ento · May 25, 2018 17:16
diff --git a/cloudtrail_overview.sh b/cloudtrail_overview.sh
 #!/bin/bash

 set -euo pipefail
 IFS=$'\n\t'

 if [ "$#" -ne 2 ]; then
    echo 'print CloudTrail event counts by username in all regions for the given time range.'
    echo 'usage:'
    echo "  $0" 'start-time end-time'
    echo 'example:'
    echo "  $0" '$(date --date=yesterday --iso-8601=seconds) $(date --date=now --iso-8601=seconds)'
    exit 1
 fi

 start_time=$1
 end_time=$2

 echo --start-time $1
 echo --end-time $2
 echo

 regions=$(aws ec2 describe-regions --query Regions[].RegionName --output text)
 for region in $regions; do
    echo $region -------------------------------------------------------------
    aws --region $region cloudtrail lookup-events \
        --no-paginate \
        --query 'Events[].[Username,EventName]' \
        --output text \
        --start-time "$start_time" \
        --end-time "$end_time" \
        | sort | uniq -c
    echo
 done
	#!/bin/bash

	set -euo pipefail
	IFS=$'\n\t'

	if [ "$#" -ne 2 ]; then
	echo 'print CloudTrail event counts by username in all regions for the given time range.'
	echo 'usage:'
	echo " $0" 'start-time end-time'
	echo 'example:'
	echo " $0" '$(date --date=yesterday --iso-8601=seconds) $(date --date=now --iso-8601=seconds)'
	exit 1
	fi

	start_time=$1
	end_time=$2

	echo --start-time $1
	echo --end-time $2
	echo

	regions=$(aws ec2 describe-regions --query Regions[].RegionName --output text)
	for region in $regions; do
	echo $region -------------------------------------------------------------
	aws --region $region cloudtrail lookup-events \
	--no-paginate \
	--query 'Events[].[Username,EventName]' \
	--output text \
	--start-time "$start_time" \
	--end-time "$end_time" \
	\| sort \| uniq -c
	echo
	done