检索某账号AKSK在指定时间范围内做了什么
如果不是使用us-east-1的日志,注意替换"amazon_security_lake_table_us_east_1_cloud_trail_mgmt_1_0"
需要替换里面的<your account id>,比如123456789012;
替换里面的<your credential uid>,比如AKIAY625JPUY55PBUEWT
替换eventday为你想要查询的时间范围:
SELECT api.operation, api.service.name, src_endpoint.ip, severity, status
FROM "amazon_security_lake_table_us_east_1_cloud_trail_mgmt_1_0"
WHERE accountid = <your account id>
AND actor.user.credential_uid = <your credential uid>
AND eventday >= '20231008'
AND eventday <= '20231008'
GROUP BY api.operation, api.service.name, src_endpoint.ip, severity, status
ORDER BY src_endpoint.ip最后更新于