Last active
April 3, 2026 09:52
-
-
Save AstroTom/d160e9f10780d0350a1e4429da6dd96c to your computer and use it in GitHub Desktop.
AWS collect CloudTrail Events in all regions. More general form of aws-list-by-region.sh that handles quoted args. Need to set the times to your needs. Based on Script from Avi K.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This only collecting the non read-only actions. This will save a lot of time and space. | |
| # If you want all events simple remove the --lookup-attributes and the arg. | |
| # | |
| # To generate the time string use somethng like: | |
| # date -d "2 days ago" +"%Y-%m-%d, %H:%M" | |
| # If you don't limit the time range the command will likely timeout. | |
| # | |
| # Can also add --end-time | |
| #CMD='cloudtrail lookup-events --lookup-attributes AttributeKey=ReadOnly,AttributeValue=false --start-time "2022-03-31, 00:00" "2022-04-03, 23:59" ' | |
| DAYS_AGO=1 | |
| CMD='cloudtrail lookup-events --lookup-attributes AttributeKey=ReadOnly,AttributeValue=false --start-time "$(date -d "$DAYS_AGO days ago" +"%Y-%m-%d, %H:%M")" ' | |
| for region in $(aws ec2 describe-regions --output text | awk {'print $4'}) | |
| do | |
| echo $region && eval aws --region $region "$CMD" |tee trail.$region.json.log | |
| done |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
see also
aws-list-by-region.shhttps://gist.github.com/AstroTom/390b9f60919781a4019efd40d014c9e5#file-aws-list-by-region-sh