218007301253_CloudTrail_us-east-1_20230710T1230Z_9SJSsrxJ0ChF5VFb.json

{"Records":[{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC27UERSUH","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:47Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAccountAttributes","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"accountAttributeNameSet":{"items":[{"attributeName":"default-vpc"},{"attributeName":"supported-platforms"}]},"filterSet":{}},"responseElements":null,"requestID":"ce168dc0-2505-45d0-81c5-f6fb177a06a9","eventID":"adb33d53-8da3-4b9f-a52e-f239a47f2a5e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC27UERSUH","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:47Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcs","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"maxResults":1000,"vpcSet":{},"filterSet":{}},"responseElements":null,"requestID":"ea53fd91-6fc2-466b-a6dd-294957449c9b","eventID":"91f68760-ee16-4016-a806-3aee734089e3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5U6Q3TMDR","arn":"arn:aws:iam::123837392027:user/benjamin","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCX6ILTQHM","userName":"benjamin","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T11:42:31Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:48Z","eventSource":"health.amazonaws.com","eventName":"DescribeEventAggregates","awsRegion":"us-east-1","sourceIPAddress":"10.248.16.43","userAgent":"AWS Internal","requestParameters":{"aggregateField":"eventTypeCategory","filter":{"eventStatusCodes":["open","upcoming"],"startTimes":[{"from":"Jul 3, 2023 12:27:48 PM"}]}},"responseElements":null,"requestID":"9525f598-d01f-472a-9dbd-7e3cd6f9d433","eventID":"60a74b14-d840-467a-8288-1a719006d6ac","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5U6Q3TMDR","arn":"arn:aws:iam::123837392027:user/benjamin","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCTY6A62XW","userName":"benjamin","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T11:42:31Z","mfaAuthenticated":"true"}},"invokedBy":"health.amazonaws.com"},"eventTime":"2023-07-10T12:27:48Z","eventSource":"health.amazonaws.com","eventName":"DescribeEventAggregates","awsRegion":"us-east-1","sourceIPAddress":"health.amazonaws.com","userAgent":"AWS Internal","requestParameters":{"filter":{"startTimes":[{"from":"Jul 3, 2023, 12:27:48 PM"}],"eventStatusCodes":["open","upcoming"]},"aggregateField":"eventTypeCategory"},"responseElements":null,"requestID":"9525f598-d01f-472a-9dbd-7e3cd6f9d433","eventID":"fb546ed0-1b71-47da-bb60-220ad79d8f6e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:54Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAddresses","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"publicIpsSet":{},"filterSet":{},"allocationIdsSet":{}},"responseElements":null,"requestID":"051d06fd-3d84-4072-885d-4dbf5a07171e","eventID":"6d9f4cfb-2253-49d1-a668-0d44c48cf49e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCSOUS7D65","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:50Z","eventSource":"resource-explorer-2.amazonaws.com","eventName":"ListIndexes","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","requestParameters":{"Type":"AGGREGATOR"},"responseElements":null,"requestID":"97ef99f1-af45-4fa3-b557-421b56ce3685","eventID":"8a4cb220-3001-4099-8a1e-91f09c765154","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:58Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAddressTransfers","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"DescribeAddressTransfersRequest":{"MaxResults":10}},"responseElements":null,"requestID":"7cf0a6bf-6a70-4089-ab68-29c08ce745fc","eventID":"fd858f23-2611-4ef2-a23f-b06426ac2693","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:58Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAddressesAttribute","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"DescribeAddressesAttributeRequest":{"Attribute":"domain-name","MaxResults":100}},"responseElements":null,"requestID":"02800d8a-5455-4be4-9092-32a3c07813d9","eventID":"9dedbd8b-b72b-4790-9193-ca493a98dcf7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:58Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAddresses","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"publicIpsSet":{},"filterSet":{},"allocationIdsSet":{}},"responseElements":null,"requestID":"d99beb07-0e48-4a31-8434-5ae2a3b755c1","eventID":"80e51f88-f243-46e9-b4ef-516a531990ac","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:54Z","eventSource":"autoscaling.amazonaws.com","eventName":"DescribeAutoScalingGroups","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"maxRecords":100},"responseElements":null,"requestID":"be9c5cd0-9087-43d6-89c0-25c38b5884d5","eventID":"0a6b7855-8298-4199-97d6-143ea87733f9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:08Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAddresses","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"publicIpsSet":{},"filterSet":{},"allocationIdsSet":{}},"responseElements":null,"requestID":"bc728ce0-9e21-4f7b-b4ca-3a9b315aeb0b","eventID":"c0ca44ed-6716-4a8d-bce9-da8f59b4de21","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:08Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAddressTransfers","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"DescribeAddressTransfersRequest":{"MaxResults":10}},"responseElements":null,"requestID":"cdf0d005-eb6b-4f57-ab30-afc9d50c44b3","eventID":"75e08ba7-0833-4f3d-8471-58cbf30be40b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:08Z","eventSource":"ec2.amazonaws.com","eventName":"ReleaseAddress","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"allocationId":"eipalloc-04cbfdaf4b48e92d5","networkBorderGroup":"us-east-1"},"responseElements":{"requestId":"d57218fb-ba46-4b84-bafc-e47b22c8a67f","_return":true},"requestID":"d57218fb-ba46-4b84-bafc-e47b22c8a67f","eventID":"647da679-c336-4b47-9610-2e740bfb6764","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:08Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAddressTransfers","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"DescribeAddressTransfersRequest":{"MaxResults":10}},"responseElements":null,"requestID":"28ba68d3-89fe-40ba-9b20-5a1b7d3f0482","eventID":"b94aac1c-56e3-4e63-8ca0-75275a3bf2a5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC5Y5U7G4B","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:55Z","eventSource":"notifications.amazonaws.com","eventName":"ListNotificationHubs","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","requestParameters":null,"responseElements":null,"requestID":"c7a3ab97-f857-4173-bf9a-4a4132d50648","eventID":"957a8917-626a-439b-9742-799c92fb556d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:24Z","eventSource":"iam.amazonaws.com","eventName":"UpdateAssumeRolePolicy","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_ab44e842-2a25-45ad-a141-42e46aab0f86","requestParameters":{"policyDocument":"{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}","roleName":"stratus-red-team-backdoor-r-role"},"responseElements":null,"requestID":"a3fdd252-b6b1-4660-b72a-4bf30d452799","eventID":"059cf0ed-af91-40a6-9c89-a8a4fb81dc65","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:19Z","eventSource":"rds.amazonaws.com","eventName":"DescribeAccountAttributes","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":null,"responseElements":null,"requestID":"cd303e63-76df-4bd2-a2f5-38cea268f1df","eventID":"b73a8e9d-7b64-43a0-b6ec-f9fa72ec5d18","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:19Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBClusterSnapshots","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"includePublic":false,"includeShared":false},"responseElements":null,"requestID":"781f3f1b-d22f-4bef-ab01-538e8e94cac9","eventID":"61a0f81e-f7ae-41ef-9675-09ba66de605c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:29Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"368281df-5ae2-4736-ac61-57c2cf8633b6","eventID":"472dbc62-c76b-4c3b-8cf2-ce5096eb713f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:30Z","eventSource":"iam.amazonaws.com","eventName":"GetRole","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","errorCode":"NoSuchEntityException","errorMessage":"The role with name stratus-red-team-ec2-enumerate-role cannot be found.","requestParameters":{"roleName":"stratus-red-team-ec2-enumerate-role"},"responseElements":null,"requestID":"ba8532c9-7c32-49b5-b69a-2482eef6e811","eventID":"47a687da-5b9d-4ebf-84a6-b3169133efd9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:24Z","eventSource":"rds.amazonaws.com","eventName":"ModifyDBSnapshotAttribute","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_dfe006ac-f50b-4d34-9cee-e54549cc5c27","requestParameters":{"dBSnapshotIdentifier":"exfiltration","valuesToRemove":["193672423079"],"attributeName":"restore"},"responseElements":{"dBSnapshotIdentifier":"exfiltration","dBSnapshotAttributes":[{"attributeName":"restore","attributeValues":[]}]},"requestID":"e34184fa-93ed-4274-a10c-65edd70fea40","eventID":"d1bc9379-2adc-4b94-b38f-07a2bad4856d","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"rds.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:31Z","eventSource":"sts.amazonaws.com","eventName":"GetCallerIdentity","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.20 (go1.17.6; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"20a345ac-3e4b-4541-8e5c-a197609f8dd6","eventID":"ea357360-077c-47db-8757-03fbe1003b43","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"sts.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:32Z","eventSource":"iam.amazonaws.com","eventName":"ListAttachedRolePolicies","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-backdoor-r-role"},"responseElements":null,"requestID":"d7b26e45-b68b-4659-a0c1-78f2cdebc87f","eventID":"a691560a-10f1-41b9-98f3-d3d8a1a39596","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:31Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcAttribute","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcId":"vpc-0e568b18707c87afa"},"responseElements":null,"requestID":"c87bb314-a8e3-4492-a40d-fff9b216db8e","eventID":"f0cfdefa-5afa-4b5f-bf71-c8c156f77ae6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:30Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeImages","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"executableBySet":{},"imagesSet":{},"ownersSet":{"items":[{"owner":"amazon"}]},"filterSet":{"items":[{"name":"name","valueSet":{"items":[{"value":"amzn2-ami-hvm-*-x86_64-ebs"}]}}]}},"responseElements":null,"requestID":"c17de680-374e-4b91-8718-e35edd87ed1a","eventID":"3bc765da-df26-4cd5-87b4-f73d144afc89","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:31Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcAttribute","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcId":"vpc-0e568b18707c87afa"},"responseElements":null,"requestID":"d04b6625-7407-498c-952c-5150e977ad58","eventID":"bb5934e6-b706-4b44-9ae2-5d146dfaa91f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:30Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeImages","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"executableBySet":{},"imagesSet":{"items":[{"imageId":"ami-0aa1d83d0b0985c86"}]},"ownersSet":{},"filterSet":{}},"responseElements":null,"requestID":"beada810-0d76-4a25-a8d0-c46d46c1beda","eventID":"2087e701-b3b1-43fd-a1c4-bf56fea4b140","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:28Z","eventSource":"devops-guru.amazonaws.com","eventName":"GetResourceCollection","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"RDS Console, aws-internal/3 aws-sdk-java/1.11.975 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.242-b08 java/1.8.0_242 vendor/Oracle_Corporation cfg/retry-mode/legacy","errorCode":"ResourceNotFoundException","requestParameters":{"ResourceCollectionType":"AWS_TAGS"},"responseElements":null,"requestID":"c6e7f5d4-e05d-4adc-86f4-0672ded9f9fc","eventID":"796f4f4d-1655-496b-a865-bd6ce328fb54","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:28Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBInstances","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":null,"responseElements":null,"requestID":"9ad3dabb-e3ae-40e9-a782-b0d309bafab1","eventID":"bc366d3a-b8b7-48c6-a145-b53f7b23fb55","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"sts.amazonaws.com","eventName":"GetCallerIdentity","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"2bd978f8-fc9f-44e9-b092-5cc2ef0949de","eventID":"68a28c43-2cbb-430a-87b9-52993d0b7fdd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"sts.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{},"filterSet":{"items":[{"name":"association.main","valueSet":{"items":[{"value":"true"}]}},{"name":"vpc-id","valueSet":{"items":[{"value":"vpc-04ae35a334cd7ef4f"}]}}]}},"responseElements":null,"requestID":"30cd7823-d3c4-40ef-9337-53a17beaf678","eventID":"29fd277f-788b-4989-b481-122e52a2fbfb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:25Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBEngineVersions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"marker":"bWFyaWFkYgoxMC42LjE0","defaultOnly":false,"listSupportedCharacterSets":true},"responseElements":null,"requestID":"0a7c8907-73ce-46d7-bf30-7c1d338fe818","eventID":"6fd95e78-7e26-4de6-87fc-8a4fa7394544","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:26Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBEngineVersions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"marker":"cG9zdGdyZXMKMTQuNw==","defaultOnly":false,"listSupportedCharacterSets":true},"responseElements":null,"requestID":"c51d7b39-8a70-4cf3-9520-08afe35f2842","eventID":"6545a3ff-529b-46c4-904d-9077646574a9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"ec2.amazonaws.com","eventName":"DeleteVolume","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"volumeId":"vol-0a2e548958718390d","reportVolumeFailure":false},"responseElements":{"requestId":"637383c4-a48e-4d73-b664-5232fe7710d8","_return":true},"requestID":"637383c4-a48e-4d73-b664-5232fe7710d8","eventID":"32d1dc65-ef56-4b12-b2c2-bea0e5f77f92","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCWUW7UC7Y","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}},"invokedBy":"health.amazonaws.com"},"eventTime":"2023-07-10T12:28:20Z","eventSource":"health.amazonaws.com","eventName":"DescribeEventAggregates","awsRegion":"us-east-1","sourceIPAddress":"health.amazonaws.com","userAgent":"AWS