AWS CloudTrail

2024/01/18 - AWS CloudTrail - 1 new api methods

Changes  This release adds a new API ListInsightsMetricData to retrieve metric data from CloudTrail Insights.

ListInsightsMetricData (new) Link ΒΆ

Returns Insights metrics data for trails that have enabled Insights. The request must include the EventSource, EventName, and InsightType parameters.

If the InsightType is set to ApiErrorRateInsight, the request must also include the ErrorCode parameter.

The following are the available time periods for ListInsightsMetricData. Each cutoff is inclusive.

  • Data points with a period of 60 seconds (1-minute) are available for 15 days.

  • Data points with a period of 300 seconds (5-minute) are available for 63 days.

  • Data points with a period of 3600 seconds (1 hour) are available for 90 days.

Access to the ListInsightsMetricData API operation is linked to the cloudtrail:LookupEvents action. To use this operation, you must have permissions to perform the cloudtrail:LookupEvents action.

See also: AWS API Documentation

Request Syntax

client.list_insights_metric_data(
    EventSource='string',
    EventName='string',
    InsightType='ApiCallRateInsight'|'ApiErrorRateInsight',
    ErrorCode='string',
    StartTime=datetime(2015, 1, 1),
    EndTime=datetime(2015, 1, 1),
    Period=123,
    DataType='FillWithZeros'|'NonZeroData',
    MaxResults=123,
    NextToken='string'
)
type EventSource:

string

param EventSource:

[REQUIRED]

The Amazon Web Services service to which the request was made, such as iam.amazonaws.com or s3.amazonaws.com.

type EventName:

string

param EventName:

[REQUIRED]

The name of the event, typically the Amazon Web Services API on which unusual levels of activity were recorded.

type InsightType:

string

param InsightType:

[REQUIRED]

The type of CloudTrail Insights event, which is either ApiCallRateInsight or ApiErrorRateInsight. The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume. The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes.

type ErrorCode:

string

param ErrorCode:

Conditionally required if the InsightType parameter is set to ApiErrorRateInsight.

If returning metrics for the ApiErrorRateInsight Insights type, this is the error to retrieve data for. For example, AccessDenied.

type StartTime:

datetime

param StartTime:

Specifies, in UTC, the start time for time-series data. The value specified is inclusive; results include data points with the specified time stamp.

The default is 90 days before the time of request.

type EndTime:

datetime

param EndTime:

Specifies, in UTC, the end time for time-series data. The value specified is exclusive; results include data points up to the specified time stamp.

The default is the time of request.

type Period:

integer

param Period:

Granularity of data to retrieve, in seconds. Valid values are 60, 300, and 3600. If you specify any other value, you will get an error. The default is 3600 seconds.

type DataType:

string

param DataType:

Type of datapoints to return. Valid values are NonZeroData and FillWithZeros. The default is NonZeroData.

type MaxResults:

integer

param MaxResults:

The maximum number of datapoints to return. Valid values are integers from 1 to 21600. The default value is 21600.

type NextToken:

string

param NextToken:

Returned if all datapoints can't be returned in a single call. For example, due to reaching MaxResults.

Add this parameter to the request to continue retrieving results starting from the last evaluated point.

rtype:

dict

returns:

Response Syntax

{
    'EventSource': 'string',
    'EventName': 'string',
    'InsightType': 'ApiCallRateInsight'|'ApiErrorRateInsight',
    'ErrorCode': 'string',
    'Timestamps': [
        datetime(2015, 1, 1),
    ],
    'Values': [
        123.0,
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • EventSource (string) --

      The Amazon Web Services service to which the request was made, such as iam.amazonaws.com or s3.amazonaws.com.

    • EventName (string) --

      The name of the event, typically the Amazon Web Services API on which unusual levels of activity were recorded.

    • InsightType (string) --

      The type of CloudTrail Insights event, which is either ApiCallRateInsight or ApiErrorRateInsight. The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume. The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes.

    • ErrorCode (string) --

      Only returned if InsightType parameter was set to ApiErrorRateInsight.

      If returning metrics for the ApiErrorRateInsight Insights type, this is the error to retrieve data for. For example, AccessDenied.

    • Timestamps (list) --

      List of timestamps at intervals corresponding to the specified time period.

      • (datetime) --

    • Values (list) --

      List of values representing the API call rate or error rate at each timestamp. The number of values is equal to the number of timestamps.

      • (float) --

    • NextToken (string) --

      Only returned if the full results could not be returned in a single query. You can set the NextToken parameter in the next request to this value to continue retrieval.