This changelog contains a loose collection of changes in every release including breaking changes to the API.
The format is based on Keep a Changelog
- Support for Python 3.12
- Support for Python 3.13
- Removed official support for EOL Python 3.7. TrailScraper might still run but we no longer actively test for it.
- Removed official support for EOL Python 3.8. TrailScraper might still run but we no longer actively test for it.
- Updated supporting dependencies
- Support for Python 3.10
- Support for Python 3.11
- Removed official support for EOL Python 3.6. TrailScraper might still run but we no longer actively test for it.
- Support for Python 3.9
- Removed official support for Python 3.5. TrailScraper might still run but we no longer actively test for it
- Moving from DockerHub to GitHub Container registry for Docker images (since DockerHub is dropping support for autobuilds and restricting it in other ways)
- Updated supporting dependencies
- Fixed Docker images that threw a
ModuleNotFoundError
- Performance tweaks
trailscraper download
uses smarter directory listing to improve performance with large date ranges and little new datatrailscraper download
now downloads files in parallel- Minor performance improvements in
trailscraper select
(skipeed because of continuing release-script issues)
(same as 0.6.1, just fixing inconsistent release)
- Support for Python 3.7 and 3.8
- Support for org-level trails (#101)
trailscraper guess
was not working when installed through homebrew or pip (#110)
- Removed official support for Python 2.7 and 3.4. TrailScraper might still run but we no longer actively test for it
- New command
guess
to extend existing policy by guessing matching actions #22
- Fixed parsing events that contain resources without an ARN (e.g.
s3:ListObjects
) #51
Breaking CLI changes: split up generate-policy
into select
and generate
(#38)
- New command
select
to print all CloudTrail records matching a filter to stdout - New command
generate
to take CloudTrail records from stdin and generate a policy for it
- New command
select
defaults to not filtering at all whereasgenerate-policy
filtered for recent events by default. Changed to make filtering more explicit and predictable instead of surprising users who wonder why their events don't show up
- Removed command
generate-policy
, replaced withselect
andgenerate
. Use pipes to produce the same behavior:$ trailscraper select | trailscraper generate
- Made trailscraper timezone-aware. Until now, trailscraper implicitly treated everything as UTC, meaning relative timestamps (e.g.
now
,two hours ago
) didn't work properly when filtering logfiles to download or records to generate from. (#39)
- New command
trailscraper last-event-timestamp
to get the last known event timestamp. - New flag
trailscraper download --wait
to wait until events for the specified timeframe are found. Useful if you are waiting for CloudTrail to ship logs for a recent operation.
skipped because of release-problems
- Fixed various special cases in mapping CloudTrail to IAM Actions:
- API Gateway
- App Stream 2
- DynamoDB Streams
- Lex
- Mechanical Turk
- S3
- STS
- Tagging
- Ignore record files that can't be read (e.g. not valid GZIP) in Python 2.7 (was only working in Python 3.* before)
- Fixed permissions generated for services that include the API version date (e.g. Lambda, CloudFront) (#20)
-
Support for CloudTrail
lookup_events
API that allows users to generate a policy without downloading logs from an S3 bucket. Note that this API only returns "create, modify, and delete API calls" -
trailscraper download
now supports--from
and--to
flags to specify the timeframe that should be downloaded. Accepts precise (e.g. "2017-10-12") and relative (e.g. "-2days") arguments. -
trailscraper generate-policy
now supports--from
and--to
to filter events to consider for the generated policy. Accepts precise (e.g. "2017-10-12") and relative (e.g. "-2days") arguments. -
Performance optimizations:
generate-policy
only reads logfiles for the timeframe requested -
Added
--version
command line argument
- Set more flexible dependencies
- Removed
--past-days
parameter intrailscraper download
. Was replaced by--from
and--to
(see above)
- Ignore record files that can't be read (e.g. not valid GZIP)
- Support for Python >= 2.7
- Do not download CloudTrail Logs from S3 if they already exist in the target folder (#9)
- Removed dependency on fork of the awacs-library to simplify installation and development
- Bug that led to policy-statements with the same set of actions not being combined properly in some cases (#7)
- Basic filtering for role-arns when generating policy (#3)
Initial Release
- Basic feature to download CloudTrail Logs from S3 for certain accounts and timeframe
- Basic feature to generate IAM Policies from a set of downloaded CloudTrail logs