aws-cloudtrail 命令

常用示例

说明

aws cloudtrail manages AWS CloudTrail, which logs API activity and events across AWS services for auditing, compliance, and security analysis. lookup-events searches management events from the last 90 days without needing a trail configured. It's rate-limited to 2 requests per second per region. Trails deliver logs to S3 buckets for long-term storage. Multi-region trails capture activity from all regions. Organization trails log events for all accounts in AWS Organizations. Event selectors filter which events to log (management events, data events for S3/Lambda, or Insights events for anomaly detection). Logs include who made the request, services used, actions performed, parameters, and response elements.

参数

lookup-events

Search management events from the last 90 days

create-trail

Create a new trail for logging API activity

describe-trails

List trails and their configuration

get-trail-status

Get logging status of a trail

start-logging

Begin logging events to a trail

stop-logging

Pause logging events to a trail

update-trail

Modify trail configuration

delete-trail

Remove a trail (logs remain in S3)

put-event-selectors

Configure which events to log

put-insight-selectors

Enable CloudTrail Insights

--name _trail-name_

Trail name or ARN

--s3-bucket-name _bucket_

S3 bucket for log storage

--is-multi-region-trail

Log events from all regions

--is-organization-trail

Log events for all accounts in organization

--kms-key-id _key_

KMS key for log encryption

--lookup-attributes _attr_

Filter events (AttributeKey=Type,AttributeValue=Value)

--start-time _timestamp_

Start of time range for lookup

--end-time _timestamp_

End of time range for lookup