-
Notifications
You must be signed in to change notification settings - Fork 5
/
218007301253_CloudTrail_us-east-1_20230710T1230Z_lHgkh3VeI3XnjZSL.json
1 lines (1 loc) · 112 KB
/
218007301253_CloudTrail_us-east-1_20230710T1230Z_lHgkh3VeI3XnjZSL.json
1
{"Records":[{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:25:03Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_9f92f988-5ef6-4f8a-800d-c7229febb5fb HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"5fc1667d-c996-470c-8f09-c582146375c6","eventID":"9e6769e7-236c-4c76-9f79-bcdedcd03b43","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:25:23Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_1222242e-efe2-4641-a881-346fa54f41e1 HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"4e3538ce-b03e-4e77-8a94-39ee351ff442","eventID":"c2652947-ee6b-4557-b242-01aaa8b84015","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:25:24Z","eventSource":"s3.amazonaws.com","eventName":"CreateBucket","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_1222242e-efe2-4641-a881-346fa54f41e1 HashiCorp-terraform-exec/0.17.3]","requestParameters":{"bucketName":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw","Host":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw.s3.amazonaws.com","x-amz-acl":"private"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"08j9PcnX0eYuucWIfb6FK8S02CyAaZLoqYznEvpfJysG4QasLD3j4xrqO8OgRv+GP7eL6VuSOz5HoBRi+OhnfEJ+paJBwgA7","bytesTransferredOut":0},"requestID":"RBH7140FSAPHHEMH","eventID":"6ea9114b-06ca-45ff-8f0d-4bdde42d1904","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:25:27Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketWebsite","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_1222242e-efe2-4641-a881-346fa54f41e1 HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchWebsiteConfiguration","errorMessage":"The specified bucket does not have a website configuration","requestParameters":{"bucketName":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw","website":"","Host":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"5vogFt6uBTCQZeZN9pdePpOply2vy3JnXbNos6fXg3xbuFvy8ws+okrkEYMBgy9vtdQZVdq2Q+hdQitrC35yREDWJeFQ6aEb","bytesTransferredOut":392},"requestID":"HG3BX6PAHRK81W17","eventID":"2265a9af-5140-4d32-b4f0-93b2e3045949","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-backdoor-f-bucket-ufamgrrnmw"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:25:30Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketObjectLockConfiguration","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_1222242e-efe2-4641-a881-346fa54f41e1 HashiCorp-terraform-exec/0.17.3]","errorCode":"ObjectLockConfigurationNotFoundError","errorMessage":"Object Lock configuration does not exist for this bucket","requestParameters":{"bucketName":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw","object-lock":"","Host":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"5944Ew0IFMjZxniGmIvmnMDSxhpm22UuwrpcHN+z/zj4AIDp7We3sGprfaVSlvzPtoPrJ+Pcy68=","bytesTransferredOut":380},"requestID":"C8D2AZEX0E2KTAWD","eventID":"499c2d6f-5d36-49a1-8bb7-ac8b84632621","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-backdoor-f-bucket-ufamgrrnmw"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-backdoor-f-bucket-ufamgrrnmw.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"AWSService","invokedBy":"lambda.amazonaws.com"},"eventTime":"2023-07-10T12:25:32Z","eventSource":"sts.amazonaws.com","eventName":"AssumeRole","awsRegion":"us-east-1","sourceIPAddress":"lambda.amazonaws.com","userAgent":"lambda.amazonaws.com","requestParameters":{"roleArn":"arn:aws:iam::123837392027:role/stratus-red-team-backdoor-f-lambda","roleSessionName":"awslambda_744_20230710122532896"},"responseElements":{"credentials":{"accessKeyId":"ASIATFQR7NSCYPF22374","sessionToken":"IQoJb3JpZ2luX2VjEC0aCXVzLWVhc3QtMSJIMEYCIQC0Q6/JpzLGrcy2yT44r1hOJCnlUhZJzwiWEFigK86fagIhAJ8Z9YKRB79sLf8ZjbQHaqiSMR7vFk7vWvY4GqPsMdn5KqwCCKb//////////wEQARoMMjE4MDA3MzAxMjUzIgxzrH7V0nIaluZ6xBMqgAKOioTvPWYRpxNdluurS6JNDmmvVc6gfLKe4CRlnqldTghRVf5Mm/YxFdAI2s01ZkyJ7KnNZpmiB7sACVRKLJYJH4qB7cZAPR3lFMpC8V5UW7cDOeTR2NF7qVrnBVZONKqOpxg8KcXwsYLo3lEtaPaiuciT2sF/vXi8LV1Q22sn3lD7MV64o43u/H4F3frIErUVluS5zhFOnzk+CQTEfu6hI1gkeGWtUIdb+Oi8HgBP6PAqMlqDB/IfEEUwgUTRIx5WPxrUErJJpXFT1uNfgSADw/bHW5SijOFxTeofq6yts35nm4Gz4GILqNgsnAA0xj9DlSjwg/7E8NItiu0wR5APMLzxr6UGOpkBJp8YKECIVwWaULb3EBjANi9P7+JwDDeUWF4ilH3kkZOgkM4wjaToL0GuNua9J3ESro2WZROYYNoV616MlEN/VU8YYVsVVbRL9rCC63xziESUkUHvqobCE1yh2VUr9uuff4SOz+Vh+KSJF0WBePqcEnSSbDBofmhqdOk6LeAJG/eMV4/WzDxbDxENuHLee4833OeDitbUEYk/","expiration":"Jul 10, 2023, 2:25:32 PM"}},"requestID":"35e443bf-c4ea-4c91-b478-9247f9d96e8d","eventID":"ce4cf27b-50d0-4e75-9caa-e3741468240d","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::IAM::Role","ARN":"arn:aws:iam::123837392027:role/stratus-red-team-backdoor-f-lambda"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","sharedEventID":"d78af158-3eb0-4b18-8ca1-8c4c2b53cc0e","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:26:37Z","eventSource":"iam.amazonaws.com","eventName":"CreateRole","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) stratus-red-team_7e61c71f-e649-4c72-a4e3-0a63b2bc9150 HashiCorp-terraform-exec/0.17.3","requestParameters":{"path":"/","roleName":"stratus-red-team-olc-lambda-xhfgzaowxc","assumeRolePolicyDocument":"{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Condition\":{},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}","maxSessionDuration":3600,"tags":[{"key":"StratusRedTeam","value":"true"}]},"responseElements":{"role":{"assumeRolePolicyDocument":"%7B%22Statement%22%3A%5B%7B%22Action%22%3A%22sts%3AAssumeRole%22%2C%22Condition%22%3A%7B%7D%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22lambda.amazonaws.com%22%7D%7D%5D%2C%22Version%22%3A%222012-10-17%22%7D","arn":"arn:aws:iam::123837392027:role/stratus-red-team-olc-lambda-xhfgzaowxc","roleId":"AROATFQR7NSCQNCKIK7I5","createDate":"Jul 10, 2023 12:26:37 PM","roleName":"stratus-red-team-olc-lambda-xhfgzaowxc","path":"/","tags":[{"key":"StratusRedTeam","value":"true"}]}},"requestID":"a42651c1-5b46-403e-8e98-b07622cd3697","eventID":"4899954d-cae4-4f2c-8007-095885ebe900","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:26:37Z","eventSource":"iam.amazonaws.com","eventName":"GetRole","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) stratus-red-team_7e61c71f-e649-4c72-a4e3-0a63b2bc9150 HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-olc-lambda-xhfgzaowxc"},"responseElements":null,"requestID":"e76207b9-1bb6-458e-b1a2-690b5d2798f0","eventID":"c61d0c18-956b-4e26-a388-0dd90f191e5b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:26:37Z","eventSource":"iam.amazonaws.com","eventName":"ListRolePolicies","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) stratus-red-team_7e61c71f-e649-4c72-a4e3-0a63b2bc9150 HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-olc-lambda-xhfgzaowxc"},"responseElements":null,"requestID":"457fde9f-eb13-4550-bd96-a15704094b83","eventID":"c880502e-a157-49d7-9b32-7c4cf3209b29","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:26:37Z","eventSource":"iam.amazonaws.com","eventName":"ListAttachedRolePolicies","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) stratus-red-team_7e61c71f-e649-4c72-a4e3-0a63b2bc9150 HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-olc-lambda-xhfgzaowxc"},"responseElements":null,"requestID":"61bba0ff-27be-4be2-9d90-bcd9a66ad592","eventID":"e0eba165-37c1-40cc-997c-834231ba9b9a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:26:38Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketWebsite","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) stratus-red-team_7e61c71f-e649-4c72-a4e3-0a63b2bc9150 HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchWebsiteConfiguration","errorMessage":"The specified bucket does not have a website configuration","requestParameters":{"bucketName":"stratus-red-team-olc-bucket-xhfgzaowxc","website":"","Host":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"KlytHL/+gWJNdad2YUptmxSIwaEUF6oI5sGqonNiheYWo2i83oUiMQzToK3+fdModUgj5gSxHaI=","bytesTransferredOut":365},"requestID":"MTVSW5KZ9FJ3VG37","eventID":"b5c9fc46-2406-4779-be57-270bfd60a68e","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-olc-bucket-xhfgzaowxc"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:26:44Z","eventSource":"lambda.amazonaws.com","eventName":"CreateFunction20150331","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.18.0 os/linux lang/go/1.19.8 md/GOOS/linux md/GOARCH/amd64 api/lambda/1.34.1 stratus-red-team_7e61c71f-e649-4c72-a4e3-0a63b2bc9150 HashiCorp-terraform-exec/0.17.3","errorCode":"InvalidParameterValueException","errorMessage":"The role defined for the function cannot be assumed by Lambda.","requestParameters":{"functionName":"stratus-red-team-olc-func-xhfgzaowxc","runtime":"python3.9","role":"arn:aws:iam::123837392027:role/stratus-red-team-olc-lambda-xhfgzaowxc","handler":"lambda.lambda_handler","code":{"s3Bucket":"stratus-red-team-olc-bucket-xhfgzaowxc","s3Key":"lambda.zip"},"description":"","timeout":3,"memorySize":128,"publish":false,"packageType":"Zip","environment":{},"tags":{"StratusRedTeam":"true"}},"responseElements":null,"requestID":"badc4e0d-ef1a-4ee8-9b91-a1f12225a723","eventID":"cf68ed65-99d6-4c69-bf5e-2535c6cb056f","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:26:40Z","eventSource":"lambda.amazonaws.com","eventName":"CreateFunction20150331","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.18.0 os/linux lang/go/1.19.8 md/GOOS/linux md/GOARCH/amd64 api/lambda/1.34.1 stratus-red-team_7e61c71f-e649-4c72-a4e3-0a63b2bc9150 HashiCorp-terraform-exec/0.17.3","errorCode":"InvalidParameterValueException","errorMessage":"The role defined for the function cannot be assumed by Lambda.","requestParameters":{"functionName":"stratus-red-team-olc-func-xhfgzaowxc","runtime":"python3.9","role":"arn:aws:iam::123837392027:role/stratus-red-team-olc-lambda-xhfgzaowxc","handler":"lambda.lambda_handler","code":{"s3Bucket":"stratus-red-team-olc-bucket-xhfgzaowxc","s3Key":"lambda.zip"},"description":"","timeout":3,"memorySize":128,"publish":false,"packageType":"Zip","environment":{},"tags":{"StratusRedTeam":"true"}},"responseElements":null,"requestID":"51f4fd1a-2566-4aba-804d-34bfb0180e55","eventID":"8deee5d0-87d5-43b1-b0a1-789f0e0cb0a3","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"AWSService","invokedBy":"rolesanywhere.amazonaws.com"},"eventTime":"2023-07-10T12:27:13Z","eventSource":"sts.amazonaws.com","eventName":"AssumeRole","awsRegion":"us-east-1","sourceIPAddress":"rolesanywhere.amazonaws.com","userAgent":"rolesanywhere.amazonaws.com","requestParameters":{"roleArn":"arn:aws:iam::123837392027:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere","roleSessionName":"RolesAnywhereInternalSession"},"responseElements":{"credentials":{"accessKeyId":"ASIATFQR7NSC2ZIXNSIM","sessionToken":"IQoJb3JpZ2luX2VjEC0aCXVzLWVhc3QtMSJHMEUCIQCV/PR7qzU2RlaQs/aUSw5W5GEJ3Uow+BBA83tYz7sgqAIgQTdc87gNpzj1d3kPbLAErZFDfKohtbCRoKPhU3K1Q68qnwIIpv//////////ARABGgwyMTgwMDczMDEyNTMiDAdiJXr8OMT9XDTHjCrzAaw6MRh03gZeirfAXqErODmKa0YflXKuayiyUGAfJVRD/+hglvzM29VAOYW/LolrWDOuyN+JfaeK6YUVcrOvcbTxEbx+GMUFs0HC1C9Ur8i8cLohHDOeAMO8uegn7uQ/oYtrEwwTPd0Z/E0qLaVQ1nSP4Z72RjJ2Tuyp3MNWayx9ovQvRlPG070jAyJl32L9+1hAK7QJcY406QCCID5duhiKwuUFm4k4skZu3TR8JmGxi2iwjgTf+eRWXzxGHmwTiNd1qxzTVQqT5Go4EWm/yHRfeG9yDhh7MKE4Fl+naW3NXAAUiJuNOfr9mBfj8hs+Wzm5MzCh8q+lBjqPAT1jSrt7uc86BUowlWmWmcgssquaeWvnOqnqXqqYPKeU8GY7A4g3zBQps7xecpaBLKmJOOkme53ueDcpXyaeZ2Z5bY+74OdsvEaXPU8tNgLX97QiUBFhwPDxCI8yamgM2EO83baawLoL6N0Kmh7nG8/yPGkf1miGQNx7ule8flVjUn1nlVgGL8GQTw1NeNIM","expiration":"Jul 10, 2023, 1:27:13 PM"},"assumedRoleUser":{"assumedRoleId":"AROATFQR7NSCS7GEJRX6M:RolesAnywhereInternalSession","arn":"arn:aws:sts::123837392027:assumed-role/AWSServiceRoleForRolesAnywhere/RolesAnywhereInternalSession"}},"requestID":"1720c06c-bc62-44ef-9a1a-19f7778dd47d","eventID":"232cc074-448f-48bf-b085-420c1a37be67","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::IAM::Role","ARN":"arn:aws:iam::123837392027:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","sharedEventID":"24ebc34a-bb34-4b5a-ad60-0871cf6401b7","vpcEndpointId":"vpce-08931dbe1a3ad50e0","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:27:13Z","eventSource":"rolesanywhere.amazonaws.com","eventName":"CreateProfile","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_d42001c7-3946-4d49-903d-c68f835109a3","requestParameters":{"durationSeconds":3600,"enabled":true,"name":"malicious-rolesanywhere-profile","roleArns":["arn:aws:iam::123837392027:role/stratus-red-team-trust-anchor-role"],"tags":[{"key":"HIDDEN_DUE_TO_SECURITY_REASONS","value":"HIDDEN_DUE_TO_SECURITY_REASONS"}]},"responseElements":{"profile":{"createdAt":"2023-07-10T12:27:13.431264Z","createdBy":"arn:aws:iam::123837392027:user/bert-jan","durationSeconds":3600,"enabled":true,"name":"malicious-rolesanywhere-profile","profileArn":"arn:aws:rolesanywhere:us-east-1:123837392027:profile/ac4e09d1-a150-4924-bb76-23b00fa7c34a","profileId":"ac4e09d1-a150-4924-bb76-23b00fa7c34a","roleArns":["arn:aws:iam::123837392027:role/stratus-red-team-trust-anchor-role"],"updatedAt":"2023-07-10T12:27:13.431264Z"}},"requestID":"10a95e85-a0a2-4fc5-bf32-129a98e8f7c9","eventID":"782bc4f5-53eb-4072-ac09-070425df6eef","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"rolesanywhere.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:26:49Z","eventSource":"lambda.amazonaws.com","eventName":"GetFunction20150331v2","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.18.0 os/linux lang/go/1.19.8 md/GOOS/linux md/GOARCH/amd64 api/lambda/1.34.1 stratus-red-team_7e61c71f-e649-4c72-a4e3-0a63b2bc9150 HashiCorp-terraform-exec/0.17.3","requestParameters":{"functionName":"stratus-red-team-olc-func-xhfgzaowxc"},"responseElements":null,"requestID":"a0555eef-aea8-47af-9260-ed8f1fa5c067","eventID":"f323a563-95ba-4675-bb8a-9863220df3c3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:54Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVolumes","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"maxResults":1000,"volumeSet":{},"filterSet":{}},"responseElements":null,"requestID":"eedef094-959c-4622-b910-d411eeac345c","eventID":"29d37c53-9ab1-4702-8d11-0171eef6a77a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:54Z","eventSource":"elasticloadbalancing.amazonaws.com","eventName":"DescribeLoadBalancers","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"pageSize":200},"responseElements":null,"requestID":"bec55cd2-46d8-4e98-adf6-c8fe209ec48a","eventID":"e3bb4364-d0ca-4c0f-a194-b3af5d5280b3","readOnly":true,"eventType":"AwsApiCall","apiVersion":"2012-06-01","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:58Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAddressTransfers","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"DescribeAddressTransfersRequest":{"AllocationId":{"tag":1,"content":"eipalloc-04cbfdaf4b48e92d5"}}},"responseElements":null,"requestID":"299b0e66-1b4f-438a-8323-7569678896cf","eventID":"579e0fba-beef-46c4-9ee9-c8b4482064ab","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:27:54Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVolumeStatus","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"volumeSet":{},"filterSet":{},"maxResults":1000},"responseElements":null,"requestID":"79b5840a-5a54-45ed-912e-c4eea46c2a67","eventID":"8242ec66-3f5d-4032-be35-6cdbc6fc58d7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:08Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeNatGateways","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"DescribeNatGatewaysRequest":{"MaxResults":1000}},"responseElements":null,"requestID":"9aebdb4a-d4cb-4262-be0f-4d27f93a55c0","eventID":"9c0b499b-4070-4a58-87ea-84371b300f94","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCVDQK5XKV","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:08Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeNatGateways","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"DescribeNatGatewaysRequest":{"MaxResults":1000}},"responseElements":null,"requestID":"a40ad1c5-c70a-4212-bf5f-9a368a92d903","eventID":"7f9a59ae-1337-46c0-8ce7-ba3f4f57be0d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:19Z","eventSource":"rds.amazonaws.com","eventName":"DescribeEvents","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"duration":1440},"responseElements":null,"requestID":"70d98fa6-103e-4a91-b075-d14217e851cf","eventID":"ecea916b-8348-4166-ab7d-18be871f30bb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:19Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBInstances","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":null,"responseElements":null,"requestID":"2307f02d-26fb-43f5-96d8-c896dc9e169a","eventID":"ec46c8e9-c2e5-499b-85b9-2a6661b4f8c1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:18Z","eventSource":"rds.amazonaws.com","eventName":"DescribeRecommendationGroups","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"filters":[{"name":"recommendation-status","values":["ACTIVE"]},{"name":"recommendation-api-version","values":["v2"]},{"name":"locale","values":["en"]}]},"responseElements":null,"requestID":"a066bc4b-6429-4977-ab0f-2743c0215cd2","eventID":"b3582704-d94b-4d20-a1b9-6be6b36e62e1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:24Z","eventSource":"iam.amazonaws.com","eventName":"ListAccessKeys","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_21b27090-a535-432d-97e9-a519a2bda2fe","requestParameters":{"userName":"malicious-iam-user"},"responseElements":null,"requestID":"2daf2846-b562-45ff-8c55-729c2452d467","eventID":"b6349c43-9682-40c4-abf2-f57fb09ccaed","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:24Z","eventSource":"iam.amazonaws.com","eventName":"DeleteAccessKey","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_21b27090-a535-432d-97e9-a519a2bda2fe","requestParameters":{"userName":"malicious-iam-user","accessKeyId":"AKIATFQR7NSCQLA2F4OD"},"responseElements":null,"requestID":"a67baf7f-8ce8-49c0-9076-8270470ba791","eventID":"20e603c0-e2d6-4bc4-9f25-031d3e314950","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:24Z","eventSource":"iam.amazonaws.com","eventName":"DetachUserPolicy","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_21b27090-a535-432d-97e9-a519a2bda2fe","requestParameters":{"policyArn":"arn:aws:iam::aws:policy/AdministratorAccess","userName":"malicious-iam-user"},"responseElements":null,"requestID":"1aa8128d-b2b8-42ec-85de-317ce511ecc0","eventID":"7dfa2d8e-aa3d-44d1-bd90-d990f58311e0","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:24Z","eventSource":"iam.amazonaws.com","eventName":"DeleteUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_21b27090-a535-432d-97e9-a519a2bda2fe","requestParameters":{"userName":"malicious-iam-user"},"responseElements":null,"requestID":"e98838f5-a842-4820-ba1f-04fc0c73afd5","eventID":"0bb0dbe3-f64f-461a-aa94-bde583ff90b6","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:24Z","eventSource":"s3.amazonaws.com","eventName":"DeleteBucketPolicy","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[stratus-red-team_b1d7e3ac-1a0f-40b2-b062-a4297558e42f]","requestParameters":{"bucketName":"stratus-red-team-bdbp-lhfzvgcamn","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.us-east-1.amazonaws.com","policy":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"ri2kYFQG4IDcZT+VgIXi/VJMZ4k7oSrx/E6+Tq4qICuZWzqo2/kFoqii+/nvMkPpYZBkPiNnPxQ=","bytesTransferredOut":0},"requestID":"Z8ACGF9H5JD4TYH9","eventID":"b921a62d-9241-42a2-bb3c-6821e55c20cd","readOnly":false,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:19Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBClusterParameterGroups","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":null,"responseElements":null,"requestID":"ace5e4a6-6ee0-4797-a8af-078b3e20d202","eventID":"6e669813-bca3-4a5d-a1f1-dd26e88345c0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"AWSService","invokedBy":"rolesanywhere.amazonaws.com"},"eventTime":"2023-07-10T12:28:25Z","eventSource":"sts.amazonaws.com","eventName":"AssumeRole","awsRegion":"us-east-1","sourceIPAddress":"rolesanywhere.amazonaws.com","userAgent":"rolesanywhere.amazonaws.com","requestParameters":{"roleArn":"arn:aws:iam::123837392027:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere","roleSessionName":"RolesAnywhereInternalSession"},"responseElements":{"credentials":{"accessKeyId":"ASIATFQR7NSCUJQC4GEU","sessionToken":"IQoJb3JpZ2luX2VjEC0aCXVzLWVhc3QtMSJIMEYCIQDbqJTONgDmSx+iMnbR6bPlYJFEbiv3jolNNp2JUwgK3QIhAIaNZ2nFKkBrGdX7cfOSMcyQdXRk1v4Xd+KR1Kbip3d7Kp8CCKb//////////wEQARoMMjE4MDA3MzAxMjUzIgz2JW320X0Bw7I1mKQq8wEZcYYLnX0yuKvlDsMsCSycdEbDs/p09XTYzuT5Ifg4/kg3DWyI31m4mtCzUVecRhqOb/UsppqeCHqsxyex2DZWcdZRu1+VAGOve6kO080PRikiRRZzqkC57Q9Ci0PSdP4XbNQY9crqxzJCmz9D9hvSQNuLGHPOSeIPxYgQ8d+u/QrILxqHgrKYFi+xrxuH2PhKzb+0OH90/3dTys2APSp4hz3ITnFqxAHFxZuHVdABBE5z/y09b9r3zykiuczdjbT2IIIfPAssKzf41fbA1B/AeAfqbvwIn6EiLgsGxfKjk0oyMmdEOcxHuRKeIbIEEanRqRAw6fKvpQY6jgGCs36GnKBWjN0nWn33+64e4QkiihKQBJ/K4+grhuGfAjV9PjDp5s9FDxTdiEuDGvIdVQwhbMJ3bVaOsKKZxt4IrczpjT2SsBX++Y7cJauwk0/mWVR2RkCvbNVriQJYBSScj1HNDQxllouN6lZdxOUlL6AiyrtvInInVabpt1dSkcLOpj96Xz0xo9pezZ2N","expiration":"Jul 10, 2023, 1:28:25 PM"},"assumedRoleUser":{"assumedRoleId":"AROATFQR7NSCS7GEJRX6M:RolesAnywhereInternalSession","arn":"arn:aws:sts::123837392027:assumed-role/AWSServiceRoleForRolesAnywhere/RolesAnywhereInternalSession"}},"requestID":"e077f0b7-242b-49de-84f7-54ae19153578","eventID":"fc7f9e87-5b7b-4447-b9bc-60cae929687c","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::IAM::Role","ARN":"arn:aws:iam::123837392027:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","sharedEventID":"8c42767a-7fe6-4740-9d1d-a9ab230a8b6d","vpcEndpointId":"vpce-08931dbe1a3ad50e0","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:28Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"fad54689-5c9a-4f29-a9fb-75158f062ff9","eventID":"30a0bd26-df02-4212-af7b-8b29bbc89a5a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:31Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"f780280a-3fab-4b7f-b90e-9931a85b9b2d","eventID":"864fb061-13c9-4f99-a06c-a1363af8284d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:30Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.16.4 os/linux lang/go/1.17.6 md/GOOS/linux md/GOARCH/amd64 api/iam/1.18.4 HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"3f9286fe-b616-4682-8486-612edf7d891f","eventID":"d73b33fa-37c1-4f1b-8df9-4921a7ccf710","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:32Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcAttribute","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcId":"vpc-07b33857c7ad1c027"},"responseElements":null,"requestID":"a32e5a09-0a9a-4517-b963-c96c083b6d15","eventID":"7fd854dc-7719-4b3e-9705-b1d113290692","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:30Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcClassicLink","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcSet":{"item":[{"vpcId":"vpc-0e568b18707c87afa"}]},"filterSet":{}},"responseElements":null,"requestID":"627906f9-20c8-419d-8f3a-a47facab4efe","eventID":"2d419208-b94c-4827-8ca9-5c34b77168fe","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:30Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcs","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcSet":{"items":[{"vpcId":"vpc-04ae35a334cd7ef4f"}]},"filterSet":{}},"responseElements":null,"requestID":"b83ed162-694d-4e0b-8b6f-ce0a043407db","eventID":"72a7e9c0-1378-40b7-89a4-ca2d591360a9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:32Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"cea646c0-40d4-4c8b-98aa-474463bcad54","eventID":"aeeede0b-e7c5-4a2f-a82b-9d1bf34c25b7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeAvailabilityZones","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"availabilityZoneSet":{},"availabilityZoneIdSet":{},"filterSet":{"items":[{"name":"state","valueSet":{"items":[{"value":"available"}]}}]}},"responseElements":null,"requestID":"f38db885-ee49-4b98-aac6-c648d755934a","eventID":"52bb1983-0024-4a61-86d3-f0c875475517","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:32Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{},"filterSet":{"items":[{"name":"association.main","valueSet":{"items":[{"value":"true"}]}},{"name":"vpc-id","valueSet":{"items":[{"value":"vpc-0e568b18707c87afa"}]}}]}},"responseElements":null,"requestID":"8aaf8167-b03a-43e4-acca-e184c69ad981","eventID":"44df4cda-23b1-48b0-8151-a2cda8a92de6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeSubnets","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","errorCode":"Client.InvalidSubnetID.NotFound","errorMessage":"The subnet ID 'subnet-0afaf7ba0564cac3a' does not