1 Answer
- Newest
- Most votes
- Most comments
0
You can usually infer the resource from the contents of requestParameters
or in the responseElements
, but the contents will vary widely depending on the API call. There is no single attribute in the CloudTrail output that always indicates which resource(s) are related.
Relevant content
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
Inferring from your answer, do we have to manually map the attribute for different type of events. For example:
CreateBucket: requestParameters.bucketName (name will be obtained and not an ARN)
GetBucketAcl "requestParameters": { "bucketName": "aws-cloudtrail-logs-21748-f0b24d76", "Host": "aws-cloudtrail-logs-21748-f0b24d76.s3.us-east-1.amazonaws.com", "acl": "" }, "responseElements": null,
requestParameters.bucketName (name will be obtained and not an ARN)
AttachRolePolicy "requestParameters": { "roleName": "s3crr_role_for_poc-s3_3", "policyArn": "arn:aws:iam::40385534:policy/service-role/s3crr_for_poc-s3_a3a10f" }, "responseElements": null,
requestParameters.policyArn will be obtained but (roleName will be obtained and not an ARN of role)
Is there any way to get exact arn of resources??