in automated-actions/AWS_RISK_CREDENTIALS_EXPOSED/lambda_functions/lookup_cloudtrail_events.py [0:0]
def lambda_handler(event, context):
account_id = event['account_id']
time_discovered = event['time_discovered']
username = event['username']
deleted_key = event['deleted_key']
endtime = datetime.datetime.now() # Create start and end time for CloudTrail lookup
interval = datetime.timedelta(hours=24)
starttime = endtime - interval
print('Retrieving events...')
events = get_events(username, starttime, endtime)
print('Summarizing events...')
event_names, resource_names, resource_types = get_events_summaries(events)
return {
"account_id": account_id,
"time_discovered": time_discovered,
"username": username,
"deleted_key": deleted_key,
"event_names": event_names,
"resource_names": resource_names,
"resource_types": resource_types
}