Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

powershell cloudtrail trying to get instance id from requestparameters

0

I am trying to pull instance Id and other parameters from cloudtrail using ps like so

$results = Find-CTEvent -StartTime (Get-Date).AddMinutes(-30) | ? {$_.EventName -eq "TerminateInstances"}

{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"xx","arn":"arn:aws:iam::462518063128:user/awslab1","accountId":"xxx","acces sKeyId":"xx","userName":"awslab1","sessionContext":{"sessionIssuer":{ },"webIdFederationData":{},"attributes":{"creationDate":"2022-05-27T14:28:44Z","mfaAuth enticated":"false"}}},"eventTime":"2022-05-27T17:04:12Z","eventSource":"ec2.amazonaws.c om","eventName":"TerminateInstances","awsRegion":"us-west-1","sourceIPAddress":"AWS Internal","userAgent":"AWS Internal","requestParameters":{"instancesSet":{"items":[{"in stanceId":"i-07efe3d31ef2cef02"}]}},"responseElements":{"requestId":"dde64a51-2fd6-40ef -b9d6-06fde8a2abd9","instancesSet":{"items":[{"instanceId":"i-07efe3d31ef2cef02","curre ntState":{"code":32,"name":"shutting-down"},"previousState":{"code":16,"name":"running" }}]}},"requestID":"dde64a51-2fd6-40ef-b9d6-06fde8a2abd9","eventID":"dfc1fa38-c5db-401d- 9ac9-11cd5ab41dd8","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"re cipientAccountId":"462518063038","eventCategory":"Management","sessionCredentialFromCon sole":"true"}

then convertfrom json

$results.CloudTrailEvent | ConvertFrom-Json

eventVersion : 1.08 userIdentity : @{type=IAMUser; principalId=xxxx; arn=arn:aws:iam::462518063128user/awslab1; accountId=xx; accessKeyId=xxxx; userName=awslab1; sessionContext=} eventTime : 5/27/2022 5:04:12 PM eventSource : ec2.amazonaws.com eventName : TerminateInstances awsRegion : us-west-1 sourceIPAddress : AWS Internal userAgent : AWS Internal requestParameters : @{instancesSet=} responseElements : @{requestId=dde64a51-2fd6-40ef-b9d6-06fde8a2abd9; instancesSet=} requestID : dde64a51-2fd6-40ef-b9d6-06fde8a2abd9 eventID : dfc1fa38-c5db-401d-9ac9-11cd5ab41dd8 readOnly : False eventType : AwsApiCall managementEvent : True recipientAccountId : 462518061234 eventCategory : Management sessionCredentialFromConsole : true

But the requestParameters : @{instancesSet=} is missing instance id and other values

any idea?

Themen
KalkulationManagement & Unternehmensführung
Tags
Amazon EC2AWS CloudTrailAWS Tools für Windows PowerShell
Sprache
English
rePost-User-0085875
gefragt vor 2 Jahren292 Aufrufe
1 Antwort
0

When you describe the object, you don't see the value but the instance ID exists under the requestParameters. Please see below for how to describe the instance IDs.

$results = Find-CTEvent -StartTime (Get-Date).AddMinutes(-30) | ? {$_.EventName -eq "TerminateInstances"}
($results.CloudTrailEvent |convertfrom-json).requestParameters.instancesSet.items
AWS
Taka_M
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt