Stack Overflow
Stack Overflow

Questions tagged [amazon-cloudtrail]

Monitor AWS deployments in the cloud by getting a history of AWS API calls for the AWS account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. Identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.

293 questions
2
votes
4 answers

Cloudwatch Event Rule not supporting IAM events

I'm attempting to set up a Cloudwatch Event Rule to notify on any AWS IAM actions like DeleteUser or CreateUser. But when I tried to create an event pattern I couldn't find IAM in the service Name list even though when I searched in the AWS…
Jihed Zouari
  • 61
  • 5
2
votes
2 answers

How to get IAM encoded authorization message when cloudtrail cuts off at 1028 characters

I'm getting an IAM error and trying to understand which action is being denied. In my Cloudtrail event, the encoded authorization failure message cuts off at 1028 characters { "errorCode": "Client.UnauthorizedOperation", "errorMessage": "You…
maafk
  • 6,176
  • 5
  • 35
  • 58
2
votes
1 answer

AWS Athena struct not parsing JSON string

I am using AWS Athena to do some queries on AWS CloudTrail data object log entries. The first few fields in a typical log entry look like this (pretty-printed for clarity): { "Records": [ { "eventVersion": "1.08", "userIdentity":…
Dan Halbert
  • 2,761
  • 3
  • 25
  • 28
2
votes
0 answers

Launching EC2 instance doesn't record 'CreateNetworkInterface' CloudTrail entry

When launching an EC2 instance in the AWS Console I see the expected 'RunInstances' calls in CloudTrail, but I do not see 'CreateNetworkInterface' calls that EC2 makes to create the interfaces it attaches. When I create a new network interface…
brwst
  • 21
  • 1
2
votes
2 answers

Identify what SES calls are using version 2 signature logins

Like many I'm sure, we've received an email from Amazon stating: We recently observed Signature Version 2 requests on an Amazon SES SMTP endpoint originating from your account. Is there any way to identify what these calls are as we have several…
moztech
  • 430
  • 2
  • 4
  • 14
2
votes
1 answer

How to make sense out of AWS CloudTrail costs

I'm responsible for two AWS accounts where a web service is run in two different environments. I'm now trying to have a look at cutting costs, and I'm a bit confused as to how to make sense of the CloudTrail costs, i.e., break it down into different…
JHH
  • 8,567
  • 8
  • 47
  • 91
2
votes
2 answers

is there a way to set alarm for inactive aws user

Is there any way to set an alarm for AWS users that been inactive for e.g. 60 days? I mean I need an alarm to be created which will send notification if an AWS user account have been inactive for a period of time
Joe
  • 39
  • 3
2
votes
1 answer

AWS CloudTrail: Can I disable S3 storage for trails, since I'm using CloudWatch

When setting up CloudTrail, you must specific a S3 bucket to store the data in. Since I'm using CloudWatch (and CloudWatch metrics/alarms) for storage, I do not believe that I also need to store the data redundantly in S3. Is there a reason even…
contactmatt
  • 18,116
  • 40
  • 128
  • 186
2
votes
1 answer

How long does it take for a cloudtrail event to get updated in AWS console cloudtrail lookup?

I have a situation where I need to get all the events that has happened under a user name in AWS account. I tried using boto3 client's lookup_events() function to get all the events in last hour. But it looks like some events are not updated…
Underoos
  • 4,708
  • 8
  • 42
  • 85
2
votes
0 answers

How to find the user ID that created a snapshot?

Currently, I have about 620 snapshots. I am attempting to figure out the different user IDs that created them all. Using the boto3 code (below), I see there are about 150 snapshots with an ID associated with it. Why don't I see any IDs for the…
Tennis Smith
  • 451
  • 6
  • 14
2
votes
1 answer

cloudtrail log using cloudformation template

In cloud-trail, I can select the existing log group CloudTrail/DefaultLogGroup under CloudWatch Logs section. Is it possible to complete this step using cloudformation Template?
shantanuo
  • 31,689
  • 78
  • 245
  • 403
2
votes
1 answer

CloudTrail - sourceIPAddress field in CloudTrail management event

Below is the event I received in S3 logs generated by CloudTrail: { "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "AID...HVRL", "arn": "arn:aws:iam::233333337:user/Administrator", …
overexchange
  • 15,768
  • 30
  • 152
  • 347
2
votes
1 answer

Elasticsearch Field limit more than 1000

Can someone assist please. I need to fix the error so CloudTrail log in S3 can be shipped to Logstash the ES and viewed in Kibana. Can't figure out how to increase the field limit to something higher. My configuration looks like input { s3 { …
tripleb
  • 67
  • 2
  • 2
  • 10
2
votes
2 answers

CloudWatch not receiving Cloudtrail logs from outside region

I am struggling with detecting activities performed outside of a given region in CloudWatch. For example, if an InternetGateway is created in the same region as the CloudWatch Event (let's say eu-central-1), it is detected by CloudWatch, however if…
Adrien Merlier
  • 301
  • 2
  • 5
  • 16
2
votes
1 answer

AWS Config - who made the change

Based on AWS Docs - it seems Config tells you about configuration changes made, but not who made them actually. Is that true? If how do we find who made the change - Cloud Trail? Can I simply use Cloud Trail only,on its own without using Config,-…
Sam-T
  • 1,877
  • 6
  • 23
  • 51
1 2 3
19 20