Skip to content

Instantly share code, notes, and snippets.

@AstroTom
Last active May 23, 2022 13:59
Show Gist options
  • Save AstroTom/d160e9f10780d0350a1e4429da6dd96c to your computer and use it in GitHub Desktop.
Save AstroTom/d160e9f10780d0350a1e4429da6dd96c to your computer and use it in GitHub Desktop.
AWS collect CloudTrail Events in all regions. More general form of aws-list-by-region.sh that handles quoted args. Need to set the times to your needs. Based on Script from Avi K.
#
# This only collecting the non read-only actions. This will save a lot of time and space. If you want all events simple remove the --lookup-attributes and the arg.
#
CMD='cloudtrail lookup-events --lookup-attributes AttributeKey=ReadOnly,AttributeValue=false --start-time "2022-03-31, 00:00" --end-time "2022-04-03, 23:59" '
for region in $(aws ec2 describe-regions --output text | awk {'print $4'})
do
echo $region && eval aws --region $region "$CMD" |tee trail.$region.json.log
done
@AstroTom
Copy link
Author

see also aws-list-by-region.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment