DEV Community

Abdallah Deeb
Abdallah Deeb

Posted on • Originally published at deeb.me on

List IPs from CloudTrail events

#cloudtrail #cli #aws #bash

A quick command to list the IPs from AWS CloudTrail events.

#!/bin/bash ACCESS\_KEY\_ID=AKIASMOETHINGHERE MAX\_ITEMS=100 aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=${ACCESS\_KEY\_ID} --max-items ${MAX\_ITEMS} \ | jq -r '.Events[].CloudTrailEvent' \ | jq '.sourceIPAddress' \ | sort | uniq

This of course can be extended to include more information, for example:

#!/bin/bash ACCESS\_KEY\_ID=AKIASMOETHINGHERE MAX\_ITEMS=100 aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=${ACCESS\_KEY\_ID} --max-items ${MAX\_ITEMS} \ | jq -r '.Events[].CloudTrailEvent' \ | jq '{ User: .userIdentity.userName, IP: .sourceIPAddress, Event: .eventName }'

Top comments (0)

Read next

cicubeteam profile image

What is AWS Redshift and Why Use It?

CiCube Team -

trantn profile image

Cognito custom flow sign-in sends a confirm code via email

Aidan -

steeve profile image

S3 Client against disasters (hacks, fires, catastrophes)

Steeve -

depaa profile image

Building a Serverless Newsletter: Your Guide to AWS and Amazon SES

Matteo Depascale -