Created
February 17, 2020 14:14
-
-
Save matthew-harper/1b73476c1193a4b35beae4cab0e61e4c to your computer and use it in GitHub Desktop.
filter CloudTrail events by source and event type
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def filter_user_events(event) -> bool: | |
| is_match = match_user_agent(event['userAgent']) | |
| is_read_only = match_readonly_event_name(event['eventName']) | |
| is_ignored_event = match_ignored_events(event['eventName']) | |
| is_in_event = 'invokedBy' in event['userIdentity'] and event['userIdentity']['invokedBy'] == 'AWS Internal' | |
| status = is_match and not is_read_only and not is_ignored_event and not is_in_event | |
| return status |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment