athena_create_cloudtrail_table
Create an Athena table with partition projection for querying CloudTrail logs. Requires CloudTrail S3 bucket, account details, and an output bucket for query results.
Instructions
Create an Athena table for CloudTrail logs with partition projection.
<IMPORTANT>
Before using this tool ask the user for OUTPUT bucket, unless it is provided.
This is necessary to create the table correctly. If the API fails, interrupt the process and ask the user for the OUTPUT BUCKET.
</IMPORTANT>
Parameters:
cloudtrail_bucket (str): The S3 bucket for CloudTrail logs - you can retrieve it using the 'cloudtrail_describe_trails' tool.
is_org_trail (bool): Indicates if the trail is for the organization.
account_id (str): Your AWS account ID - you can retrieve it.
output_bucket (str): Ask the user if not specified, S3 bucket URI (e.g. 's3://my-athena-query-results/') for query results - different from cloudtrail_bucket.
output_region (str): The AWS region for the output bucket - use 'us-east-1' if not specified.
partition_region (str): The region of the events to be queried. It is used to create the S3 path for the Athena table.
database (str): Athena database name to be used.
Returns:
str: An empty result if successful, or an error message if there was an issue.Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| account_id | Yes | ||
| cloudtrail_bucket | Yes | ||
| database | No | default | |
| is_org_trail | Yes | ||
| output_bucket | Yes | ||
| output_region | Yes | ||
| partition_region | Yes |