serkan haytac
Search... ⌘K
Back to posts
· 1 min read

Some useful cloudtrail commands i use often.

awsclooudtrailcli

AWS Docs

Get the last 10 actions done by IAM user.
➜  ~ aws cloudtrail lookup-events --lookup-attributes aws lookup-events --lookup-attributes AttributeKey=Username,AttributeValue=username --max-items 10
Get the last 10 actions done by IAM role.
➜  ~ aws cloudtrail lookup-events --lookup-attributes aws lookup-events --lookup-attributes AttributeKey=ResourceName,AttributeValue=CloudTrail_CloudWatchLogs_Role  --max-items 10