CloudTrail logs provide information about AWS API calls and are useful in a variety of scenarios:
- Determining least privilege IAM policies
- Investigating security incidents
- Summarization of access for compliance
- Plain ole’ debugging
While the information they contain is undoubtedly useful, interacting with CloudTrail logs can be difficult.
CloudTrail logs are delivered to S3 as JSON by default, so you could download the files and parse…