LookupEvents
Looks up management events or CloudTrail Insights events that are captured by CloudTrail. You can look up events that occurred in a Region within the last 90 days.
Note
LookupEvents
returns recent Insights events for trails that enable Insights. To view Insights events for an event data store, you can run queries on your
Insights event data store, and you can also view the Lake dashboard for Insights.
Lookup supports the following attributes for management events:
-
AWS access key
-
Event ID
-
Event name
-
Event source
-
Read only
-
Resource name
-
Resource type
-
User name
Lookup supports the following attributes for Insights events:
-
Event ID
-
Event name
-
Event source
All attributes are optional. The default number of results returned is 50, with a maximum of 50 possible. The response includes a token that you can use to get the next page of results.
Important
The rate of lookup requests is limited to two per second, per account, per Region. If this limit is exceeded, a throttling error occurs.
Request Syntax
{
"EndTime": number
,
"EventCategory": "string
",
"LookupAttributes": [
{
"AttributeKey": "string
",
"AttributeValue": "string
"
}
],
"MaxResults": number
,
"NextToken": "string
",
"StartTime": number
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- EndTime
-
Specifies that only events that occur before or at the specified time are returned. If the specified end time is before the specified start time, an error is returned.
Type: Timestamp
Required: No
- EventCategory
-
Specifies the event category. If you do not specify an event category, events of the category are not returned in the response. For example, if you do not specify
insight
as the value ofEventCategory
, no Insights events are returned.Type: String
Valid Values:
insight
Required: No
- LookupAttributes
-
Contains a list of lookup attributes. Currently the list can contain only one item.
Type: Array of LookupAttribute objects
Required: No
- MaxResults
-
The number of events to return. Possible values are 1 through 50. The default is 50.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 50.
Required: No
- NextToken
-
The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken should include those same parameters.
Type: String
Required: No
- StartTime
-
Specifies that only events that occur after or at the specified time are returned. If the specified start time is after the specified end time, an error is returned.
Type: Timestamp
Required: No
Response Syntax
{
"Events": [
{
"AccessKeyId": "string",
"CloudTrailEvent": "string",
"EventId": "string",
"EventName": "string",
"EventSource": "string",
"EventTime": number,
"ReadOnly": "string",
"Resources": [
{
"ResourceName": "string",
"ResourceType": "string"
}
],
"Username": "string"
}
],
"NextToken": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- Events
-
A list of events returned based on the lookup attributes specified and the CloudTrail event. The events list is sorted by time. The most recent event is listed first.
Type: Array of Event objects
- NextToken
-
The token to use to get the next page of results after a previous API call. If the token does not appear, there are no more results to return. The token must be passed in with the same parameters as the previous call. For example, if the original call specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken should include those same parameters.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidEventCategoryException
-
Occurs if an event category that is not valid is specified as a value of
EventCategory
.HTTP Status Code: 400
- InvalidLookupAttributesException
-
Occurs when a lookup attribute is specified that is not valid.
HTTP Status Code: 400
- InvalidMaxResultsException
-
This exception is thrown if the limit specified is not valid.
HTTP Status Code: 400
- InvalidNextTokenException
-
A token that is not valid, or a token that was previously used in a request with different parameters. This exception is thrown if the token is not valid.
HTTP Status Code: 400
- InvalidTimeRangeException
-
Occurs if the timestamp values are not valid. Either the start time occurs after the end time, or the time range is outside the range of possible values.
HTTP Status Code: 400
- OperationNotPermittedException
-
This exception is thrown when the requested operation is not permitted.
HTTP Status Code: 400
- UnsupportedOperationException
-
This exception is thrown when the requested operation is not supported.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: