This is a script to export logs from AWS CloudTrail to a local file.
- python 3
- boto3
- pip
First of all you need to clone this repository:
git clone https://github.com/claick-oliveira/cloudtrail-export-logs.gitAfter clone access the folder:
cd cloudtrail-export-logsTo run the script you need to feel some arguments:
- "-s", "--startime": The start time to get the logs, example 2021-12-01
- "-e", "--endtime": The end time to get the logs, example 2021-12-31
- "-r", "--region": The AWS region to get the logs, example us-east-1
- "-a", "--accountid": The Account ID to get the logs: example 012345678901
Valid timestamp formats:
- 1422317782
- 1422317782.0
- 01-27-2015
- 01-27-2015,01:16PM
- "01-27-2015, 01:16 PM"
- "01/27/2015, 13:16"
- 2015-01-27
- "2015-01-27, 01:16 PM"
Example of command:
python3 export.py --startime 2021-12-01 --endtime 2021-12-31 --region us-east-1 --accountid 012345678901The script will generate a structure like this:
|-- output
| `-- 012345678901
| `-- us-east-1
| `-- cloudtrail-from-2021-12-01-to-2021-12-31-ID-012345678901-region-us-east-1.txtTo execute this script on environment with switch role, use the script export_role.py. This script there is an argument to specify the role ARN:
- "-arn", "--arn": The Role ARN to switch, example arn:aws:iam::016075864677:role/CloudTrailAssumeRole
To delete the script, you can run the following command to delete the folder:
rm -rf cloudtrail-export-logsPlease read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
- Claick Oliveira - Initial work - claick-oliveira
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE file for details