Internal","requestParameters":{"filter":{"startTimes":[{"from":"Jul 3, 2023, 12:28:20 PM"}],"eventStatusCodes":["open","upcoming"]},"aggregateField":"eventTypeCategory"},"responseElements":null,"requestID":"206b17c4-59e7-43b1-9772-c19f4956aec6","eventID":"77d1b771-3a8d-4ca3-91ff-5ba8b0244b85","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"iam.amazonaws.com","eventName":"GetRole","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-olc-lambda-xhfgzaowxc"},"responseElements":null,"requestID":"824d69ab-c96b-4e79-bdd6-5614c7733cae","eventID":"bf0844f9-de84-49f4-b89c-60cb6f8b662e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"iam.amazonaws.com","eventName":"ListRolePolicies","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-olc-lambda-xhfgzaowxc"},"responseElements":null,"requestID":"c0ed1b8b-c476-43fe-a1a9-44e853acc427","eventID":"05220a09-a43e-4f23-a23c-b3569739fb6d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"iam.amazonaws.com","eventName":"ListAttachedRolePolicies","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-olc-lambda-xhfgzaowxc"},"responseElements":null,"requestID":"e12c2178-579e-4630-8df3-973e183fd762","eventID":"7469ae0a-4342-4939-b268-a2ec2660d50c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"iam.amazonaws.com","eventName":"DeleteUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.20 (go1.17.6; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"userName":"stratus-red-team-nmfalu-gfjyeaypjt"},"responseElements":null,"requestID":"b123750a-4f42-46dc-a2b4-680a3f82be43","eventID":"08edca58-402f-4cc6-86dd-fa349a46bca3","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:35Z","eventSource":"iam.amazonaws.com","eventName":"DeleteLoginProfile","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","errorCode":"NoSuchEntityException","errorMessage":"Login Profile for User stratus-red-team-backdoor-u-user cannot be found.","requestParameters":{"userName":"stratus-red-team-backdoor-u-user"},"responseElements":null,"requestID":"8e8eb8b8-6f47-48be-a11a-0760002e7a43","eventID":"375c2098-9b87-476c-a6a5-3f50a149fbbf","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketCors","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchCORSConfiguration","errorMessage":"The CORS configuration does not exist","requestParameters":{"bucketName":"stratus-red-team-olc-bucket-xhfgzaowxc","Host":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com","cors":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"GiEJ3kaur3sUZL1QSRR/CknECd/p8hExmkKFRNC8r5Gxka7fuZ4eO7wvX/DbJi80IdgahsZOq/U=","bytesTransferredOut":341},"requestID":"QFKDZ3NV4SZDY3RC","eventID":"756ecc2d-475a-497c-b925-a265765cbdba","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-olc-bucket-xhfgzaowxc"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:35Z","eventSource":"rds.amazonaws.com","eventName":"ListTagsForResource","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"resourceName":"arn:aws:rds:us-east-1:123837392027:subgrp:stratus-red-team-share-snap-vpc"},"responseElements":null,"requestID":"d2625d8a-8506-4825-aac5-de0f7d8f6c92","eventID":"a8ccd7e5-f1f3-4129-8f28-d3f90a0a4278","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"rds.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketReplication","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3]","errorCode":"ReplicationConfigurationNotFoundError","errorMessage":"The replication configuration was not found","requestParameters":{"replication":"","bucketName":"stratus-red-team-bdbp-lhfzvgcamn","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"rt8nJJRE4azJzmX/32ggTTLHtvMBc/NcHrDmezokUdHfvuQ8VdOjBXXAiEZBRjtasOwGogkp9kI=","bytesTransferredOut":355},"requestID":"QFKE63G8FDPNS90N","eventID":"75629866-5726-4473-8c59-379332f0bf72","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:35Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketTagging","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3]","requestParameters":{"tagging":"","bucketName":"stratus-red-team-olc-bucket-xhfgzaowxc","Host":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"wbLYgVTo6lQ86ViVipx1E2zE152fBIjLiJCOTcLiCP+TAGTadnmPTGJxBvb/ZgilQsjVAgXBpqI=","bytesTransferredOut":178},"requestID":"EKHGYPD8G1RW9C7N","eventID":"825a9332-8cf5-45fd-abb8-3a445b2c32b2","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-olc-bucket-xhfgzaowxc"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketAcl","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3]","requestParameters":{"bucketName":"stratus-red-team-olc-bucket-xhfgzaowxc","Host":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com","acl":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"wPhF0m1fS+NkTCFF6HLURyk0ftftrcFaEkcGs8oBJHLVoh6IJ69K5MjGOaKVnU7TJ/TgK+PtWdg=","bytesTransferredOut":552},"requestID":"QFKE54AWF190DKNC","eventID":"d634bc32-05e6-4c00-8c74-bfefded5a6a4","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-olc-bucket-xhfgzaowxc"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketLifecycle","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchLifecycleConfiguration","errorMessage":"The lifecycle configuration does not exist","requestParameters":{"lifecycle":"","bucketName":"stratus-red-team-bdbp-lhfzvgcamn","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"zNk9pGEHSv8qLfPrlqW/V23ZkFNba1dvuG+ERpO+XFA6rvS7E3i2eOAfk1b5ginnxEXSJjN57N0=","bytesTransferredOut":306},"requestID":"QFK4BMYTKCXMJKX1","eventID":"72341938-a97a-453e-bd0c-0fd91510b443","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:28Z","eventSource":"rds.amazonaws.com","eventName":"DescribeRecommendations","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"filters":[{"name":"recommendation-status","values":["ACTIVE"]},{"name":"recommendation-code","values":["AUTOMATED_BACKUPS"]},{"name":"recommendation-api-version","values":["v2"]},{"name":"locale","values":["en"]}]},"responseElements":null,"requestID":"f78593c3-4bfa-4fd2-84ab-46d1714fb70b","eventID":"41bbce8f-d5fc-4c86-8bf8-766f2e3bff86","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:35Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeNetworkInterfaces","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"networkInterfaceIdSet":{},"filterSet":{"items":[{"name":"description","valueSet":{"items":[{"value":"AWS Lambda VPC ENI*"}]}},{"name":"subnet-id","valueSet":{"items":[{"value":"subnet-08752c8d74ae2c324"}]}}]}},"responseElements":null,"requestID":"96c77154-abc4-4466-951c-ebbddd61bc3e","eventID":"fc5672c5-00b4-42bb-94cb-f62c18888420","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeInternetGateways","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"internetGatewayIdSet":{"items":[{"internetGatewayId":"igw-0085514f9c3e68f60"}]},"filterSet":{}},"responseElements":null,"requestID":"b1f9f5d1-9c31-4a64-829b-ebb3cc260432","eventID":"eb76fcce-a98d-4f49-9f94-a35d7ac51f6b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketLifecycle","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchLifecycleConfiguration","errorMessage":"The lifecycle configuration does not exist","requestParameters":{"lifecycle":"","bucketName":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw","Host":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"qF2f9Skry5cH1HNPFytpHnzMqNKv8c1gpvlGVOz46MRG4DPR++pLnE1q7H6gnMHdLW+4gI1/QmY=","bytesTransferredOut":319},"requestID":"QFK78W7F9NWQ7S18","eventID":"ffc9b1de-c610-47b0-b20e-b405e42597bf","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-backdoor-f-bucket-ufamgrrnmw"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:28Z","eventSource":"guardduty.amazonaws.com","eventName":"ListDetectors","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"RDS Console, aws-internal/3 aws-sdk-java/1.11.975 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.242-b08 java/1.8.0_242 vendor/Oracle_Corporation cfg/retry-mode/legacy","requestParameters":null,"responseElements":null,"requestID":"f75eaa1e-7b9b-4e3e-8545-706a3fa60f66","eventID":"f7a5aa5b-75ca-4c02-b3f2-f4945ccab547","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:35Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketObjectLockConfiguration","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3]","errorCode":"ObjectLockConfigurationNotFoundError","errorMessage":"Object Lock configuration does not exist for this bucket","requestParameters":{"bucketName":"stratus-red-team-bdbp-lhfzvgcamn","object-lock":"","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"nF338VGayxVoQQ6eX9ZbGFXqHLHR89F7JYphYRUQNa677Tn9nEPCHTpWC/rDd420vwc2xqVVNW8=","bytesTransferredOut":367},"requestID":"EKHP6JNRPX68R3AB","eventID":"956abd6b-9874-4bc8-a37d-54de3e483922","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:35Z","eventSource":"iam.amazonaws.com","eventName":"DeleteUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"userName":"stratus-red-team-backdoor-u-user"},"responseElements":null,"requestID":"d2eb5d37-c6c2-4b6c-9e0f-ea64dbbca4a9","eventID":"b5efbaf7-37dc-4f5b-b522-82e85ce5b657","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:36Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.18.0 os/linux lang/go/1.19.8 md/GOOS/linux md/GOARCH/amd64 api/iam/1.19.12 HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"64152cea-61ff-46c3-adf2-b296f6d7a83d","eventID":"8f2d700b-be3c-4fea-be3d-106de41e9b6e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:37Z","eventSource":"ec2.amazonaws.com","eventName":"DeleteVpc","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcId":"vpc-04ae35a334cd7ef4f"},"responseElements":{"requestId":"bace844c-5e4c-4480-959e-a99c281deadd","_return":true},"requestID":"bace844c-5e4c-4480-959e-a99c281deadd","eventID":"898d5bdc-bf84-43e3-92c9-b3ab901e0e4e","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:38Z","eventSource":"ec2.amazonaws.com","eventName":"DeleteVpc","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcId":"vpc-098ff30ff74b36f73"},"responseElements":{"requestId":"dab8ed0d-4240-4264-ab7c-3951fb6cc0da","_return":true},"requestID":"dab8ed0d-4240-4264-ab7c-3951fb6cc0da","eventID":"2aeb28c1-f9df-4048-b535-06957d5a4da7","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:38Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcs","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","errorCode":"Client.InvalidVpcID.NotFound","errorMessage":"The vpc ID 'vpc-098ff30ff74b36f73' does not exist","requestParameters":{"vpcSet":{"items":[{"vpcId":"vpc-098ff30ff74b36f73"}]},"filterSet":{}},"responseElements":null,"requestID":"3f00f316-2192-4181-81c1-e937a8938e81","eventID":"a363826e-26c4-4e4d-97f4-9bdaddfa85c1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:38Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"ce697d40-7c18-4aa9-b3cc-b7c6ce9d161d","eventID":"d54aeea4-0911-46ff-9d5a-bf739876f43d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:39Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"d3ad48c6-7044-4158-84cb-7b9d338b2b6a","eventID":"ee794509-e634-4d91-a3a8-2543e037db4f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:38Z","eventSource":"lambda.amazonaws.com","eventName":"GetFunctionCodeSigningConfig","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"functionName":"stratus-red-team-backdoor-f-func"},"responseElements":null,"requestID":"be57736f-7ec4-4a7b-a77e-eaacba55bece","eventID":"005fb7a0-c038-4739-9cf3-81675ce46ff0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:37Z","eventSource":"s3.amazonaws.com","eventName":"DeleteBucket","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3]","requestParameters":{"bucketName":"stratus-red-team-bdbp-lhfzvgcamn","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"JpT1DQqfm+hG3kZwjIbmV2mt0G5XBtkdXzGAyI4n1Ia9i2G3qjTyYXlnWQAzeDNU6jR2GN6MIJ22KwaSomF4Kw==","bytesTransferredOut":0},"requestID":"5Y8EW4HW5W7SMXSG","eventID":"1ff32724-bbee-4420-b152-00bf0df89e77","readOnly":false,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:36Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketTagging","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3]","requestParameters":{"tagging":"","bucketName":"stratus-red-team-bdbp-lhfzvgcamn","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"U7QrVY75Q/rcux33Ule56NFL+80KsPQtYoq9w3spy9tz3sb0mhq2S0pv/Ud65G96rxvauBH+KlM=","bytesTransferredOut":178},"requestID":"94N3XHRC2S31CGKW","eventID":"292b124a-270c-487d-b7cd-9f1fa29a4f9c","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:46Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-ex","engineVersion":"15.00.4312.2.v1","vpc":true},"responseElements":null,"requestID":"e77db5f7-0555-4d0e-8e53-e824b5b6d871","eventID":"fc23f631-4c9e-4422-a57f-f4ca8813e70b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:47Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-ee","engineVersion":"15.00.4312.2.v1","vpc":true},"responseElements":null,"requestID":"5255dbb0-ff42-4c47-aa4d-1f5a56e18e3c","eventID":"74f3bce9-192d-4031-9319-61270ff315da","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:48Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-ee","engineVersion":"15.00.4312.2.v1","vpc":true,"marker":"ZGIucjUuMnhsYXJnZQpsaWNlbnNlLWluY2x1ZGVkCjE1LjAwLjQzMTIuMi52MQpZCmdwMg=="},"responseElements":null,"requestID":"37bee226-7c1a-44f5-942f-da7f1df1533d","eventID":"5bb4f93c-6f73-4f40-80e9-d97c55b033af","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:48Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-ee","engineVersion":"15.00.4312.2.v1","vpc":true,"marker":"ZGIucjZpLnhsYXJnZQpsaWNlbnNlLWluY2x1ZGVkCjE1LjAwLjQzMTIuMi52MQpZCmdwMg=="},"responseElements":null,"requestID":"6f336d7c-dfdd-436b-960b-9393a9c7239e","eventID":"f4aa6a68-aa3f-4f94-87d9-07ed0be38e71","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:51Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-web","engineVersion":"15.00.4312.2.v1","vpc":true},"responseElements":null,"requestID":"7a71a2d5-2ae2-411e-acfc-ef72cbe81e68","eventID":"333dc084-117b-44c2-804b-f3d5b019ed5b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:51Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-web","engineVersion":"15.00.4312.2.v1","vpc":true,"marker":"ZGIucjZpLjR4bGFyZ2UKbGljZW5zZS1pbmNsdWRlZAoxNS4wMC40MzEyLjIudjEKWQpncDI="},"responseElements":null,"requestID":"1082f8f4-52dd-4c14-85fe-3e7073c4b2fc","eventID":"e8ee6cba-4fdd-4f2b-bdd7-c982515633df","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:51Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-se","engineVersion":"15.00.4312.2.v1","vpc":true},"responseElements":null,"requestID":"96c18b94-0a86-487a-8cb2-3691849248bf","eventID":"5aaa8f81-33bf-453c-9ac7-27506c4228fe","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:52Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-se","engineVersion":"15.00.4312.2.v1","vpc":true,"marker":"ZGIucjUuNHhsYXJnZQpsaWNlbnNlLWluY2x1ZGVkCjE1LjAwLjQzMTIuMi52MQpZCmdwMg=="},"responseElements":null,"requestID":"44ea679f-9a50-492b-b181-87241f1cee2c","eventID":"2f055753-12f5-4300-b2c2-e2894bfc7224","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:52Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"sqlserver-se","engineVersion":"15.00.4312.2.v1","vpc":true,"marker":"ZGIudDMuMnhsYXJnZQpsaWNlbnNlLWluY2x1ZGVkCjE1LjAwLjQzMTIuMi52MQpZCmdwMg=="},"responseElements":null,"requestID":"860e59a3-bfd4-4c43-8fbe-7f942b99cfaa","eventID":"f9a0e099-cc48-4d89-afa1-0c6aedd6749e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:38Z","eventSource":"lambda.amazonaws.com","eventName":"ListVersionsByFunction20150331","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"functionName":"stratus-red-team-backdoor-f-func","maxItems":10000},"responseElements":null,"requestID":"13391261-f16a-40dd-9dda-112992e4f0d6","eventID":"257d0fa5-5f8b-4b6e-a6a3-2854deeed298","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:39Z","eventSource":"lambda.amazonaws.com","eventName":"DeleteFunction20150331","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"functionName":"stratus-red-team-backdoor-f-func"},"responseElements":null,"requestID":"e61b9041-7f4c-404f-aa21-612e7e4c3bdc","eventID":"134ef1d9-d57e-4e3a-955a-b773468afca9","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:35Z","eventSource":"lambda.amazonaws.com","eventName":"GetFunction20150331v2","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.18.0 os/linux lang/go/1.19.8 md/GOOS/linux md/GOARCH/amd64 api/lambda/1.34.1 HashiCorp-terraform-exec/0.17.3","requestParameters":{"functionName":"stratus-red-team-olc-func-xhfgzaowxc"},"responseElements":null,"requestID":"f939020c-d216-4ab5-b1b6-d6b8e11f2e2a","eventID":"5f462576-44cf-4835-8696-3ea624c3b55f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:38Z","eventSource":"lambda.amazonaws.com","eventName":"DeleteFunction20150331","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.18.0 os/linux lang/go/1.19.8 md/GOOS/linux md/GOARCH/amd64 api/lambda/1.34.1 HashiCorp-terraform-exec/0.17.3","requestParameters":{"functionName":"stratus-red-team-olc-func-xhfgzaowxc"},"responseElements":null,"requestID":"3abbdbc6-2f89-4b22-8687-8d845112f250","eventID":"9e5d3ce3-eeb6-47a9-9d90-28ea4ff5d4c0","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:09Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBInstances","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"filters":[{"name":"db-instance-id","values":["terraform-20230710121504061500000001"]}]},"responseElements":null,"requestID":"df61bb6d-57bf-4f75-b3e4-3851e1165d54","eventID":"3c2a73a0-615e-4dd4-94a2-89442479c986","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC5WVW2YQP","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}},"invokedBy":"health.amazonaws.com"},"eventTime":"2023-07-10T12:29:19Z","eventSource":"health.amazonaws.com","eventName":"DescribeEventAggregates","awsRegion":"us-east-1","sourceIPAddress":"health.amazonaws.com","userAgent":"AWS Internal","requestParameters":{"filter":{"startTimes":[{"from":"Jul 3, 2023, 12:29:19 PM"}],"eventStatusCodes":["open","upcoming"]},"aggregateField":"eventTypeCategory"},"responseElements":null,"requestID":"ce7a45aa-463f-4dae-a20e-a8c808482d19","eventID":"532f8ab5-9fb3-4335-8bc6-cbd4b503afc0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:44Z","eventSource":"s3.amazonaws.com","eventName":"GetStorageLensConfiguration","awsRegion":"us-east-1","sourceIPAddress":"10.107.159.90","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.4.242-166.350.