Skip to content

Instantly share code, notes, and snippets.

@aidansteele

aidansteele/anon-http.json

Last active February 10, 2025 05:54
Show Gist options
  • Save aidansteele/31d6055de2ec98e31807fdf96511b4c6 to your computer and use it in GitHub Desktop.
Save aidansteele/31d6055de2ec98e31807fdf96511b4c6 to your computer and use it in GitHub Desktop.
Download ZIP
comparison of s3:GetObject cloudtrail events when an object is accessed via cloudfront
Raw
anon-http.json
{
"additionalEventData": {
"bytesTransferredIn": 0,
"bytesTransferredOut": 339117,
"x-amz-id-2": "Plk5qxp4LoJpRJEteWviQ6J7sEr+Fvx5sn0fUbvBq6cUIexQbZm6lSzeW5e5TNss1l/5cxDmUDPXeKJu12KTmg=="
},
"awsRegion": "us-east-1",
"eventCategory": "Data",
"eventID": "8d96391c-83f4-3491-bb84-4b389122ffb9",
"eventName": "GetObject",
"eventSource": "s3.amazonaws.com",
"eventTime": "2025-02-10T05:04:32Z",
"eventType": "AwsApiCall",
"eventVersion": "1.11",
"managementEvent": false,
"readOnly": true,
"recipientAccountId": "123456789012",
"requestID": "HQJGBHZK9QH33KG7",
"requestParameters": {
"Host": "bucket-name.s3.us-east-1.amazonaws.com",
"bucketName": "bucket-name",
"key": "sitemap.xml"
},
"resources": [
{
"ARN": "arn:aws:s3:::bucket-name/sitemap.xml",
"type": "AWS::S3::Object"
},
{
"ARN": "arn:aws:s3:::bucket-name",
"accountId": "123456789012",
"type": "AWS::S3::Bucket"
}
],
"responseElements": null,
"sharedEventID": "66921111-090f-45c8-a6bf-b9e34cd87b10",
"sourceIPAddress": "3.172.26.36",
"tlsDetails": {
"clientProvidedHostHeader": "bucket-name.s3.us-east-1.amazonaws.com"
},
"userAgent": "[Amazon CloudFront]",
"userIdentity": {
"accountId": "anonymous",
"principalId": "",
"type": "AWSAccount"
}
}
Raw
anon-https.json
{
"additionalEventData": {
"CipherSuite": "TLS_AES_128_GCM_SHA256",
"bytesTransferredIn": 0,
"bytesTransferredOut": 339117,
"x-amz-id-2": "Plk5qxp4LoJpRJEteWviQ6J7sEr+Fvx5sn0fUbvBq6cUIexQbZm6lSzeW5e5TNss1l/5cxDmUDPXeKJu12KTmg=="
},
"awsRegion": "us-east-1",
"eventCategory": "Data",
"eventID": "8d96391c-83f4-3491-bb84-4b389122ffb9",
"eventName": "GetObject",
"eventSource": "s3.amazonaws.com",
"eventTime": "2025-02-10T05:04:32Z",
"eventType": "AwsApiCall",
"eventVersion": "1.11",
"managementEvent": false,
"readOnly": true,
"recipientAccountId": "123456789012",
"requestID": "HQJGBHZK9QH33KG7",
"requestParameters": {
"Host": "bucket-name.s3.us-east-1.amazonaws.com",
"bucketName": "bucket-name",
"key": "sitemap.xml"
},
"resources": [
{
"ARN": "arn:aws:s3:::bucket-name/sitemap.xml",
"type": "AWS::S3::Object"
},
{
"ARN": "arn:aws:s3:::bucket-name",
"accountId": "123456789012",
"type": "AWS::S3::Bucket"
}
],
"responseElements": null,
"sharedEventID": "66921111-090f-45c8-a6bf-b9e34cd87b10",
"sourceIPAddress": "3.172.26.36",
"tlsDetails": {
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bucket-name.s3.us-east-1.amazonaws.com",
"tlsVersion": "TLSv1.3"
},
"userAgent": "[Amazon CloudFront]",
"userIdentity": {
"accountId": "anonymous",
"principalId": "",
"type": "AWSAccount"
}
}
Raw
oac.json
{
"additionalEventData": {
"AuthenticationMethod": "AuthHeader",
"CipherSuite": "TLS_AES_128_GCM_SHA256",
"SignatureVersion": "SigV4",
"bytesTransferredIn": 0,
"bytesTransferredOut": 339117,
"x-amz-id-2": "Plk5qxp4LoJpRJEteWviQ6J7sEr+Fvx5sn0fUbvBq6cUIexQbZm6lSzeW5e5TNss1l/5cxDmUDPXeKJu12KTmg=="
},
"awsRegion": "us-east-1",
"eventCategory": "Data",
"eventID": "8d96391c-83f4-3491-bb84-4b389122ffb9",
"eventName": "GetObject",
"eventSource": "s3.amazonaws.com",
"eventTime": "2025-02-10T05:04:32Z",
"eventType": "AwsApiCall",
"eventVersion": "1.11",
"managementEvent": false,
"readOnly": true,
"recipientAccountId": "123456789012",
"requestID": "HQJGBHZK9QH33KG7",
"requestParameters": {
"Host": "bucket-name.s3.us-east-1.amazonaws.com",
"bucketName": "bucket-name",
"key": "sitemap.xml"
},
"resources": [
{
"ARN": "arn:aws:s3:::bucket-name/sitemap.xml",
"type": "AWS::S3::Object"
},
{
"ARN": "arn:aws:s3:::bucket-name",
"accountId": "123456789012",
"type": "AWS::S3::Bucket"
}
],
"responseElements": null,
"sharedEventID": "66921111-090f-45c8-a6bf-b9e34cd87b10",
"sourceIPAddress": "cloudfront.amazonaws.com",
"userAgent": "cloudfront.amazonaws.com",
"userIdentity": {
"invokedBy": "cloudfront.amazonaws.com",
"type": "AWSService"
}
}
Raw
oai.json
{
"additionalEventData": {
"AuthenticationMethod": "AuthHeader",
"CipherSuite": "TLS_AES_128_GCM_SHA256",
"SignatureVersion": "SigV4",
"bytesTransferredIn": 0,
"bytesTransferredOut": 339117,
"x-amz-id-2": "Plk5qxp4LoJpRJEteWviQ6J7sEr+Fvx5sn0fUbvBq6cUIexQbZm6lSzeW5e5TNss1l/5cxDmUDPXeKJu12KTmg=="
},
"awsRegion": "us-east-1",
"eventCategory": "Data",
"eventID": "8d96391c-83f4-3491-bb84-4b389122ffb9",
"eventName": "GetObject",
"eventSource": "s3.amazonaws.com",
"eventTime": "2025-02-10T05:04:32Z",
"eventType": "AwsApiCall",
"eventVersion": "1.11",
"managementEvent": false,
"readOnly": true,
"recipientAccountId": "123456789012",
"requestID": "HQJGBHZK9QH33KG7",
"requestParameters": {
"Host": "bucket-name.s3.us-east-1.amazonaws.com",
"bucketName": "bucket-name",
"key": "sitemap.xml"
},
"resources": [
{
"ARN": "arn:aws:s3:::bucket-name/sitemap.xml",
"type": "AWS::S3::Object"
},
{
"ARN": "arn:aws:s3:::bucket-name",
"accountId": "123456789012",
"type": "AWS::S3::Bucket"
}
],
"responseElements": null,
"sharedEventID": "66921111-090f-45c8-a6bf-b9e34cd87b10",
"sourceIPAddress": "3.172.26.36",
"tlsDetails": {
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bucket-name.s3.us-east-1.amazonaws.com",
"tlsVersion": "TLSv1.3"
},
"userAgent": "[Amazon CloudFront]",
"userIdentity": {
"accountId": "CloudFront",
"principalId": "AIDAIWBU3NBABM5FLVT5E",
"type": "AWSAccount"
}
}
Raw
website-https.json
{
"additionalEventData": {
"bytesTransferredIn": 0,
"bytesTransferredOut": 339117,
"x-amz-id-2": "Plk5qxp4LoJpRJEteWviQ6J7sEr+Fvx5sn0fUbvBq6cUIexQbZm6lSzeW5e5TNss1l/5cxDmUDPXeKJu12KTmg=="
},
"awsRegion": "us-east-1",
"eventCategory": "Data",
"eventID": "8d96391c-83f4-3491-bb84-4b389122ffb9",
"eventName": "GetObject",
"eventSource": "s3.amazonaws.com",
"eventTime": "2025-02-10T05:04:32Z",
"eventType": "AwsApiCall",
"eventVersion": "1.11",
"managementEvent": false,
"readOnly": true,
"recipientAccountId": "123456789012",
"requestID": "HQJGBHZK9QH33KG7",
"requestParameters": {
"Host": "bucket-name.s3-website-us-east-1.amazonaws.com",
"bucketName": "bucket-name",
"key": "sitemap.xml"
},
"resources": [
{
"ARN": "arn:aws:s3:::bucket-name/sitemap.xml",
"type": "AWS::S3::Object"
},
{
"ARN": "arn:aws:s3:::bucket-name",
"accountId": "123456789012",
"type": "AWS::S3::Bucket"
}
],
"responseElements": null,
"sharedEventID": "66921111-090f-45c8-a6bf-b9e34cd87b10",
"sourceIPAddress": "3.172.26.36",
"tlsDetails": {
"clientProvidedHostHeader": "bucket-name.s3-website-us-east-1.amazonaws.com"
},
"userAgent": "[Amazon CloudFront]",
"userIdentity": {
"accountId": "anonymous",
"principalId": "",
"type": "AWSAccount"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment