AWS CloudTrail

2022/10/19 - AWS CloudTrail - 2 updated api methods

Changes  This release includes support for exporting CloudTrail Lake query results to an Amazon S3 bucket.

DescribeQuery (updated) Link ¶
Changes (response) 
{'DeliveryS3Uri': 'string',
 'DeliveryStatus': 'SUCCESS | FAILED | FAILED_SIGNING_FILE | PENDING | '
                   'RESOURCE_NOT_FOUND | ACCESS_DENIED | '
                   'ACCESS_DENIED_SIGNING_FILE | CANCELLED | UNKNOWN'}

Returns metadata about a query, including query run time in milliseconds, number of events scanned and matched, and query status. You must specify an ARN for EventDataStore, and a value for QueryID.

See also: AWS API Documentation

Request Syntax

client.describe_query(
    EventDataStore='string',
    QueryId='string'
)
type EventDataStore:

string

param EventDataStore:

[REQUIRED]

The ARN (or the ID suffix of the ARN) of an event data store on which the specified query was run.

type QueryId:

string

param QueryId:

[REQUIRED]

The query ID.

rtype:

dict

returns:

Response Syntax

{
    'QueryId': 'string',
    'QueryString': 'string',
    'QueryStatus': 'QUEUED'|'RUNNING'|'FINISHED'|'FAILED'|'CANCELLED'|'TIMED_OUT',
    'QueryStatistics': {
        'EventsMatched': 123,
        'EventsScanned': 123,
        'BytesScanned': 123,
        'ExecutionTimeInMillis': 123,
        'CreationTime': datetime(2015, 1, 1)
    },
    'ErrorMessage': 'string',
    'DeliveryS3Uri': 'string',
    'DeliveryStatus': 'SUCCESS'|'FAILED'|'FAILED_SIGNING_FILE'|'PENDING'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'ACCESS_DENIED_SIGNING_FILE'|'CANCELLED'|'UNKNOWN'
}

Response Structure

  • (dict) --

    • QueryId (string) --

      The ID of the query.

    • QueryString (string) --

      The SQL code of a query.

    • QueryStatus (string) --

      The status of a query. Values for QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED

    • QueryStatistics (dict) --

      Metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query's creation time.

      • EventsMatched (integer) --

        The number of events that matched a query.

      • EventsScanned (integer) --

        The number of events that the query scanned in the event data store.

      • BytesScanned (integer) --

        The total bytes that the query scanned in the event data store. This value matches the number of bytes for which your account is billed for the query, unless the query is still running.

      • ExecutionTimeInMillis (integer) --

        The query's run time, in milliseconds.

      • CreationTime (datetime) --

        The creation time of the query.

    • ErrorMessage (string) --

      The error message returned if a query failed.

    • DeliveryS3Uri (string) --

      The URI for the S3 bucket where CloudTrail delivered query results, if applicable.

    • DeliveryStatus (string) --

      The delivery status.

StartQuery (updated) Link ¶
Changes (request) 
{'DeliveryS3Uri': 'string'}

Starts a CloudTrail Lake query. The required QueryStatement parameter provides your SQL query, enclosed in single quotation marks. Use the optional DeliveryS3Uri parameter to deliver the query results to an S3 bucket.

See also: AWS API Documentation

Request Syntax

client.start_query(
    QueryStatement='string',
    DeliveryS3Uri='string'
)
type QueryStatement:

string

param QueryStatement:

[REQUIRED]

The SQL code of your query.

type DeliveryS3Uri:

string

param DeliveryS3Uri:

The URI for the S3 bucket where CloudTrail delivers the query results.

rtype:

dict

returns:

Response Syntax

{
    'QueryId': 'string'
}

Response Structure

  • (dict) --

    • QueryId (string) --

      The ID of the started query.