I am running the following code and I can see CloudTrail events in the console and also comes in the cli ( that means I using the correct token ) but the response is empty. What is the wrong in the code? Though I didn't need all regions but ran the code through all available to see if I can get response from any of the regions.
This cli provides output aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventSource,AttributeValue=sts.amazonaws.com --max-items 10
But this code does not. The commented lines does not make any difference if uncomment them.
import datetime
ec2_client = boto3.client('ec2')
response = ec2_client.describe_regions(AllRegions=True)
for reg in response['Regions']:
print (reg['RegionName'])
try:
ct_client = boto3.client('cloudtrail', region_name=reg['RegionName'] )
response = ct_client.lookup_events(
LookupAttributes=[
{
'AttributeKey': 'EventSource',
'AttributeValue': "sts.amazonaws.com"
},
],
# StartTime=datetime.datetime.now() - datetime.timedelta(minutes=10000),
# EndTime=datetime.datetime.now(),
EventCategory='insight',
MaxResults=30,
)
print (response)
except Exception as e:
print (e)```
Resolved after removing EventCategory.