AWS CloudTrail Lake

wikipedia:AWS CloudTrail Lake (Jan 2022 ^[1]) https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/

aws cloudtrail update-trail --name my-trail --is-organization-trail

Enable cross-account queries on AWS CloudTrail lake using delegated administration from AWS Organizations

 select userIdentity.arn as user,
   element_at(requestParameters, 'bucketName') as bucket,
   element_at(requestParameters, 'key') as key,
   count(*) as attempts
from xxxxx-yyyyy-xxxxx-zzzz-xxxxx
where eventSource = 's3.amazonaws.com'
   and eventName = 'GetObject'
   and userIdentity.arn = 'arn:aws:sts::0987654321:assumed-role/your-role/[email protected]'
group by 1,
   2,
   3
order by attempts desc

See also[edit]

AWS CloudTrail, AWS CloudTrail Insights, CloudTrail Events, AWS CloudTrail Lake, Terraform, Best practices, Datadog SIEM Content Packs for Cloudtrail

↑ https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/

[1]

AWS CloudTrail Lake

See also[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools