Create event data source for this query

83 Views Asked by shantanuo At 13 July 2023 at 08:37

I am trying to execute this query in cloudwatch lake.

SELECT
    *
FROM
    $EDS_ID 
WHERE
    eventsource = 'signin.amazonaws.com'  
    AND eventname = 'ConsoleLogin'  
    AND Element_at(additionaleventdata, 'MFAUsed' 
    ) = 'No'

But I am not able to create Event Data Source correctly. Because the relevant signin option is not available in the drop-down. Available "Data event type" are like S3, Lambda, etc.

Original Q&A

There are 1 best solutions below

Vasyl Herman On 15 July 2023 at 13:33

I suppose you mean CloudTrail Lake and creating Event data store.

You do not need to select the Data Events box. All you need to make it work is the Management events.

Leave all by default when creating Event data store, and test the query:

SELECT
    *
FROM
    e1490c52-11ee-44be-827e-2cefa50780ab
WHERE
    eventName='ConsoleLogin'
    AND eventsource='signin.amazonaws.com'
    AND Element_at(additionaleventdata, 'MFAUsed' 
    ) = 'No'

where e1490c52-11ee-44be-827e-2cefa50780ab is Event data store ID

Create event data source for this query

There are 1 best solutions below

Related Questions in AMAZON-CLOUDWATCH

Related Questions in AMAZON-CLOUDTRAIL

Trending Questions

Popular # Hahtags

Popular Questions