AWS CloudTrail

Version: 2.0.0

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

Connect AWS CloudTrail with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for AWS CloudTrail.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Region: Enter a valid Region. Example: us-west-1.
    • API key: The API key to connect to the AWS CloudTrail.
    • Secret Key: Secret Key For CloudTrail.
  4. After you've entered all the details, click Connect.

Actions for AWS CloudTrail

Lookup Events

Looks up management events captured by CloudTrail.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Max EventsThe number of events to return. Possible values are 1 through 50000 (default is 1000).Optional
Attribute KeyAttribute Key to lookup.Optional
Attribute ValueAttribute value to lookup.Optional
Action TimeoutTimeout in seconds (default is 360 seconds).Optional

Output

A JSON object containing event version details.

{
   "CloudTrailEvent": "{\"eventVersion\":\"1.08\",\"userIdentity\":{\"type\":\"AssumedRole\",\"principalId\":\"AROAIXOY7ENQC3XZWEUO6:ed7eab45-8886-4294-afa2-10bca651\",\"arn\":\"arn:aws:sts::827505017847:assumed-role/obsrvbl_role/ed7eab45-8886-4294-afa2-10bca651\",\"accountId\":\"827505017847\",\"accessKeyId\":\"ASIA4BKZEQP37B6GUG6L\",\"sessionContext\":{\"sessionIssuer\":{\"type\":\"Role\",\"principalId\":\"AROAIXOY7ENQC3XZWEUO6\",\"arn\":\"arn:aws:iam::827505017847:role/obsrvbl_role\",\"accountId\":\"827505017847\",\"userName\":\"obsrvbl_role\"},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"false\",\"creationDate\":\"2021-01-19T12:42:12Z\"}}},\"eventTime\":\"2021-01-19T12:42:27Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"LookupEvents\",\"awsRegion\":\"us-east-2\",\"sourceIPAddress\":\"52.54.41.7\",\"userAgent\":\"Boto3/1.16.0 Python/3.6.9 Linux/4.15.0-1060-aws Botocore/1.19.0\",\"errorCode\":\"ThrottlingException\",\"errorMessage\":\"Rate exceeded\",\"requestParameters\":null,\"responseElements\":null,\"requestID\":\"304b7f68-e5e7-4244-b37c-9d6ed003985f\",\"eventID\":\"89c7cc6e-0938-433e-8502-8aa4a4c2858c\",\"readOnly\":true,\"eventType\":\"AwsApiCall\",\"managementEvent\":true,\"eventCategory\":\"Management\",\"recipientAccountId\":\"827505017847\"}",
   "EventId": "89c7cc6e-0938-433e-8502-8aa4a4c2858c",
   "EventName": "LookupEvents",
   "EventSource": "cloudtrail.amazonaws.com",
   "EventTime": "2021-01-19 12:42:27+00:00",
   "Resources": [],
   "Username": "ed7eab45-8886-4294-afa2-10bca651",
   "error": null,
   "has_error": false
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem
  • v1.0.11 - Added documentation link in the automation library.

© 2017-2021 LogicHub®. All Rights Reserved.