| { | |
| "allowed": false, | |
| "explicitDeny": true, | |
| "matchedStatements": { | |
| "items": [ | |
| { | |
| "statementId": "AllowUserAgent", | |
| "effect": "DENY", | |
| "principals": { | |
| "items": [] |
| { | |
| "eventVersion": "1.08", | |
| "userIdentity": { | |
| "type": "IAMUser", | |
| [...] | |
| }, | |
| "eventTime": "2021-08-12T05:06:27Z", | |
| "eventSource": "s3.amazonaws.com", | |
| "eventName": "PutObject", | |
| "awsRegion": "ap-southeast-2", |
| ################################################# | |
| # This query can be used as a guide for scoping a role down to permissions it actually uses. | |
| # Note that API calls dont have a 1:1 mapping to IAM permissions but the output is a good guide on what is required | |
| # for the role to work based on previous data | |
| # For my use case - I had S3 data events being logged so I list S3 bucket and Key down to 2 levels as well | |
| # Change line 15 as needed. | |
| ################################################# | |
| fields eventName,userIdentity.arn | |
| | parse @message '"resources":[*]' as resource |
$ aws ec2 describe-images --owners 309956199498 --query "reverse(sort_by(Images, &CreationDate)[*].[CreationDate,Name,ImageId])[:2]" --filters "Name=name,Values=RHEL-7.?*GA*" --region ap-southeast-2 --output tableLink to JMESPath cheatsheet: https://gist.github.com/magnetikonline/6a382a4c4412bbb68e33e137b9a74168