amazon-cloudtrail | 易学教程

AWS CloudWatch Events trigger SNS on STS role assuming for cross account

阅读更多关于 AWS CloudWatch Events trigger SNS on STS role assuming for cross account

问题 I have a cross-account architecture and I'm setting up a CloudWatch event for the STS role assuming into another account. I have CloudTrail enabled on the account, the logs from CloudTrail are stored in a separate accounts s3 bucket. The SNS feeds into SES to send an email upon assumption. For some reason, this event pattern won't trigger when the role is assumed! Any ideas? { "source": [ "aws.sts" ], "detail-type": [ "AWS API Call via CloudTrail" ], "detail": { "eventSource": ["sts.amazonaws

Amazon AWS: How to get details of terminated EC2 instance from instance id

阅读更多关于 Amazon AWS: How to get details of terminated EC2 instance from instance id

问题 One of our EC2 instance went missing from running instance list, probably it got terminated accidentally by someone. In cloudtrail events, I can see some terminate instance events along with event time, user and instance id's which got terminated. Problems is, as instances are already terminated I am not able to find more details of those instances using instance id. I am interested in more details such as ami, key pair, tags. Is there a way to get these details for terminated instance? 回答1:

Getting CloudTrail Logs into Logstash

阅读更多关于 Getting CloudTrail Logs into Logstash

问题 I am trying to get logs from ClouldTrail into ElasticSearch so that we can see what is going on in our AWS account better. I have set up both Logstash and ElasticSearch on my machine (Ubuntu 14.04), and can push text from stdin to ElasticSearch. However when I try to use the S3 input nothing is added to ElasticSearch. Here is the conf file Im using, I have removed my amazon keys input { s3 { bucket => 'ko-cloudtrail-log-bucket' secret_access_key => '' access_key_id => '' delete => false

Who created an Amazon EC2 instance using Boto and Python?

阅读更多关于 Who created an Amazon EC2 instance using Boto and Python?

问题 I want to know who created a particular instance. I am using Cloud Trail to find out the statistics, but I am not able to get a particular statistics of who created that instance. I am using Python and Boto3 for finding out the details. I am using this code- Lookup events() from Cloud trail in boto3, to extract the information about an instance. ct_conn = sess.client(service_name='cloudtrail',region_name='us-east-1') events=ct_conn.lookup_events() 回答1: I found out the solution to the above

Who created an Amazon EC2 instance using Boto and Python?

阅读更多关于 Who created an Amazon EC2 instance using Boto and Python?

I want to know who created a particular instance. I am using Cloud Trail to find out the statistics, but I am not able to get a particular statistics of who created that instance. I am using Python and Boto3 for finding out the details. I am using this code- Lookup events() from Cloud trail in boto3, to extract the information about an instance. ct_conn = sess.client(service_name='cloudtrail',region_name='us-east-1') events=ct_conn.lookup_events() upaang saxena I found out the solution to the above problem using lookup_events() function. ct_conn = boto3.client(service_name='cloudtrail',region

Amazon AWS: How to get details of terminated EC2 instance from instance id

阅读更多关于 Amazon AWS: How to get details of terminated EC2 instance from instance id

One of our EC2 instance went missing from running instance list, probably it got terminated accidentally by someone. In cloudtrail events, I can see some terminate instance events along with event time, user and instance id's which got terminated. Problems is, as instances are already terminated I am not able to find more details of those instances using instance id. I am interested in more details such as ami, key pair, tags. Is there a way to get these details for terminated instance? If the instance was started in the last 90 days, you can get the information you want from Cloudtrail

stream logs to elastic using cloudformation template

阅读更多关于 stream logs to elastic using cloudformation template

问题 Cloudtrail default logs can be streamed to elasticsearch domain as shown in this image. How do I achieve this using cloudformation template? 回答1: Update: If you are using aws-cli, take a look at my answer here. Well, after a few hours of exploring and reading a lot of documentation I finally succeeded to create this template. Designer Overview : In order to enable the stream logs to elasticsearch we need to create the following resources: The lambda function will forward the logs from