Amazon web services 如何避免AWS cloud trail API调用中的结果变旧
我们正在使用AWS云跟踪来检索数据(云跟踪事件)。我们使用了gem'awsdkcloudtrail'(1.0版)。根据云追踪,我们最多可以检索50个结果(最新一次)。为了获取以前的(以前的一次)结果,我们使用在以前的响应中收到的“下一个令牌”。我们执行此操作,直到得到一个空的“下一个令牌”。当我们收到一个空令牌时,这意味着所有云跟踪数据都已被检索 例如: 假设Cloud Trail已登录100个事件: 在第一个api调用中,我们收到了最新的50个结果以及检索下一个50(旧的50)的令牌。 在第二个api调用中,我们将收到剩余的50个结果(较旧的结果)以及下一个标记nil。这意味着没有更多的结果可获取 在我们的例子中,我们将从跟踪中收到的所有结果保存在本地数据库中。我们定期重复此操作。 当第二次这样做时(重复上面解释的过程),我们再次收到一些更新和旧的结果。我们再次重复API调用,直到得到“next token”为nil。这将导致在执行第一个循环时接收已存储在数据库中的冗余数据。Amazon web services 如何避免AWS cloud trail API调用中的结果变旧,amazon-web-services,aws-sdk,amazon-cloudtrail,Amazon Web Services,Aws Sdk,Amazon Cloudtrail,我们正在使用AWS云跟踪来检索数据(云跟踪事件)。我们使用了gem'awsdkcloudtrail'(1.0版)。根据云追踪,我们最多可以检索50个结果(最新一次)。为了获取以前的(以前的一次)结果,我们使用在以前的响应中收到的“下一个令牌”。我们执行此操作,直到得到一个空的“下一个令牌”。当我们收到一个空令牌时,这意味着所有云跟踪数据都已被检索 例如: 假设Cloud Trail已登录100个事件: 在第一个api调用中,我们收到了最新的50个结果以及检索下一个50(旧的50)的令牌。 在第二
有没有办法只在wards上获取新记录的第二个周期的cloud trail事件。从本地数据库中选择max date,然后将其用作cloudtrail事件的开始日期您将“NextToken”保存在本地数据库中,并在下次调用API时传递它。这里有一个例子
import boto3
cloudtrail = boto3.client('cloudtrail')
paginator = cloudtrail.get_paginator('lookup_events')
StartingToken = None
page_iterator = paginator.paginate(
LookupAttributes=[{'AttributeKey':'EventName','AttributeValue': 'RunInstances'}],
PaginationConfig={'PageSize':10, 'StartingToken':StartingToken })
for page in page_iterator:
for event in page["Events"]:
print(event["EventName"],event["EventTime"])
try:
token_file = open("token","w")
token_file.write(page["NextToken"])
StartingToken = page["NextToken"]
except KeyError:
exit()
如@vorspring所说,您可以使用本地数据库中的最大事件日期时间 以下是您的用例/问题的详细解决方案:
1. Query to your local database to check that cloudtrail data is present in the local database.
IF yes
// It means you have stored some data from cloudtrail before.
// And now you are going to do request to cloudtrail for new trail events.
// Note - At a time of the first request you don't have a token (i.e. next-token)
GOTO Step 3
ELSE
// It means you have not stored any data from cloudtrail before.
// And now you are going to do the first request to cloudtrail.
// Note - At a time of the first request you don't have a token (i.e. next-token)
GOTO Step 2
2. LOOP true
token = nil
IF token
// Send request to cloudtrail to get next bactch of latest cloudtrail events, now pass token(i.e. next-token) as parameter.
// Which will return the maximum latest 50 trail events.
// It will also return next-token if more cloudtrail events are remaining.
IF next-token
token = next-token
ELSE
BREAK LOOP;
END
ELSE
// Send request to cloudtrail to get the latest cloudtrail events.
// Which will return the maximum latest 50 trail events.
// It will also return next-token if more cloudtrail events are remaining.
IF next-token
token = next-token
ELSE
BREAK LOOP;
END
END
END
3. LOOP true
token = nil
start_date_time = max_trail_event_date_time_form_local_db
IF token
// Send request to cloudtrail to get next bactch of latest cloudtrail events, now pass token and start_date_time(i.e. next-token and max_event_date_time_form_local_db) as parameters.
// Which will return the maximum latest 50 events which are logged after start_date_time.
// It will also return next-token if more cloudtrail events are remaining.
IF next-token
token = next-token
ELSE
BREAK LOOP;
END
ELSE
// Send request to cloudtrail to get the latest cloudtrail events, now pass start_date_time(i.e. max_trail_event_date_time_form_local_db) as parameter.
// Which will return the maximum latest 50 events which are logged after start_date_time.
// It will also return next-token if more cloudtrail events are remaining.
IF next-token
token = next-token
ELSE
BREAK LOOP;
END
END
END
希望这会有帮助