in detection-ml-wksp/aws_lambda/cloudtrail_ingest.py [0:0]
def load_cloudtrail_log(s3_client, bucket, key):
"""
Loads a CloudTrail log file, decompresses it, and extracts its records.
:param s3_client: Boto3 S3 client
:param bucket: Bucket where log file is located
:param key: Key to the log file object in the bucket
:return: list of CloudTrail records
"""
response = s3_client.get_object(Bucket=bucket, Key=key)
logger.info('Loading CloudTrail log file s3://{}/{}'.format(bucket, key))
with io.BytesIO(response['Body'].read()) as obj:
with gzip.GzipFile(fileobj=obj) as logfile:
records = json.load(logfile)['Records']
sorted_records = sorted(records, key=lambda r: r['eventTime'])
logger.info('Number of records in log file: {}'.format(len(sorted_records)))
return sorted_records