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"Host":"123837392027.s3-control.us-east-1.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"aV2WSqyS6QuwDvGvBk8uzFXKSkY2yEXIYrKiFzbySE1GvIeEzCKH2h5lhUbIIf3BIkBlHGTEAF4=","bytesTransferredOut":375},"requestID":"TN1FP941GWK2MG3B","eventID":"26c03c20-0671-48f8-985b-b1d6bbfc8f6a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"123837392027.s3-control.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:43Z","eventSource":"s3.amazonaws.com","eventName":"ListBuckets","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"Host":"s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"Lo55M9+ymsf3ihDT9SzVNrAo/t6ydxNVPFM+MxPgH2jCARMsv2t3HpyJsJiEfMHPNfmq4EANuw0=","bytesTransferredOut":6322},"requestID":"SHBF64X34CQNMB8N","eventID":"7fadf4bf-4bb5-4579-8651-e4ae621e2ae4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketPublicAccessBlock","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"publicAccessBlock":"","bucketName":"cdktoolkit-stagingbucket-zbvx22khdave","Host":"cdktoolkit-stagingbucket-zbvx22khdave.s3.us-east-1.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"pK5HFYTV0s+mtumVTAzi9OFRfBfq9CfzRuJ7NkP2dFiexjGON6gdaSawoiFJUTEf8t3XviMuSUA=","bytesTransferredOut":326},"requestID":"0DE8A9TZ2YW8N39K","eventID":"c6e919c6-2de2-401f-92ce-f1125af4ecba","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::cdktoolkit-stagingbucket-zbvx22khdave"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"cdktoolkit-stagingbucket-zbvx22khdave.s3.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketPolicyStatus","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"bucketName":"cdktoolkit-stagingbucket-zbvx22khdave","Host":"cdktoolkit-stagingbucket-zbvx22khdave.s3.us-east-1.amazonaws.com","policyStatus":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"0PfUyMKyLDgkq7Pcba3KF5Y8Cy9nzfTgFoBp3NytbiyILzW/PAXHyG/bdS5C9e4VI7/3Hpa49e4=","bytesTransferredOut":142},"requestID":"0DECXYWEAARHZ92Q","eventID":"e837085d-7628-47fa-b7d1-ac49010678ed","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::cdktoolkit-stagingbucket-zbvx22khdave"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"cdktoolkit-stagingbucket-zbvx22khdave.s3.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketAcl","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"bucketName":"cdktoolkit-stagingbucket-zbvx22khdave","Host":"cdktoolkit-stagingbucket-zbvx22khdave.s3.us-east-1.amazonaws.com","acl":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"KNdfyXOQSKrPepPtRYlNr71iHgTfTq6IV1EWHh3M72uUluDsAM3eqnRLpYNi4rfcKn+mTy7JzkM=","bytesTransferredOut":552},"requestID":"0DE52W4JVZJ81V4C","eventID":"f2f9e027-f90f-4b7e-bb29-1a42a49f9e84","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::cdktoolkit-stagingbucket-zbvx22khdave"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"cdktoolkit-stagingbucket-zbvx22khdave.s3.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"ListAccessPoints","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"bucket":"invictus-aws-2022-10-27-8aukl","Host":"123837392027.s3-control.us-east-1.amazonaws.com","maxResults":"1"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"VH2Bm/8JpIXCKZ/261TPUpTM+mU9rXtpqyeP4LYnj7yBHOyDPWh4QoJBEVfjkk/Px8jX8n9nznbvqnlwiRKpww==","bytesTransferredOut":72},"requestID":"0DE79XW0CTBQC12H","eventID":"642d1b1b-de90-4a9f-bfbb-0476a88eabd5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"123837392027.s3-control.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCXJ3K3ZRO","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}},"invokedBy":"AWS Internal"},"eventTime":"2023-07-10T12:29:44Z","eventSource":"s3.amazonaws.com","eventName":"GetStorageLensDashboardDataInternal","awsRegion":"us-east-1","sourceIPAddress":"AWS Internal","userAgent":"AWS Internal","requestParameters":{"configurationARN":"arn:aws:s3:us-east-1:123837392027:storage-lens/default-account-dashboard"},"responseElements":null,"requestID":"0f5ac29f-a9ab-4a24-a7f0-93695ed29b77","eventID":"708092c9-6fe9-47cf-a93c-c2e3ad1876a3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management"}]}