Difference between revisions of "AWS CloudTrail Lake"
Jump to navigation
Jump to search
↑ https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/
Line 9: | Line 9: | ||
[[Enable cross-account queries on AWS CloudTrail lake using delegated administration from AWS Organizations]] | [[Enable cross-account queries on AWS CloudTrail lake using delegated administration from AWS Organizations]] | ||
+ | |||
+ | |||
+ | {{Data lake example query}} | ||
== See also == | == See also == |
Latest revision as of 06:27, 11 July 2024
wikipedia:AWS CloudTrail Lake (Jan 2022 [1]) https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/
aws cloudtrail update-trail --name my-trail --is-organization-trail
Enable cross-account queries on AWS CloudTrail lake using delegated administration from AWS Organizations
select userIdentity.arn as user, element_at(requestParameters, 'bucketName') as bucket, element_at(requestParameters, 'key') as key, count(*) as attempts from xxxxx-yyyyy-xxxxx-zzzz-xxxxx where eventSource = 's3.amazonaws.com' and eventName = 'GetObject' and userIdentity.arn = 'arn:aws:sts::0987654321:assumed-role/your-role/[email protected]' group by 1, 2, 3 order by attempts desc
See also[edit]
- AWS CloudTrail, AWS CloudTrail Insights, CloudTrail Events, AWS CloudTrail Lake, Terraform, Best practices, Datadog SIEM Content Packs for Cloudtrail
Advertising: