Skip to content

Instantly share code, notes, and snippets.

@jrab89

jrab89/download_and_search_cloudtrail.sh

Last active February 2, 2017 20:21
Show Gist options
  • Save jrab89/79bb5ec91d8de1ee344354c5572e9156 to your computer and use it in GitHub Desktop.
Save jrab89/79bb5ec91d8de1ee344354c5572e9156 to your computer and use it in GitHub Desktop.
Download ZIP
Digging through CloudTrail logs
Raw
download_and_search_cloudtrail.sh
aws s3 sync \
s3://your-cloudtrail/AWSLogs/222222bbbbbb/CloudTrail/us-east-1/YYYY/MM/DD/ \
~/s3/your-cloudtrail/AWSLogs/222222bbbbbb/CloudTrail/us-east-1/YYYY/MM/DD/
ag -lz \
c11db0a3-7309-4089-9750-3835fb522e9d \
~/s3/your-cloudtrail/AWSLogs/222222bbbbbb/CloudTrail/us-east-1/YYYY/MM/DD/
Raw
parse_cloudtrail_events.rb
require 'json'
paths = Dir.glob("#{ENV['HOME']}/s3/your-cloudtrail/AWSLogs/222222bbbbbb/CloudTrail/us-east-1/YYYY/MM/DD/*.json.gz")
events = paths.flat_map do |path|
JSON.parse(Zlib::GzipReader.new(StringIO.new(File.read(path))).read)['Records']
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment