aws --output text --profile=opsdev iam list-users | awk '{print $NF}' | xargs -P10 -n1 aws --output text iam --profile=opsdev list-access-keys --user-name | grep $AWS_ACCESS_KEY
Look up Cloudtrail events using the AWS CLI
- List all events for the last 7 days: $ aws cloudtrail lookup-events --output json
- List all events where user name is root: $ aws cloudtrail lookup-events --lookup-attributes AttributeKey=Username, AttributeValue=root --output=json
- List all events where the Resource type is EC2 Instance: $ aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceType, AttributeValue=AWS::EC2::Instance --output=json
No comments:
Post a Comment