Edited at

全リージョンのCloudTrailロギングを有効にするワンライナー

More than 5 years have passed since last update.


準備


  1. AWS CLIが使えるようにしておく

  2. 使用するbucketにあらかじめポリシーを設定しておく→ドキュメント

{

"Version": "2008-10-17",
"Statement": [
{
"Sid": "AWSCloudTrailAclCheck20131101",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::903692715234:root",
"arn:aws:iam::859597730677:root",
"arn:aws:iam::814480443879:root",
"arn:aws:iam::216624486486:root",
"arn:aws:iam::086441151436:root",
"arn:aws:iam::388731089494:root",
"arn:aws:iam::284668455005:root",
"arn:aws:iam::113285607260:root"
]
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::j3tm0t0-audit"
},
{
"Sid": "AWSCloudTrailWrite20131101",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::903692715234:root",
"arn:aws:iam::859597730677:root",
"arn:aws:iam::814480443879:root",
"arn:aws:iam::216624486486:root",
"arn:aws:iam::086441151436:root",
"arn:aws:iam::388731089494:root",
"arn:aws:iam::284668455005:root",
"arn:aws:iam::113285607260:root"
]
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::j3tm0t0-audit/AWSLogs/*/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}


実行

% for x in `aws ec2 describe-regions --output text --query 'Regions[*].RegionName'` ; do aws cloudtrail create-trail --name Default --s3-bucket-name j3tm0t0-audit --include-global-service-events --region $x ; aws cloudtrail start-logging --name Default --region $x ; done

{
"IncludeGlobalServiceEvents": true,
"Name": "Default",
"S3BucketName": "j3tm0t0-audit"
}
{
"IncludeGlobalServiceEvents": true,
"Name": "Default",
"S3BucketName": "j3tm0t0-audit"
}
{
"IncludeGlobalServiceEvents": true,
"Name": "Default",
"S3BucketName": "j3tm0t0-audit"
}
{
"IncludeGlobalServiceEvents": true,
"Name": "Default",
"S3BucketName": "j3tm0t0-audit"
}
{
"IncludeGlobalServiceEvents": true,
"Name": "Default",
"S3BucketName": "j3tm0t0-audit"
}
{
"IncludeGlobalServiceEvents": true,
"Name": "Default",
"S3BucketName": "j3tm0t0-audit"
}
{
"IncludeGlobalServiceEvents": true,
"Name": "Default",
"S3BucketName": "j3tm0t0-audit"
}
{
"IncludeGlobalServiceEvents": true,
"Name": "Default",
"S3BucketName": "j3tm0t0-audit"
}


追記

start-loggingするのを忘れてました...