Monitor AWS deployments in the cloud by getting a history of AWS API calls for the AWS account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. Identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.
Questions tagged [amazon-cloudtrail]
293 questions
0
votes
1 answer
AWS Lambda function to enable Default Encryption on bucket creation
I want to write a lambda function with Python, to enable S3 bucket default encryption, if the newly created bucket is not encryption enabled
Need to have following steps
Trigger Lambda function when new S3 bucket is created
If Default encryption is…
Ruwan Vimukthi Mettananda
- 27
- 1
- 6
0
votes
1 answer
AWS Automated DBSnapshot (System) in CloudTrail event
I'm looking at triggering a lambda when a new automated DB Snapshot is available in RDS (System ones instead of Manual ones). Although after digging in CloudTrail, I don't see any events marked as follow (AWS Sample):
{
"version": "0",
"id":…
Oli at cdcloudlogix.com
- 141
- 9
0
votes
1 answer
How can I look up all CloudTrail events from all regions using boto3?
I have a quick question about how to get all CloudTrail events from all regions with boto3.
When I run the following script, it only lists up the instances from the CloudTrail home region (which means the region that CloudTrail was…
Trey Yi
- 69
- 6
0
votes
1 answer
Cloudtrail logs is turned off for your account
I'm trying to trigger AWS Step Function whenever a new file is uploaded on S3 bucket. I'm using Cloudwatch rules to do this but I'm getting this warning
I tried to follow AWS documentation link…
Abdul Haseeb
- 442
- 4
- 22
0
votes
1 answer
How to remove region from an Amazon S3 website endpoint url?
I am trying to build a static website with Amazon S3.
I am using east-1 (N. Virginia) as my region but the website getting an error.
http://s3.amazonaws.com/egiig/index.html is my website.
For reference please…
Anup Kumar
- 51
- 8
0
votes
1 answer
Know when AWS SNS topic was created
Is there any way to know when AWS SNS topic was created?
For example, EC2 gives this info in AWS console ("Launch time" field in "Instance details" tab):
But SNS doesn't provide this info about topic:
I tried CloudTrail but its event history is…
Alex Kuchin
- 101
- 5
0
votes
2 answers
How to find terminated instances based on IP address in AWS CloudTrail
I am trying to find a terminated EC2 instance in CloudTrail based on a Primary Private IP, but no luck.
I also tried looking at AWS Config resource timeline. Not savvy with AWS Config Advance queries either. Even in that case I would need to look…
Ex-machina
- 1
- 3
0
votes
1 answer
Pulumi - Creating S3 bucket policy for CloudTrail logs - Invalid resource
I am using Pulumi (Python) and trying to create a bucket for AWS CloudTrail logs. I based my code off this example. I keep getting the following error: Error putting S3 policy: MalformedPolicy: Policy has invalid resource
import pulumi
import…
srubs
- 13
- 3
0
votes
1 answer
Cloudtrail to Logstash automatic roll over on prefix date
I am trying to ingest cloudtrail logs to logstash to detect a certain event. I have installed logstash-codec-cloudtrail plugin and was able to ingest cloudtrail logs if i point to a specific folder.
Currently i am ingesting it…
Tsu Wei Quan
- 335
- 1
- 5
- 19
0
votes
0 answers
AWS EventBridge Cloudtrail Log ResponeElement Tag
I'm trying to get the alert which the user fails to log in to the AWS console.
I wrote the event bridge rule based on the cloud trail log.
Raw Log
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId":…
T Paul Manohar
- 15
- 6
0
votes
2 answers
How to read log file from s3 (cloudtrail) in Lambda function
I have just started using aws and have no idea on how to read log files in lambda from s3 that have been created by CloudTrail (using python-boto3)
SWASTIK
- 1
0
votes
1 answer
Password change in AWS - alarm via CloudWatch or CloudTrail?
I ws surprised to see an example of a password change in AWS being shown as being part of AWS CloudWatch. I would have thought this was a thing for CloudTrail.
What am I missing here? Can it be in both?
thebluephantom
- 16,458
- 8
- 40
- 83
0
votes
1 answer
Delete CloudTrail along with the S3 bucket attached to it using Boto3
I am working on a python script to delete a CloudTrail along with the S3 bucket associated with it, I am not getting any error but the code also does not delete the S3 bucket.I am able to delete the cloudtrail. This is the code that I have:
def…
Pranay Singh Parihar
- 67
- 8
0
votes
1 answer
filtering outputs from aws cloudtrail lookup-events
I ran
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName, AttributeValue=CreateKeyPair
and was able to view the cloud trail events related to this event name. I have 100's of these events and the output is a dictionary. How do i…
Choolai Raj
- 111
- 2
- 8
0
votes
0 answers
Cross Account Cloudtrail log transfer through Cloudwatch and Kinesis data stream
I am using Cloudwatch subscriptions to send over cloudtrail log of one account into another. The Account receiving the logs has a Kinesis data stream which receives the logs from the cloudwatch subscription and invokes the standard lambda function…
abhinav singh
- 1,024
- 1
- 12
- 34