使用CDK(或CloudFormation)创建一个可以在Athena中查询的CloudTrail。
0
【以下的问题经过翻译处理】 我正在创建一个应用程序/堆栈/解决方案,部署后可以设置必要的基础设施以进行编程查询CloudTrail日志:特别是通过给定的执行角色在某些服务中查找资源创建请求。
从Athena开发人员指南中的这个查询CloudTrail日志页面等看来,Athena似乎是一个好的解决方案,但我在尝试自动化设置时遇到了困难。
设置Trail相当简单。但是,我目前尝试将Athena手动分区说明映射到CDK生成的Glue表时,似乎出现了具有0个分区的表。我不太理解分区投影说明如何用CDK来表示?
在源S3 bucket/prefix 中肯定有CloudTrail事件- 有人知道如何使之工作吗?
我对Glue和Athena都不是太深入了解。下面是Glue表的当前草稿CDK:
const cloudTrailTable = new glue.Table(this, "CloudTrailGlueTable", {
columns: [
{ name: "eventversion", type: glue.Schema.STRING },
{
name: "useridentity",
type: glue.Schema.struct([
{ name: "type", type: glue.Schema.STRING },
{ name: "principalid", type: glue.Schema.STRING },
{ name: "arn", type: glue.Schema.STRING },
{ name: "accountid", type: glue.Schema.STRING },
{ name: "invokedby", type: glue.Schema.STRING },
{ name: "accesskeyid", type: glue.Schema.STRING },
{ name: "userName", type: glue.Schema.STRING },
{
name: "sessioncontext",
type: glue.Schema.struct([
{
name: "attributes",
type: glue.Schema.struct([
{ name: "mfaauthenticated", type: glue.Schema.STRING },
{ name: "creationdate", type: glue.Schema.STRING },
]),
},
{
name: "sessionissuer",
type: glue.Schema.struct([
{ name: "type", type: glue.Schema.STRING },
{ name: "principalId", type: glue.Schema.STRING },
{ name: "arn", type: glue.Schema.STRING },
{ name: "accountId", type: glue.Schema.STRING },
{ name: "userName", type: glue.Schema.STRING },
]),
},
]),
},
]),
},
{ name: "eventtime", type: glue.Schema.STRING },
{ name: "eventsource", type: glue.Schema.STRING },
{ name: "eventname", type: glue.Schema.STRING },
{ name: "awsregion", type: glue.Schema.STRING },
{ name: "sourceipaddress", type: glue.Schema.STRING },
{ name: "useragent", type: glue.Schema.STRING },
{ name: "errorcode", type: glue.Schema.STRING },
{ name: "errormessage", type: glue.Schema.STRING },
{ name: "requestparameters", type: glue.Schema.STRING },
{ name: "responseelements", type: glue.Schema.STRING },
{ name: "additionaleventdata", type: glue.Schema.STRING },
{ name: "requestid", type: glue.Schema.STRING },
{ name: "eventid", type: glue.Schema.STRING },
{
name: "resources",
type: glue.Schema.array(
glue.Schema.struct([
{ name: "ARN", type: glue.Schema.STRING },
{ name: "accountId", type: glue.Schema.STRING },
{ name: "type", type: glue.Schema.STRING },
])
),
},
{ name: "eventtype", type: glue.Schema.STRING },
{ name: "apiversion", type: glue.Schema.STRING },
{ name: "readonly", type: glue.Schema.STRING },
{ name: "recipientaccountid", type: glue.Schema.STRING },
{ name: "serviceeventdetails", type: glue.Schema.STRING },
{ name: "sharedeventid", type: glue.Schema.STRING },
{ name: "vpcendpointid", type: glue.Schema.STRING },
],
dataFormat: glue.DataFormat.CLOUDTRAIL_LOGS,
database: myGlueDatabase,
tableName: "cloudtrail_table",
bucket: myCloudTrailBucket,
description: "CloudTrail Glue table",
s3Prefix: `AWSLogs/${cdk.Stack.of(this).account}/CloudTrail/`,
partitionKeys: [
{ name: "region", type: glue.Schema.STRING },
{ name: "year", type: glue.Schema.STRING },
{ name: "month", type: glue.Schema.STRING },
{ name: "day", type: glue.Schema.STRING },
],
});
1 回答
- 最新
- 投票最多
- 评论最多
0
【以下的回答经过翻译处理】 目前,L2 CDK construct for glue table并没有表属性参数,这意味着您无法直接在基础对象上设置分区投影。
有个办法可以设置表属性。使用文档中列出的示例这里,如下所示:
const cfnTable = cloudTrailTable.node.defaultChild as glue.CfnTable;
const tableInput = cfnTable.tableInput as glue.CfnTable.TableInputProperty;
tableInput.parameters = {
projection.enabled: 'true'
}