The execution of commands is primarily verified in AWS Cloud9.
If you would like to provide command examples, please submit them through the contact form.
You may also use this form to request corrections for the listed command examples.
List times and users who attempted to launch EC2 in the last 90 days
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=EventName,AttributeValue=RunInstances \
--query 'Events[*].[EventTime, Username] | map(&[], @)' \
--output textoutput
2024-05-10T07:00:19+09:00 i-5203422c
2024-05-10T07:00:19+09:00 AutoScaling
2024-05-09T07:00:16+09:00 UserA
2024-05-09T07:00:13+09:00 UserB
2024-05-08T07:00:16+09:00 UserC
2024-05-08T07:00:13+09:00 UserD
<以下省略>by anonymous
List times and users for which EC2 failed to start in the last 90 days
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=EventName,AttributeValue=RunInstances \
--query 'Events[?contains(CloudTrailEvent,`errorMessage`)].[EventTime, Username] | map(&[], @)' \
--output textoutput
2024-05-10T07:00:19+09:00 i-5203422c
2024-05-08T07:00:16+09:00 UserC
2024-05-08T07:00:13+09:00 UserD
<以下省略>by anonymous
List the times, instance IDs, and users who launched EC2 in the past 90 days
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=EventName,AttributeValue=RunInstances \
--query 'Events[?!contains(CloudTrailEvent,`errorMessage`)].[EventTime, Resources[?ResourceType==`AWS::EC2::Instance`].ResourceName[], Username] | map(&[], @)' \
--output textoutput
2024-05-10T07:00:19+09:00 i-5203422c AutoScaling
2024-05-09T07:00:16+09:00 i-5203422d UserA
2024-05-09T07:00:13+09:00 i-5203422e UserB
<以下省略>by anonymous
List times and actions and users who interacted with a specific route table in the last 3 days
start=$(date --date '3 days ago' '+%s')
aws cloudtrail lookup-events \
--lookup-attributes AttributeKey=ResourceType,AttributeValue=AWS::EC2::RouteTable \
--start-time $start \
--query 'Events[?Resources[0].ResourceName==`rtb-01234567890123456`].[EventTime, EventName, Username]' \
--output textoutput
2024-05-18T13:26:30+00:00 DeleteRoute UserA
2024-05-18T13:25:42+00:00 CreateRoute UserB
2024-05-18T13:05:00+00:00 AssociateRouteTable UserA
2024-05-18T12:30:28+00:00 DeleteRoute UserB
<以下省略>by anonymous
