Abdallah Deeb

Posted on Mar 22, 2019 • Originally published at deeb.me on Feb 1, 2019

List IPs from CloudTrail events

#cloudtrail #cli #aws #bash

A quick command to list the IPs from AWS CloudTrail events.

#!/bin/bash ACCESS\_KEY\_ID=AKIASMOETHINGHERE MAX\_ITEMS=100 aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=${ACCESS\_KEY\_ID} --max-items ${MAX\_ITEMS} \ | jq -r '.Events[].CloudTrailEvent' \ | jq '.sourceIPAddress' \ | sort | uniq

This of course can be extended to include more information, for example:

#!/bin/bash ACCESS\_KEY\_ID=AKIASMOETHINGHERE MAX\_ITEMS=100 aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=${ACCESS\_KEY\_ID} --max-items ${MAX\_ITEMS} \ | jq -r '.Events[].CloudTrailEvent' \ | jq '{ User: .userIdentity.userName, IP: .sourceIPAddress, Event: .eventName }'

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Creating a S3 Bucket on AWS and Presigned URLs

Adedapo - Dec 12 '24

Do you know that EKS Auto Mode enforces a 21-day maximum node lifetime?

Vijay Kodam - Dec 12 '24

💻 Mastering Linux Shell Scripting: The Ultimate Guide for Automation Ninjas 🚀

Theerej C - Dec 11 '24

Building Cloud Security Efforts with AWS CAF and Well-Architected Framework

Seun - Dec 12 '24

How to Diagram Your Cloud Architecture

Cloud architecture diagrams provide critical visibility into the resources in your environment and how they’re connected. In our latest eBook, AWS Solution Architects Jason Mimick and James Wenzel walk through best practices on how to build effective and professional diagrams.

DEV Community