From d54671e2193e86741a73dd9a1313d338601bddd6 Mon Sep 17 00:00:00 2001 From: spalanisamy Date: Mon, 22 Jan 2024 20:23:29 +0530 Subject: [PATCH] Issue with CloudTrail digest fixed --- serverless.yml | 2 +- src/handler.py | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/serverless.yml b/serverless.yml index 0e61d1c..302f14d 100644 --- a/serverless.yml +++ b/serverless.yml @@ -43,7 +43,7 @@ functions: LICENSE_KEY: ${env:LICENSE_KEY} LOG_TYPE: ${env:LOG_TYPE} DEBUG_ENABLED: ${env:DEBUG_ENABLED} - S3_CLOUDTRAIL_LOG_PATTERN: ${env:S3_CLOUDTRAIL_LOG_PATTERN} + S3_CLOUD_TRAIL_LOG_PATTERN: ${env:S3_CLOUD_TRAIL_LOG_PATTERN} S3_IGNORE_PATTERN: ${env:S3_IGNORE_PATTERN} BATCH_SIZE_FACTOR: ${env:BATCH_SIZE_FACTOR} ADDITIONAL_ATTRIBUTES: ${env:ADDITIONAL_ATTRIBUTES} diff --git a/src/handler.py b/src/handler.py index a9d3b10..d4beff5 100644 --- a/src/handler.py +++ b/src/handler.py @@ -104,10 +104,16 @@ def _isCloudTrail(key=None, regex_pattern=None): """ if not regex_pattern: regex_pattern = _get_optional_env( - "S3_CLOUDTRAIL_LOG_PATTERN", ".*CloudTrail.*\.json.gz$") + "S3_CLOUD_TRAIL_LOG_PATTERN", ".*_CloudTrail_.*\.json.gz$") return bool(re.search(regex_pattern, key)) +def _isCloudTrailDigest(key=None): + """ + This functions checks whether this log file is a CloudTrail-Digest based on regex pattern. + """ + return bool(re.search(".*_CloudTrail-Digest_.*\.json.gz$", key)) + def _convert_float(s): try: f = float(s) @@ -284,6 +290,9 @@ async def _fetch_data_from_s3(bucket, key, context): "s3_key": key } log_file_url = "s3://{}/{}".format(bucket, key) + if _isCloudTrailDigest(key): + # CloudTrail-Digest will not have any logs in it. Hence, no need to continue further + return async with aiohttp.ClientSession() as session: log_batches = [] batch_request = []