2023/06/13 - AWS CloudTrail - 2 updated api methods
Changes This feature allows users to view dashboards for CloudTrail Lake event data stores.
{'QueryAlias': 'string'}
Returns metadata about a query, including query run time in milliseconds, number of events scanned and matched, and query status. If the query results were delivered to an S3 bucket, the response also provides the S3 URI and the delivery status.
You must specify either a QueryID or a QueryAlias. Specifying the QueryAlias parameter returns information about the last query run for the alias.
See also: AWS API Documentation
Request Syntax
client.describe_query(
EventDataStore='string',
QueryId='string',
QueryAlias='string'
)
string
The ARN (or the ID suffix of the ARN) of an event data store on which the specified query was run.
string
The query ID.
string
The alias that identifies a query template.
dict
Response Syntax
{
'QueryId': 'string',
'QueryString': 'string',
'QueryStatus': 'QUEUED'|'RUNNING'|'FINISHED'|'FAILED'|'CANCELLED'|'TIMED_OUT',
'QueryStatistics': {
'EventsMatched': 123,
'EventsScanned': 123,
'BytesScanned': 123,
'ExecutionTimeInMillis': 123,
'CreationTime': datetime(2015, 1, 1)
},
'ErrorMessage': 'string',
'DeliveryS3Uri': 'string',
'DeliveryStatus': 'SUCCESS'|'FAILED'|'FAILED_SIGNING_FILE'|'PENDING'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'ACCESS_DENIED_SIGNING_FILE'|'CANCELLED'|'UNKNOWN'
}
Response Structure
(dict) --
QueryId (string) --
The ID of the query.
QueryString (string) --
The SQL code of a query.
QueryStatus (string) --
The status of a query. Values for QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED
QueryStatistics (dict) --
Metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query's creation time.
EventsMatched (integer) --
The number of events that matched a query.
EventsScanned (integer) --
The number of events that the query scanned in the event data store.
BytesScanned (integer) --
The total bytes that the query scanned in the event data store. This value matches the number of bytes for which your account is billed for the query, unless the query is still running.
ExecutionTimeInMillis (integer) --
The query's run time, in milliseconds.
CreationTime (datetime) --
The creation time of the query.
ErrorMessage (string) --
The error message returned if a query failed.
DeliveryS3Uri (string) --
The URI for the S3 bucket where CloudTrail delivered query results, if applicable.
DeliveryStatus (string) --
The delivery status.
{'QueryAlias': 'string', 'QueryParameters': ['string']}
Starts a CloudTrail Lake query. Use the QueryStatement parameter to provide your SQL query, enclosed in single quotation marks. Use the optional DeliveryS3Uri parameter to deliver the query results to an S3 bucket.
StartQuery requires you specify either the QueryStatement parameter, or a QueryAlias and any QueryParameters. In the current release, the QueryAlias and QueryParameters parameters are used only for the queries that populate the CloudTrail Lake dashboards.
See also: AWS API Documentation
Request Syntax
client.start_query(
QueryStatement='string',
DeliveryS3Uri='string',
QueryAlias='string',
QueryParameters=[
'string',
]
)
string
The SQL code of your query.
string
The URI for the S3 bucket where CloudTrail delivers the query results.
string
The alias that identifies a query template.
list
The query parameters for the specified QueryAlias.
(string) --
dict
Response Syntax
{
'QueryId': 'string'
}
Response Structure
(dict) --
QueryId (string) --
The ID of the started query.