Stack Overflow
Stack Overflow

Questions tagged [amazon-cloudtrail]

Monitor AWS deployments in the cloud by getting a history of AWS API calls for the AWS account, including API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services. Identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred.

293 questions
1
vote
1 answer

whether it is necessary to update the partitions if the schema remains the same, but new data is added

I'd like to monitor/analyze CloudTrail log files which are stored at S3 bucket. So, I read AWS docs about how CloudTrail and Athena works, and for optimization of Athena queries I decided to create some partitions. Here is example of structure of…
Alex Fomin
  • 195
  • 2
  • 12
1
vote
1 answer

AWS CloudTrail Insights vs GuardDuty

CloudTrail Insights identifies any anomalies in the CloudTrail Events. And out of all the inputs to the GuardDuty, CloudTrail Events is one of it. Looks like both CloudTrail Insights and GuardDuty provide similar service. Would like to know the…
Praveen Sripati
  • 32,799
  • 16
  • 80
  • 117
1
vote
1 answer

AWS configure cloud watch/trail to monitor for 'AccessDenied' and 'UnauthorizedOperation' errors

I'd like to setup some monitoring for capturing access denied and unauthorized operation errors in my AWS account. I'd like to capture all of these events across different AWS services but have run into some issues. I've initially setup some a…
MattLock
  • 174
  • 3
  • 17
1
vote
1 answer

I want to import aws cloudtrail eventTime through logstash

I want to import aws cloudtrail eventTime through logstash. Works well but fails to get eventTime. my logstash.conf input { s3 { bucket => "xxxxx" prefix => "xxxxx" sincedb_path => "/etc/logstash/sincedb/cloudtrail" …
loanshark
  • 105
  • 2
  • 8
1
vote
1 answer

EventBridge responseElements too large

EventBridge/CloudTrail pass the below json string to my lambda function when the results get too long. Is there anyway to view the responseElements like paginators or NextToken? "responseElements":{ "omitted":true, "originalSize":175918, …
mRyan
  • 332
  • 4
  • 18
1
vote
1 answer

How to read tags of any event in Lambda (AWS service)

Is it possible to read tags of any event captured by CloudTrail in Lambda function?
SurajChavan
  • 21
  • 3
1
vote
0 answers

Event Pattern in EventBridge Rule for DMS

I have a DMS task, and I want to create a Event Based EventBridge Rule when the DMS Replication Task starts a load. My initial Event Pattern was as follows and it triggered the target: { "source": ["aws.dms"], "detail-type": ["AWS API Call via…
Gunjan Khandelwal
  • 179
  • 1
  • 2
  • 13
1
vote
2 answers

AWS S3 amount of data downloaded by an IAM user

The Problem statement is like how can one person audit the amount of data out/downloaded from AWS s3 by an IAM user. On a explanatory note in my company from a long time billing is exceeding due to AWS S3 data download but I am unable to find out…
Vanshika Sharma
  • 11
  • 2
1
vote
2 answers

AWS Cloudtrail Event for S3 Bucket in Terraform

I had quite a hard time setting up an automization with Beanstalk and Codepipeline... I finally got it running, the main issue was the S3 Cloudwatch event to trigger the start of the Codepipeline. I missed the Cloudtrail part which is necessary and…
can-I-do
  • 57
  • 2
  • 7
1
vote
1 answer

JSON Input Transformer Path Specification

I am trying to transform the following JSON log: (AWS CloudWatch/Trail if it matters) { "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "xxx", "arn": "arn:aws:iam::xxx", …
user14960507
1
vote
1 answer

Incorrect S3 bucket policy is detected for bucket in Boto3

I have been working on setting up CloudTrail for an IAM user using Boto but I have run into an error: An error occurred (InsufficientS3BucketPolicyException) when calling the CreateTrail operation: Incorrect S3 bucket policy is detected for bucket:…
user14226172
1
vote
1 answer

AWS CloudTrail custom selector for Data events

I would like to enable CloudTrail Data Events just for Delete events for just couple of S3 buckets. I have the following selector: [ { "name": "Deletes CT selector", "fieldSelectors": [ { "field": "eventCategory", …
B. Pesevski
  • 461
  • 1
  • 3
  • 9
1
vote
2 answers

Moving specific Logs from AWS Cloudtrail to S3

tI want to send a Cloudtrail log (Specifically when an secrets manager key rotates) to an S3 bucket. We already have the logs in Cloudtrail, is there an easy way to configure Cloudtrail to send these logs to S3 as soon as it happens? I was thinking…
Lucas M.
  • 53
  • 6
1
vote
2 answers

How to check from cloud trail deleted policies?

We have one role which has 8 policies attached to it. One policy has been removed by someone, now how to identify when it was removed. How to check from cloud trail?
bamishr
  • 410
  • 1
  • 6
  • 23
1
vote
1 answer

How to get list of users who are accessing the objects in S3 Buckets?

Scenario: My client have 80+ S3 Buckets and 1000+ applications is running in their AWS account. I want to get the list of IAM users/roles who are accessing the objects in all the S3 Buckets. Method 1: Initially I tried to fetch it from CloudTrail…
BharathKumarMurugan
  • 397
  • 4
  • 15
1 2 3
19 20