cloudtrail_log

package

v0.14.2 Latest Latest Go to latest Published: Jul 28, 2025 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/turbot/tailpipe-plugin-aws

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewCloudTrailLogExtractor() artifact_source.Extractor
type CloudTrailLog
- func (c *CloudTrailLog) GetColumnDescriptions() map[string]string
type CloudTrailLogBatch
type CloudTrailLogExtractor
- func (c *CloudTrailLogExtractor) Extract(_ context.Context, a any) ([]any, error)
- func (c *CloudTrailLogExtractor) Identifier() string
type CloudTrailLogTable
type CloudTrailMapper
- func (m *CloudTrailMapper) Identifier() string
- func (m *CloudTrailMapper) Map(_ context.Context, a any, _ ...mappers.MapOption[*CloudTrailLog]) (*CloudTrailLog, error)
type Resource
type SessionAttributes
type SessionContext
type SessionIssuer
type TLSDetails
type UserIdentity
type WebIdFederationData

Constants ¶

View Source

const CloudTrailLogTableIdentifier = "aws_cloudtrail_log"

Variables ¶

This section is empty.

Functions ¶

func NewCloudTrailLogExtractor ¶

func NewCloudTrailLogExtractor() artifact_source.Extractor

NewCloudTrailLogExtractor creates a new CloudTrailLogExtractor

Types ¶

type CloudTrailLog ¶

type CloudTrailLog struct {
	// embed required enrichment fields
	schema.CommonFields

	// json tags for marshalling to/from the source & parquet tags handle the parquet column names for the table
	AdditionalEventData          *map[string]interface{} `json:"additionalEventData,omitempty" parquet:"name=additional_event_data, type=JSON"`
	APIVersion                   *string                 `json:"apiVersion,omitempty" parquet:"name=api_version"`
	AwsRegion                    string                  `json:"awsRegion" parquet:"name=aws_region"`
	EdgeDeviceDetails            *map[string]interface{} `json:"edgeDeviceDetails,omitempty" parquet:"name=edge_device_details, type=JSON"`
	ErrorCode                    *string                 `json:"errorCode,omitempty" parquet:"name=error_code"`
	ErrorMessage                 *string                 `json:"errorMessage,omitempty" parquet:"name=error_message"`
	EventCategory                string                  `json:"eventCategory,omitempty" parquet:"name=event_category"`
	EventID                      string                  `json:"eventID" parquet:"name=event_id"`
	EventName                    string                  `json:"eventName" parquet:"name=event_name"`
	EventSource                  string                  `json:"eventSource" parquet:"name=event_source"`
	EventTime                    *time.Time              `json:"eventTime" parquet:"name=event_time"`
	EventType                    string                  `json:"eventType" parquet:"name=event_type"`
	EventVersion                 string                  `json:"eventVersion" parquet:"name=event_version"`
	ManagementEvent              *bool                   `json:"managementEvent,omitempty" parquet:"name=management_event"`
	ReadOnly                     *bool                   `json:"readOnly,omitempty" parquet:"name=read_only"`
	RecipientAccountId           string                  `json:"recipientAccountId,omitempty" parquet:"name=recipient_account_id"`
	RequestID                    *string                 `json:"requestID,omitempty" parquet:"name=request_id"`
	RequestParameters            *map[string]interface{} `json:"requestParameters,omitempty" parquet:"name=request_parameters, type=JSON"`
	Resources                    []*Resource             `json:"resources,omitempty" parquet:"name=resources, type=JSON"`
	ResponseElements             *map[string]interface{} `json:"responseElements,omitempty" parquet:"name=response_elements, type=JSON"`
	ServiceEventDetails          *map[string]interface{} `json:"serviceEventDetails,omitempty" parquet:"name=service_event_details, type=JSON"`
	SessionCredentialFromConsole *string                 `json:"sessionCredentialFromConsole,omitempty" parquet:"name=session_credential_from_console"`
	SharedEventID                *string                 `json:"sharedEventID,omitempty" parquet:"name=shared_event_id"`
	SourceIPAddress              *string                 `json:"sourceIPAddress,omitempty" parquet:"name=source_ip_address"`
	TLSDetails                   *TLSDetails             `json:"tlsDetails,omitempty" parquet:"name=tls_details"`
	UserAgent                    *string                 `json:"userAgent,omitempty" parquet:"name=user_agent"`
	UserIdentity                 UserIdentity            `json:"userIdentity" parquet:"name=user_identity"`
	VpcEndpointId                string                  `json:"vpcEndpointId,omitempty" parquet:"name=vpc_endpoint_id"`
}

func (*CloudTrailLog) GetColumnDescriptions ¶

func (c *CloudTrailLog) GetColumnDescriptions() map[string]string

type CloudTrailLogBatch ¶

type CloudTrailLogBatch struct {
	Records []CloudTrailLog `json:"Records"`
}

type CloudTrailLogExtractor ¶

type CloudTrailLogExtractor struct {
}

CloudTrailLogExtractor is an extractor that receives JSON serialised CloudTrailLogBatch objects and extracts CloudTrailLog records from them

func (*CloudTrailLogExtractor) Extract ¶

func (c *CloudTrailLogExtractor) Extract(_ context.Context, a any) ([]any, error)

Extract unmarshalls the artifact data as an CloudTrailLogBatch and returns the CloudTrailLog records

func (*CloudTrailLogExtractor) Identifier ¶

func (c *CloudTrailLogExtractor) Identifier() string

type CloudTrailLogTable ¶

type CloudTrailLogTable struct{}

CloudTrailLogTable - table for CloudTrailLog logs

func (*CloudTrailLogTable) EnrichRow ¶

func (t *CloudTrailLogTable) EnrichRow(row *CloudTrailLog, sourceEnrichmentFields schema.SourceEnrichment) (*CloudTrailLog, error)

EnrichRow implements table.Table

func (*CloudTrailLogTable) GetDescription ¶

func (t *CloudTrailLogTable) GetDescription() string

func (*CloudTrailLogTable) GetSourceMetadata ¶

func (t *CloudTrailLogTable) GetSourceMetadata() ([]*table.SourceMetadata[*CloudTrailLog], error)

func (*CloudTrailLogTable) Identifier ¶

func (t *CloudTrailLogTable) Identifier() string

Identifier implements table.Table

type CloudTrailMapper ¶

type CloudTrailMapper struct {
}

func (*CloudTrailMapper) Identifier ¶

func (m *CloudTrailMapper) Identifier() string

func (*CloudTrailMapper) Map ¶

func (m *CloudTrailMapper) Map(_ context.Context, a any, _ ...mappers.MapOption[*CloudTrailLog]) (*CloudTrailLog, error)

type Resource ¶

type Resource struct {
	AccountId *string `json:"accountId,omitempty"`
	ARN       *string `json:"ARN,omitempty"`
	Type      *string `json:"type,omitempty"`
}

type SessionAttributes ¶

type SessionAttributes struct {
	CreationDate     *types.UnixMillis `json:"creationDate,omitempty" parquet:"name=creation_date"`
	MfaAuthenticated *string           `json:"mfaAuthenticated,omitempty" parquet:"name=mfa_authenticated"`
}

type SessionContext ¶

type SessionContext struct {
	Attributes          *SessionAttributes   `json:"attributes,omitempty" parquet:"name=attributes"`
	EC2RoleDelivery     *string              `json:"ec2RoleDelivery,omitempty" parquet:"name=ec2_role_delivery"`
	SessionIssuer       *SessionIssuer       `json:"sessionIssuer,omitempty" parquet:"name=session_issuer"`
	WebIdFederationData *WebIdFederationData `json:"webIdFederationData,omitempty" parquet:"name=web_id_federation_data"`
}

type SessionIssuer ¶

type SessionIssuer struct {
	AccountId   *string `json:"accountId,omitempty" parquet:"name=account_id"`
	ARN         *string `json:"arn,omitempty" parquet:"name=arn"`
	PrincipalId *string `json:"principalId,omitempty" parquet:"name=principal_id"`
	Type        *string `json:"type,omitempty" parquet:"name=type"`
	UserName    *string `json:"userName,omitempty" parquet:"name=user_name"`
}

type TLSDetails ¶

type TLSDetails struct {
	CipherSuite              *string `json:"cipherSuite,omitempty" parquet:"name=cipher_suite"`
	ClientProvidedHostHeader *string `json:"clientProvidedHostHeader,omitempty" parquet:"name=client_provided_host_header"`
	TLSVersion               *string `json:"tlsVersion,omitempty" parquet:"name=tls_version"`
}

type UserIdentity ¶

type UserIdentity struct {
	AccessKeyId      *string         `json:"accessKeyId,omitempty" parquet:"name=access_key_id"`
	AccountId        *string         `json:"accountId,omitempty" parquet:"name=account_id"`
	ARN              *string         `json:"arn,omitempty" parquet:"name=arn"`
	IdentityProvider *string         `json:"identityProvider,omitempty" parquet:"name=identity_provider"`
	InvokedBy        *string         `json:"invokedBy,omitempty" parquet:"name=invoked_by"`
	PrincipalId      *string         `json:"principalId,omitempty" parquet:"name=principal_id"`
	SessionContext   *SessionContext `json:"sessionContext,omitempty" parquet:"name=session_context"`
	Type             string          `json:"type" parquet:"name=type"`
	UserName         *string         `json:"userName,omitempty" parquet:"name=user_name"`
}

type WebIdFederationData ¶

type WebIdFederationData struct {
	Attributes        *types.JSONString `json:"attributes,omitempty" parquet:"name=attributes, type=JSON"`
	FederatedProvider *string           `json:"federatedProvider,omitempty" parquet:"name=federated_provider"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL