Utility to discover AWS CloudTrail events pushed into S3
Project description
Background
The AWS platform allows you to log API calls using AWS CloudTrial.
You can use tools like AWS Config and CaptialOne's CloudCustodian to create security controls that react to these events.
The problem
There is not much documentation on the structure of the events.
What is this?
The structure of the events from CloudTrail are similar to responses seen when using boto3.
Boto3 is powered by the botocore library.
The botocore library contains a data directory that describes the API calls (requests and responses).
This library allows you to interact with the data directories of botocore to see the API request and responses.
This is to help you write custom AWS Config rules and or CloudCustodian policies.
Examples
Running cloudtrail-schema iam.CreatePolicy.output give the following output:
Description
------
<p>Creates a new managed policy for your AWS account.</p> <p>This operation creates a policy version with a version identifier of <code>v1</code> and sets v1 as the policy's default version. For more information about policy versions, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for Managed Policies</a> in the <i>IAM User Guide</i>.</p> <p>For more information about managed policies in general, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed Policies and Inline Policies</a> in the <i>IAM User Guide</i>.</p>
Result
------
{
"policy": {
"policyName": {
"type": "string",
"max": 128,
"min": 1,
"pattern": "[\\w+=,.@-]+"
},
"policyId": {
"type": "string",
"max": 128,
"min": 16,
"pattern": "[\\w]+"
},
"arn": {
"type": "string",
"documentation": "<p>The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.</p> <p>For more information about ARNs, go to <a href=\"http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General Reference</i>. </p>",
"max": 2048,
"min": 20
},
"path": {
"type": "string",
"pattern": "((/[A-Za-z0-9\\.,\\+@=_-]+)*)/"
},
"defaultVersionId": {
"type": "string",
"pattern": "v[1-9][0-9]*(\\.[A-Za-z0-9-]*)?"
},
"attachmentCount": {
"type": "integer"
},
"permissionsBoundaryUsageCount": {
"type": "integer"
},
"isAttachable": {
"type": "boolean"
},
"description": {
"type": "string",
"max": 1000
},
"createDate": {
"type": "timestamp"
},
"updateDate": {
"type": "timestamp"
}
}
}
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for aws-cloudtrail-events-schema-0.0.4.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 87029d75c82272d10f4ac5e1f39e2b11325856c511efb2da8593be1bae07201c |
|
| MD5 | 2fd097fd8bfb2cd22386f261f60f92ec |
|
| BLAKE2b-256 | b7dc8db9d07f5cd44303f6c3f863a3a224af7501b647745a03d4f70ec25fc839 |
