| agent: |
IPgiiFGPctOYk8Zy2dudFilter out redundant regional AWS CloudTrail Trails
Filter out redundant regional AWS CloudTrail Trails
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
This task detects redundant regional trails within AWS CloudTrail. Occasionally, users might inadvertently create multiple trails in the same region, which not only results in redundant data collection but also incurs additional costs. These unnecessary trails can capture identical events and consume extra storage, leading to inefficiency and clutter. This task scans through all the regional trails in each AWS region and pinpoints the redundant ones. By identifying redundant trails, the script aids administrators in optimizing their AWS CloudTrail configuration, thereby promoting efficient resource utilization and cost-effectiveness.
inputs
outputs
import boto3
#all_trails = [{'Name': 'ctrail_123', 'S3BucketName': 'aws-cloudtrail-logs-355237452254-0d3050fa', 'IncludeGlobalServiceEvents': True, 'IsMultiRegionTrail': True, 'HomeRegion': 'us-east-1', 'TrailARN': 'arn:aws:cloudtrail:us-east-1:355237452254:trail/ctrail_123', 'LogFileValidationEnabled': True, 'HasCustomEventSelectors': True, 'HasInsightSelectors': True, 'IsOrganizationTrail': False}, {'Name': 'c_global', 'S3BucketName': 'aws-cloudtrail-logs-355237452254-0d3050fa', 'IncludeGlobalServiceEvents': True, 'IsMultiRegionTrail': True, 'HomeRegion': 'us-west-2', 'TrailARN': 'arn:aws:cloudtrail:us-west-2:355237452254:trail/c_global', 'LogFileValidationEnabled': False, 'HasCustomEventSelectors': True, 'HasInsightSelectors': False, 'IsOrganizationTrail': False}, {'Name': 'ctrail_oregon', 'S3BucketName': 'aws-cloudtrail-logs-355237452254-0d3050fa', 'IncludeGlobalServiceEvents': False, 'IsMultiRegionTrail': False, 'HomeRegion': 'us-west-2', 'TrailARN': 'arn:aws:cloudtrail:us-west-2:355237452254:trail/ctrail_oregon', 'LogFileValidationEnabled': True, 'HasCustomEventSelectors': True, 'HasInsightSelectors': True, 'IsOrganizationTrail': False}]
if all_trails:
# Identifying global and organization trails
global_trails = [trail for trail in all_trails if trail['IsMultiRegionTrail']]
org_trails = [trail for trail in all_trails if trail.get('IsOrganizationTrail', False)]
print(f"INFO: Identified {len(global_trails)} global trails and {len(org_trails)} organization trails")
# Counting regional trails per region
regional_trails_count = {}
for trail in all_trails:
if not trail['IsMultiRegionTrail'] and not trail.get('IsOrganizationTrail', False):
regional_trails_count[trail['HomeRegion']] = regional_trails_count.get(trail['HomeRegion'], 0) + 1
print(f"INFO: Count of regional trails per region: {regional_trails_count}")
# Identifying and printing redundant regional trails
redundant_trails_found = False
for trail in all_trails:
try:
if not trail['IsMultiRegionTrail'] and not trail.get('IsOrganizationTrail', False):
status = 'alarm' if (len(global_trails) > 0 or len(org_trails) > 0 or regional_trails_count[trail['HomeRegion']] > 1) else 'ok'
redundant_trails_found = True if status == 'alarm' else redundant_trails_found
reason = f"{trail['Name']} is redundant to: "
if len(global_trails) > 0:
reason += f"Global Trails: {', '.join([gt['Name'] for gt in global_trails])} "
if len(org_trails) > 0:
reason += f"Organization Trails: {', '.join([ot['Name'] for ot in org_trails])} "
if regional_trails_count[trail['HomeRegion']] > 1:
reason += f"other {regional_trails_count[trail['HomeRegion']]-1} regional trails in {trail['HomeRegion']}."
print(f"Resource: {trail['TrailARN']}, Status: {status}, Reason: {reason}, Region: {trail['HomeRegion']}, Account ID: {trail['TrailARN'].split(':')[4]}")
except Exception as e:
print(f"ERROR: An error occurred while processing trail {trail['Name']}: {e}")
if not redundant_trails_found:
print("INFO: No redundant trails found")
else:
print("No trails were provided.")
copied