nijave · April 30, 2021 17:25
diff --git a/s3_access_log_summary.py b/s3_access_log_summary.py
 #!/usr/bin/env python3

 import os
 import re

 # Reference https://stackoverflow.com/questions/7961316/regex-to-split-columns-of-an-amazon-s3-bucket-log
 parse = re.compile(r"([^\s\"\[\]]+|\[[^\]\[]+\]|\"[^\"]+\")\s+")

 logs = (
  l.strip()
  # Get lines from files in current working directory
  for contents in (open(fn, "r").read() for fn in os.listdir())
  for l in contents.splitlines()
 )

 for line in logs:
  matches = parse.findall(line)
  ts = matches[2]
  user = matches[4]
  action = matches[6]
  obj = matches[8]

  # Filter out certain principals
  if any(s in user for s in ("my-iam-user-or-session", "AWS-Crawler", "ConfigRecorderRole", "svc:s3.amazonaws.com")):
    continue

  print(ts, user, action, obj)
	#!/usr/bin/env python3

	import os
	import re

	# Reference https://stackoverflow.com/questions/7961316/regex-to-split-columns-of-an-amazon-s3-bucket-log
	parse = re.compile(r"([^\s\"\[\]]+\|\[[^\]\[]+\]\|\"[^\"]+\")\s+")

	logs = (
	l.strip()
	# Get lines from files in current working directory
	for contents in (open(fn, "r").read() for fn in os.listdir())
	for l in contents.splitlines()
	)

	for line in logs:
	matches = parse.findall(line)
	ts = matches[2]
	user = matches[4]
	action = matches[6]
	obj = matches[8]

	# Filter out certain principals
	if any(s in user for s in ("my-iam-user-or-session", "AWS-Crawler", "ConfigRecorderRole", "svc:s3.amazonaws.com")):
	continue

	print(ts, user, action, obj)