aws-cloudtrail
1
总安装量
1
周安装量
#54146
全站排名
安装命令
npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill aws-cloudtrail
Agent 安装分布
opencode
1
codex
1
claude-code
1
Skill 文档
AWS CloudTrail
Audit AWS account activity with CloudTrail.
Create Trail
# Create organization trail
aws cloudtrail create-trail \
--name org-audit-trail \
--s3-bucket-name audit-logs-bucket \
--is-organization-trail \
--is-multi-region-trail \
--enable-log-file-validation \
--kms-key-id arn:aws:kms:...
# Start logging
aws cloudtrail start-logging --name org-audit-trail
Event Selectors
# Log all management and data events
aws cloudtrail put-event-selectors \
--trail-name org-audit-trail \
--event-selectors '[{
"ReadWriteType": "All",
"IncludeManagementEvents": true,
"DataResources": [{
"Type": "AWS::S3::Object",
"Values": ["arn:aws:s3:::sensitive-bucket/"]
}]
}]'
CloudTrail Lake
-- Query events
SELECT eventTime, userIdentity.userName, eventName, sourceIPAddress
FROM cloudtrail_logs
WHERE eventTime > '2024-01-01'
AND eventName LIKE '%Delete%'
ORDER BY eventTime DESC
LIMIT 100
Best Practices
- Organization-wide trails
- Enable log file validation
- Encrypt with KMS
- CloudWatch Logs integration
- Event alerting