rileydakota
rileydakota
/ duckdb_cloudtrail_load.sql
Last active
July 16, 2024 22:27
Load and Query AWS CloudTrail direct from DuckDB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INSTALL AWS; | |
| LOAD AWS; | |
| CALL load_aws_credentials(); | |
| CREATE TABLE ct_raw AS SELECT * FROM read_json('s3://YOUR_CT_BUCKET_WITH_A_DATE_PREFIX/*.gz', maximum_depth=2); | |
| CREATE TABLE ct as SELECT unnest(Records) as Event FROM ct_raw; | |
| CREATE TABLE cloudtrail_events AS SELECT json_extract_string(event, '$.eventVersion') AS eventVersion, | |
| json_extract_string(event, '$.userIdentity.type') AS userType, | |
| json_extract_string(event, '$.userIdentity.principalId') AS principalId, | |
| json_extract_string(event, '$.userIdentity.arn') AS userArn, | |
| json_extract_string(event, '$.userIdentity.accountId') AS accountId, |
rileydakota
/ github_oidc_role.yml
Last active
July 3, 2023 22:21
CloudFormation Template for IAM Role for GitHub OIDC with latest fingerprints
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Parameters: | |
| GitHubOrg: | |
| Type: String | |
| RepositoryName: | |
| Type: String | |
| Resources: | |
| Role: | |
| Type: AWS::IAM::Role | |
| Properties: |