Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Simple browse/search into CloudTrail events

0

Hi, CloudTrail events are often very useful to find issues with IAM permissions and other things but it's impossible browse and search easily using console. I'm an old-style sysadmin and I'd like to look and "grep" into them as text files. I'd liek to search for all "errors" or "all IAM access denied". Is there some simple tool?

Argomenti
Gestione e amministrazione
Tag
AWS CloudTrail
Lingua
English
rePost-User-7835478
posta un anno fa454 visualizzazioni
3 Risposte
0

I find Athena the best way to query CloudTrail logs. See the AWS Docs for how to set this up from the CloudTrail console: https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#create-cloudtrail-table-ct

profile pictureAWS
Peter Grainger
con risposta un anno fa
  • rePost-User-7835478
    un anno fa

    I will try but I'm more comfortable with CLI tools, like AWS CLI, jq, grep, etc

0

If you are also outputting CloudTrail logs to cloudwatch logs, you can use log insights to search in a similar way to grep.

fields @timestamp, @message, @logStream, @log
| filter @message like /AccessDenied/
| sort @timestamp desc
| limit 20
profile picture
ESPERTO
Gary Mclean
con risposta un anno fa
0

Search only errors and output only chosen fields:

aws cloudtrail lookup-events --output text --region eu-central-1 --start-time 2023-03-21T09:00Z --end-time 2023-03-21T10:00Z --query 'Events[].CloudTrailEvent' | jq -r ' . | select(.errorCode != null) | [.eventTime,.eventID,.eventName,.errorCode,.errorMessage] | @csv'

in a fixed time interval.

rePost-User-7835478
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente