AWS CloudTrail

2024/11/13 - AWS CloudTrail - 1 new1 updated api methods

Changes  This release adds a new API GenerateQuery that generates a query from a natural language prompt about the event data in your event data store. This operation uses generative artificial intelligence (generative AI) to produce a ready-to-use SQL query from the prompt.

GenerateQuery (new) Link ¶

Generates a query from a natural language prompt. This operation uses generative artificial intelligence (generative AI) to produce a ready-to-use SQL query from the prompt.

The prompt can be a question or a statement about the event data in your event data store. For example, you can enter prompts like "What are my top errors in the past month?" and “Give me a list of users that used SNS.”

The prompt must be in English. For information about limitations, permissions, and supported Regions, see Create CloudTrail Lake queries from natural language prompts in the CloudTrail user guide.

See also: AWS API Documentation

Request Syntax

client.generate_query(
    EventDataStores=[
        'string',
    ],
    Prompt='string'
)
type EventDataStores:

list

param EventDataStores:

[REQUIRED]

The ARN (or ID suffix of the ARN) of the event data store that you want to query. You can only specify one event data store.

  • (string) --

type Prompt:

string

param Prompt:

[REQUIRED]

The prompt that you want to use to generate the query. The prompt must be in English. For example prompts, see Example prompts in the CloudTrail user guide.

rtype:

dict

returns:

Response Syntax

{
    'QueryStatement': 'string',
    'QueryAlias': 'string'
}

Response Structure

  • (dict) --

    • QueryStatement (string) --

      The SQL query statement generated from the prompt.

    • QueryAlias (string) --

      An alias that identifies the prompt. When you run the StartQuery operation, you can pass in either the QueryAlias or QueryStatement parameter.

DescribeQuery (updated) Link ¶
Changes (response) 
{'Prompt': 'string'}

Returns metadata about a query, including query run time in milliseconds, number of events scanned and matched, and query status. If the query results were delivered to an S3 bucket, the response also provides the S3 URI and the delivery status.

You must specify either a QueryID or a QueryAlias. Specifying the QueryAlias parameter returns information about the last query run for the alias.

See also: AWS API Documentation

Request Syntax

client.describe_query(
    EventDataStore='string',
    QueryId='string',
    QueryAlias='string'
)
type EventDataStore:

string

param EventDataStore:

The ARN (or the ID suffix of the ARN) of an event data store on which the specified query was run.

type QueryId:

string

param QueryId:

The query ID.

type QueryAlias:

string

param QueryAlias:

The alias that identifies a query template.

rtype:

dict

returns:

Response Syntax

{
    'QueryId': 'string',
    'QueryString': 'string',
    'QueryStatus': 'QUEUED'|'RUNNING'|'FINISHED'|'FAILED'|'CANCELLED'|'TIMED_OUT',
    'QueryStatistics': {
        'EventsMatched': 123,
        'EventsScanned': 123,
        'BytesScanned': 123,
        'ExecutionTimeInMillis': 123,
        'CreationTime': datetime(2015, 1, 1)
    },
    'ErrorMessage': 'string',
    'DeliveryS3Uri': 'string',
    'DeliveryStatus': 'SUCCESS'|'FAILED'|'FAILED_SIGNING_FILE'|'PENDING'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'ACCESS_DENIED_SIGNING_FILE'|'CANCELLED'|'UNKNOWN',
    'Prompt': 'string'
}

Response Structure

  • (dict) --

    • QueryId (string) --

      The ID of the query.

    • QueryString (string) --

      The SQL code of a query.

    • QueryStatus (string) --

      The status of a query. Values for QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED

    • QueryStatistics (dict) --

      Metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query's creation time.

      • EventsMatched (integer) --

        The number of events that matched a query.

      • EventsScanned (integer) --

        The number of events that the query scanned in the event data store.

      • BytesScanned (integer) --

        The total bytes that the query scanned in the event data store. This value matches the number of bytes for which your account is billed for the query, unless the query is still running.

      • ExecutionTimeInMillis (integer) --

        The query's run time, in milliseconds.

      • CreationTime (datetime) --

        The creation time of the query.

    • ErrorMessage (string) --

      The error message returned if a query failed.

    • DeliveryS3Uri (string) --

      The URI for the S3 bucket where CloudTrail delivered query results, if applicable.

    • DeliveryStatus (string) --

      The delivery status.

    • Prompt (string) --

      The prompt used for a generated query. For information about generated queries, see Create CloudTrail Lake queries from natural language prompts in the CloudTrail user guide.