AWS CLI CloudTrail "lookup-events" filter accessKeyId

I want to read events from the CloudTrail only with a specific accessKeyId.

I saw the command "aws cloudtrail lookup-events", but the attributes for filter are only: Event ID,Event name,Event source,Resource name,Resource type,User name

How can I do it?

Thanks!

aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=${ACCESS_KEY_ID}

from here: https://deeb.me/20190201/list-ips-from-cloudtrail-events

Viewing CloudTrail Events with the AWS CLI, The AWS CLI includes several other commands that help you manage your trails. These commands add tags to trails, get trail status, start and stop logging for� CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service.

If you're willing to download the data using the AWS CLI:

aws s3 sync s3://path/to/CloudTrail/data/2020/05/27 .

Then you can do multiple one-liner queries using jq, for example:

zcat *.gz | jq '.Records[] | select(.userIdentity.accessKeyId == "ACCESS_KEY_ID")

Managing Trails With the AWS CLI, Make sure you have a recent version of the AWS CLI installed. For more information, see the AWS Command Line Interface User Guide. For help with CloudTrail� AWS CloudTrail makes it easier to ensure compliance with internal policies and regulatory standards by providing a history of activity in your AWS account. For more information, download the AWS compliance whitepaper, “ Security at Scale: Logging in AWS.

aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=accessKeyId

Creating, Updating, and Managing Trails with the AWS Command , How do I use AWS CloudTrail to search a given resource for following examples are run from the AWS Command Line Interface (AWS CLI). How to look up and filter CloudTrail events by using the AWS CLI. AWS Documentation AWS CloudTrail User Guide Prerequisites Getting command line help Looking up events Specifying the number of events to return Looking up events by time range Looking up events by attribute Specifying the next page of results Getting JSON input from a file Lookup Output Fields

Search for Resource Actions Using CloudTrail, As an alternative to searching for events in the CloudWatch console, you can use the AWS Command Line Interface (AWS CLI) command� AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail. If

Use CloudTrail to Review What Actions Occurred In Your AWS , How to look up and filter CloudTrail Insights events by using the AWS CLI. Your AWS account has two CloudTrail trails. One trail captures management events; the second trail captures only data events. Both trails deliver events to the S3 bucket(s) that you define.

Viewing CloudTrail Insights Events with the AWS CLI, This includes activity made through the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs. For an ongoing record of events� Users with CloudTrail permissions in member accounts will be able to see this trail when they log into the AWS CloudTrail console from their AWS accounts, or when they run AWS CLI commands such as describe-trail. However, users in member accounts will not have sufficient permissions to delete the organization trail, turn logging on or off, change what types of events are logged, or otherwise alter the organization trail in any way.