我试图通过调用Nodejs sdk中提供的lookupEvents方法来提取AWS CloudTrail查找事件。我的代码如下。我能够从时间的开始提取事件,但不能从我指定的日期提取事件。
StartTime和EndTime应该是什么格式
我尝试了文档中显示的那个。
EndTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789,
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: event.EventName
},
{
AttributeKey: "EventSource",
AttributeValue: event.EventSource
},
{
AttributeKey: "StartTime",
AttributeValue: "Tue Mar 09 2021 00:00:00 GMT+0000"
},
{
AttributeKey: "EndTime",
AttributeValue: "Tue Mar 11 2021 00:00:00 GMT+0000"
}
]
};
const cloudtrail = new AWS.CloudTrail({ region: event.region });
let data;
let count = 0;
console.log(`params are ${JSON.stringify(params)}`)
try {
do {
console.log(`Before method...`)
data = await cloudtrail.lookupEvents(params).promise();
console.log(`data so far is ${data}`);
if (data) {
console.log(`data retrieved is ${JSON.stringify(data)}`);
count += data.Events.length;
if (data.NextToken) {
params.NextToken = data.NextToken;
}
}
} while (data.NextToken);
console.log(`The count of Events matching criteria are ${count}.`);
} catch (err) {
console.error(`Error is ${err.stack}`);
}
根据文档,StartTime和EndTime不是LookupAttributes的一部分,它们只是LookupAttributes旁边的常规参数。
下面是一个工作示例:
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: "CreateLogStream",
},
{
AttributeKey: "EventSource",
AttributeValue: "logs.amazonaws.com",
},
],
StartTime: "2021-03-01T01:03:38.141Z",
EndTime: "2021-03-02T01:03:38.141Z",
};
const cloudtrail = new AWS.CloudTrail({ region: "us-east-1" });
cloudtrail.lookupEvents(params, (err, result) => {
console.log("err", err, "result", result);
});
就像Balu在前面的回答中提到的那样,起始时间和结束时间不是lookupattributes的一部分。它们将在参数中作为键值对单独提及。
以下是我的AWS Lambda代码,它更通用,可以接受任何EventName和EventSource以及区域作为Lambda接收的JSON输入的一部分。
代码是为了避免回调而编写的。
const AWS = require('aws-sdk');
exports.handler = async event => {
console.log(new Date().toUTCString() + "n");
const today = new Date();
today.setHours(0);
today.setMinutes(0);
today.setSeconds(0);
const utcToday = new Date(Date.UTC(today.getFullYear(), today.getMonth(), today.getDate(), 0, 0, 0, 0));
const yesterday = new Date(today.getTime());
yesterday.setDate(yesterday.getDate() - 1);
const utcYesterday = new Date(Date.UTC(yesterday.getFullYear(), yesterday.getMonth(), yesterday.getDate(), 0, 0, 0, 0));
console.log(`today is ${today.toString()}.`);
console.log(`yesterday is ${yesterday.toString()}.`);
console.log(`utcToday is ${utcToday.toString()}.`);
console.log(`utcYesterday is ${utcYesterday.toString()}.`);
let params = {
LookupAttributes: [
{
AttributeKey: "EventName",
AttributeValue: event.EventName
},
{
AttributeKey: "EventSource",
AttributeValue: event.EventSource
}
],
StartTime: utcYesterday.getTime() / 1000,
EndTime: utcToday.getTime() / 1000
};
const cloudtrail = new AWS.CloudTrail({ region: event.region });
let data;
let count = 0;
console.log(`params are ${JSON.stringify(params)}`)
try {
do {
console.log(`Before method...`)
data = await cloudtrail.lookupEvents(params).promise();
console.log(`data so far is ${data}`);
if (data) {
console.log(`data retrieved is ${JSON.stringify(data)}`);
count += data.Events.length;
if (data.NextToken) {
params.NextToken = data.NextToken;
}
}
} while (data.NextToken);
console.log(`The count of Events matching criteria are ${count}.`);
} catch (err) {
console.error(`Error is ${err.stack}`);
}
}