DEV Community

Abdallah Deeb
Abdallah Deeb

Posted on • Originally published at deeb.me on

List IPs from CloudTrail events

#cloudtrail #cli #aws #bash

A quick command to list the IPs from AWS CloudTrail events.

#!/bin/bash ACCESS\_KEY\_ID=AKIASMOETHINGHERE MAX\_ITEMS=100 aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=${ACCESS\_KEY\_ID} --max-items ${MAX\_ITEMS} \ | jq -r '.Events[].CloudTrailEvent' \ | jq '.sourceIPAddress' \ | sort | uniq

This of course can be extended to include more information, for example:

#!/bin/bash ACCESS\_KEY\_ID=AKIASMOETHINGHERE MAX\_ITEMS=100 aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=${ACCESS\_KEY\_ID} --max-items ${MAX\_ITEMS} \ | jq -r '.Events[].CloudTrailEvent' \ | jq '{ User: .userIdentity.userName, IP: .sourceIPAddress, Event: .eventName }'

Top comments (0)

Read next

franklinyu profile image

How the shell aliases affect shell functions: two pitfalls

Franklin Yu -

karthiksakthiveltechie profile image

AWS CodePipeline V2 type pipelines supports to automatically retry a stage if there is a failure in the stage.

Karthik Sakthivel -

roalcantara profile image

Adding Zsh Completion for `gh copilot`

Rogério Rodrigues de Alcântara -

mahinur05 profile image

🚀 Deploying Node.js Application with PM2, NGINX, and SSL Configuration 🚀

Mahinur Rahman -