how to find root cause of unauthorized API call is made?


Hello guy need help

i am getting unauthorized API call is made alarm. i dont know what is the root cause.

how to find this in cloudtrail?

1 Risposta
Risposta accettata

Using the AWS Console

  1. Open your Amazon CloudWatch console and specify a region.
  2. On the left hand menu, select Insights under Logs.
  3. Select your CloudTrail Logs group from the dropdown near the top.
  4. On the right, choose a relative time frame to search.
  5. Enter the following command into the query input, and click Run query:
filter errorCode like /Unauthorized|Denied|Forbidden/ | fields awsRegion,
userIdentity.arn, eventSource, eventName, sourceIPAddress, userAgent

You could do the same with Athena from your S3 bucket trail

Information source

profile picture
con risposta 8 mesi fa
profile picture
verificato 8 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande