By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ListInsights Event tagged as readOlny False

0
{
    "eventVersion": "1.08",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "AIDA42S2XXXXXXXXXX",
        "arn": "arn:aws:iam::8817318XXXXX:user/XXXXXXX",
        "accountId": "881731855274",
        "accessKeyId": "ASIAXXXXXXXXXXXXXXX",
        "userName": "XXXXXXX",
        "sessionContext": {
            "sessionIssuer": {},
            "webIdFederationData": {},
            "attributes": {
                "creationDate": "2024-01-28T19:18:05Z",
                "mfaAuthenticated": "true"
            }
        }
    },
    "eventTime": "2024-01-29T05:43:57Z",
    "eventSource": "eks.amazonaws.com",
    "eventName": "ListInsights",
    "awsRegion": "ap-south-1",
    "sourceIPAddress": "122.161.49.188",
    "userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0",
    "requestParameters": {
        "filter": {
            "categories": [
                "UPGRADE_READINESS"
            ]
        },
        "name": "finaltest1"
    },
    "responseElements": {
        "insights": []
    },
    "requestID": "b0fecc33-61f4-44ff-a3e0-7c5ca80007cd",
    "eventID": "64b59568-39b5-4a9a-96e1-88a47c59e330",
    "readOnly": false,
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "881731855274",
    "eventCategory": "Management"
}

ListInsights event tagged as write event.

Topics
ContainersManagement & Governance
Tags
Amazon Elastic Kubernetes ServiceAWS CloudTrailAmazon EKS Anywhere
Language
English
akshay-jain
asked 3 months ago147 views
1 Answer
0

In the context of CloudTrail logging, the distinction between read and write events is based on the impact of the API call rather than the specific action performed.

In this case, even though the "ListInsights" action itself is a read operation (fetching information), it may be categorized as a write event because the API call has the potential to modify the state of the AWS environment indirectly. For example, if the user listing insights triggers subsequent actions based on the retrieved information, such as initiating upgrades or making configuration changes, these subsequent actions could be considered write operations.

Additionally, CloudTrail event categorization may not always perfectly align with the semantics of individual API actions, and certain actions may be classified differently based on AWS's internal criteria for event categorization.

In summary, the "ListInsights" event may be tagged as a write event due to its potential to impact the state of the AWS environment indirectly, even though the action itself is a read operation.

profile picture
EXPERT
Giovanni Lauria
answered 24 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content