am running a query which is giving me list of instances launched for a particular month for my security group. Lets say - [A, B ,C ,D] My goal is to find what all instances got terminated also and when. Now the issue I am facing is that I don't…
D kashyap
  • 25
  • 7
0
votes
0 answers

AWS GuardDuty cost too high due to CloudTrail events analyzed

In my monthly AWS account bill, GuardDuty shows that it analyzed around 1 million CloudTrail events in the month but when I downloaded the csv with all the events for the month, the row count is close to 400,000 only. And this is a repeating pattern…
nu_popli
  • 920
  • 1
  • 7
  • 12
0
votes
2 answers

AWS notify after 3 consecutive fail sign in IAM user attempts

I got a requirement to send an alert email when an IAM user fails to login 3 times consecutively. What is the best practice to approach this?. I did research a lot and I was getting a lot saying: "listen to the sign in failed attempt event in…
Missak Boyajian
  • 1,965
  • 7
  • 32
  • 59
0
votes
1 answer

Boto3 CloudTrail API returns empty response

I am running the following code and I can see CloudTrail events in the console and also comes in the cli ( that means I using the correct token ) but the response is empty. What is the wrong in the code? Though I didn't need all regions but ran the…
Vivek
  • 657
  • 11
  • 14
0
votes
0 answers

Cloud trail event logging S3 bucket

I want to log the events when I download any file from download folder, if I download file from any other folder say upload then it should not log that event. I'm using the below code in cloud shell: aws cloudtrail put-event-selectors --trail-name…
Coding_ninja
  • 121
  • 7
0
votes
0 answers

Lambda invocations problem with PutObject from S3 bucket

I have created a Lambda function which trigger whenever there is PutObject event in S3 bucket. However, for example out of 1 million requests of S3 PutObject event only 500k times the lambda invocations happen. Ideally it should invoke exactly 1…
Amit Sharma
  • 1
  • 1
0
votes
0 answers

KMS KeyPolicy for CloudTrail read/write and EventBridge read?

I have the following resources in a CDK project: from aws_cdk import ( aws_cloudtrial as cloudtrail, aws_events as events, aws_events_targets as targets, aws_kms as kms ) #Create a Customer-Managed Key (CMK) for encrypting the CloudTrail…
allquixotic
  • 1,481
  • 2
  • 18
  • 37
0
votes
1 answer

Stop logging specific accounts in aws organizational trail

I have a CloudTrail trail for all accounts on my organization and want to stop logging for some of them. Is there any way to stop logging specific accounts not for all ?
devopsengineer
  • 7
  • 5
0
votes
0 answers

(CLOSED) AWS CloudTrail does not log all user activities?

I am currently building a simple application in my org's AWS to track SNS un-subscriptions activities. So far, I have not found any way to get SNS to trigger/create event based on unsubscription activities. The only way I thought would be possible…
Kewei
  • 15
  • 7
0
votes
1 answer

How can I get the event from cloudtrail for a codebuild project deployed?

I have a codebuild project that was deployed in AWS and executed. In cloudtrail, how can I search the codebuild project arn to find out when/who deployed the job and executed it? I have tried to search event name, source, type, but it gives me many…
Joey Yi Zhao
  • 37,514
  • 71
  • 268
  • 523
0
votes
1 answer

Using Cloudwach filter patterns to find security group have cidrIp = "0.0.0.0/0"

I'd like to create a Cloudwatch filter patterns which is look for security group rules have CIDR ="0.0.0.0/0 whenever someone create them. Let say I have a log event: "eventName": "AuthorizeSecurityGroupIngress", "awsRegion":…
Tien Dung Tran
  • 1,127
  • 4
  • 16
  • 32
0
votes
0 answers

How to configure AWS Cloud Trail to only record IAM activity

How do I configure AWS Cloud Trail to only record IAM activity? Or is it possible to extract ONLY IAM activity from a cloud trail (to be accessed by a third party)?
Alex
  • 35
  • 1
  • 5
0
votes
1 answer

How to use Cloudtrail to get who created IAM user

How to use Cloudtrail to get who created IAM user , how to get this from logs
Mohamed Salem
  • 79
  • 2
  • 4
0
votes
1 answer

Benefit of enabling AWS Cloudwatch logs for Cloudtrail?

There is an option when creating a CloudTrail trail to enable CloudWatch Logs. The description states "You can enable Sns notifications in CloudWatch Logs for specific API actions. Standard CloudWatch and CloudWatch Logs charges apply." This…
bdehmer
  • 569
  • 1
  • 6
  • 18
0
votes
1 answer

Troubleshooting KMS key policies for cross-account decryption

I have two Accounts a master account and a sub account that is used for logging. My goal is to send the CloudTrail logs from the master account to the s3 bucket in the logging account. At this point I have configured the the CloudTrail logs to point…
Evan Gertis
  • 1,796
  • 2
  • 25
  • 59
1 2 3
19 20