<p>仕事でよく使うクエリ</p>
<p>EC2インスタンス新規作成</p>
<div class="code-block-container"><pre><code>SELECT *
FROM sample_table
WHERE eventName='RunInstances'
 AND region = 'ap-northeast-1'
 AND date = '2022/03/05';
</code></pre></div><p>CloudFormationスタック作成</p>
<div class="code-block-container"><pre><code>SELECT *
FROM sample_table
WHERE eventName='CreateStack'
 AND region = 'ap-northeast-1'
 AND date = '2022/03/05';
</code></pre></div><p>IAMロールが使用したAPI、呼び出し数の集計</p>
<div class="code-block-container"><pre><code>SELECT DISTINCT(eventname),COUNT(*)
FROM sample_table
WHERE useridentity.sessioncontext.sessionissuer.arn =
'arn:aws:iam::000000000000:role/SampleRole'
 AND region = 'ap-northeast-1'
 AND date = '2022/03/05'
 GROUP BY eventname
 ORDER BY 2 desc;
</code></pre></div>

CloudTrailログ検索時に使うAthenaクエリ例

Discussion