AWS CloudTrail
App Vendor: Amazon
Connector Category: IT Services
Connector Version: 1.0.0
API Version: 1.0.0
About App
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. In Orchestrate, CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
The AWS CloudTrial app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get trail settings | This action obtains settings information for a specified trail. |
List trails | This action retrieves a list of trails that are in the current account. |
Lookup events | This action tracks down management or cloud trail insight events. |
Configuration Parameters
The following configuration parameters are required for the AWS CloudTrail app to communicate with the AWS CloudTrail enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access key ID | Enter the access key ID. | Text | Required | |
Secret access key | Enter the secret access key. | Password | Required |
Action: Get trail settings
This action obtains settings information for a specified trail.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Trail name | Enter the trail name. Example: Joe | Text | Required | |
Region name | Enter the region name. Example: us-east-2 | Text | Optional |
Example Request
[
{
"trail_name": "Joe Daniel",
"region_name": "us-east-2"
}
]Action: List trails
This action retrieves a list of trails that are in the current account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Region name | Enter the region name. Example: us-east-2 | Text | Optional |
Example Request
[
{
"region_name": "us-east-2"
}
]Action: Lookup events
This action tracks down management or cloud trail insight events.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Lookup attributes | Enter a list of lookup attributes. Example: [{"attributekey": "string", "attributevalue": "string"}] | Key Value | Required | |
Start time | Enter the start time in epoch format. Example: 549793734. | Integer | Required | Only Events that occur after or at the specified time are returned. |
End time | Enter the end time in epoch format. Example: 1549793734 | Integer | Required | Only Events that occur before or at the specified time are returned. |
Max results | Enter the maximum results to be retrieved on a page. Example: 10 | Integer | Optional | |
Event category | Enter the event category. | Text | Optional | Allowed value: insight |
Region name | Enter the region name. Example: us-east-2 | Text | Optional |
Example Request
[
{
"lookup_attributes":[
{
"username":"Anna"
}
],
"start_time":549793734,
"end_time":1549793734,
"max_results":10,
"event_category":"insight",
"region_name":"us-east-2"
}
]