我正在尝试创建一个通过 S3 触发器使用 CloudTrail 事件的 AWS Lambda 函数。此功能会在删除 CloudWatch 日志时发出警报。事件:
'eventSource':'logs.amazonaws.com'
和
“事件名称”:“删除日志流”
需要作为同一个事件一起被发现。我的活动中有数据,但我无法捕获和打印它。
import boto3
import gzip
import json
SNS_TOPIC = "<SNS TOPIC ARN>"
SNS_SUBJECT = "<SUBJECT>"
s3_client = boto3.client('s3')
sns_client = boto3.client('sns')
def handler(event, context):
for record in event['Records']:
bucket = record['s3']['bucket']['name']
key = record['s3']['object']['key']
# Fetch logs from S3
s3_object = s3_client.get_object(
Bucket=bucket,
Key=key,
)
# Extract file and metadata from gzipped S3 object
with gzip.open(s3_object['Body'], 'rb') as binaryObj:
binaryContent = binaryObj.read()
# Convert from binary data to text
raw_logs = binaryContent.decode()
# Change text into a dictionary
dict_logs = json.loads(raw_logs)
# Make sure json_logs key 'Records' exists
if 'Records' in dict_logs.keys():
print("Printing Dictionary Content: {} \n\n".format(dict_logs))
if dict_logs['Records'][0]['eventSource'] == 'logs.amazonaws.com' and dict_logs['Records'][0]['eventName'] == 'DeleteLogStream':
print("Found DeleteLogStream event from logs.amazonaws.com!")
# Print Key-Value pair for each item found
for key, value in dict_logs['Records'][0].items():
# Account for values that are also dictionaries
if isinstance(value, dict):
print("Parent Key: {}".format(key))
for k, v in value.items():
print("Subdict Key: {}".format(k))
print("Subdict Value: {}".format(v))
continue
else:
print("Key: {}".format(key))
print("Value: {}".format(value))
alert_message = "The following log was found: <extracted log contents here>"
# Publish message to SNS topic
sns_response = sns_client.publish(
TopicArn=SNS_TOPIC,
Message=alert_message,
Subject=SNS_SUBJECT,
MessageStructure='string',
)
else:
print("Records key not found")这是我得到的结果: 代码结果
我的代码出于调试目的打印键/值。为什么'DeleteLogStream'和'logs.amazonaws.com'值没有解析出来的任何想法?
下面的示例 json 事件: https ://raw.githubusercontent.com/danielkowalski1/general-scripts/master/sampleevent