exist","requestParameters":{"subnetSet":{"items":[{"subnetId":"subnet-0afaf7ba0564cac3a"}]},"filterSet":{}},"responseElements":null,"requestID":"2dcaa96a-28a5-42b5-8f25-1fdf86725168","eventID":"6e92b3fa-1c21-4e26-b09d-0d436d4d724b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"iam.amazonaws.com","eventName":"ListAttachedRolePolicies","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-backdoor-r-role"},"responseElements":null,"requestID":"9104faef-6339-4e4b-9e02-9583b46a0aef","eventID":"ad372fda-f793-4c5f-85e5-d63d6a5d801a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"iam.amazonaws.com","eventName":"DetachRolePolicy","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-backdoor-r-role","policyArn":"arn:aws:iam::aws:policy/AdministratorAccess"},"responseElements":null,"requestID":"6bc98d8b-71c4-44f6-bdd7-e73f9fa0bf91","eventID":"562792e5-c2d3-4ae5-a763-e734c41a3f02","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:34Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"neptune","engineVersion":"1.2.0.2","vpc":true},"responseElements":null,"requestID":"4bdcfc4a-4b0c-4509-9df5-b73bff735c81","eventID":"3e6d6cca-ff01-43d6-9a3b-2cb134f04b69","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:35Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"29fb4e98-b224-480c-a662-0f2f7111fc16","eventID":"5a404b41-47c4-4a0f-991a-74b5d95bce77","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"iam.amazonaws.com","eventName":"ListSSHPublicKeys","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"userName":"stratus-red-team-backdoor-u-user"},"responseElements":null,"requestID":"d47dc1f0-7959-45a2-bd84-66b78d7b1de8","eventID":"f1608014-8e0d-4489-97e3-b41a1a8cfff2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"iam.amazonaws.com","eventName":"ListVirtualMFADevices","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"assignmentStatus":"Assigned"},"responseElements":null,"requestID":"42705f59-fd48-4df2-a899-a27fcc836d82","eventID":"ce788df4-fb0e-42ca-957f-20921707b5e2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{},"filterSet":{"items":[{"name":"association.main","valueSet":{"items":[{"value":"true"}]}},{"name":"vpc-id","valueSet":{"items":[{"value":"vpc-098ff30ff74b36f73"}]}}]}},"responseElements":null,"requestID":"1b7a1475-3d7c-47c3-b315-223523a13588","eventID":"1564f343-899e-4399-972a-b14e79dda8a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeSecurityGroups","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"securityGroupSet":{},"securityGroupIdSet":{},"filterSet":{"items":[{"name":"group-name","valueSet":{"items":[{"value":"default"}]}},{"name":"vpc-id","valueSet":{"items":[{"value":"vpc-098ff30ff74b36f73"}]}}]}},"responseElements":null,"requestID":"77fc8ffd-65db-4597-9b4c-49b96c52ab73","eventID":"0efb56b9-eb0a-4feb-9cc8-e817ee3b5aa4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{"items":[{"routeTableId":"rtb-08cbc80e25a39c743"}]},"filterSet":{}},"responseElements":null,"requestID":"93682b46-b610-4606-82a6-92e26e1f8a10","eventID":"b5f2076c-7a38-4672-9459-87788af910cd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{"items":[{"routeTableId":"rtb-08cbc80e25a39c743"}]},"filterSet":{}},"responseElements":null,"requestID":"ac5cffce-88b3-4e75-99fc-d753a0b895ff","eventID":"1852ab40-f886-411c-a35e-988527b85911","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcs","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcSet":{"items":[{"vpcId":"vpc-098ff30ff74b36f73"}]},"filterSet":{}},"responseElements":null,"requestID":"500e4222-5e0a-4f0d-b58a-bc7a7f9c5e93","eventID":"a0d15d0b-f31f-48a2-83ca-2b360cc192d1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcClassicLink","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcSet":{"item":[{"vpcId":"vpc-098ff30ff74b36f73"}]},"filterSet":{}},"responseElements":null,"requestID":"dc194fdb-3cb8-4b70-97c5-b362eb6714fd","eventID":"4c50f380-b8e8-4455-a5c3-7eb344f090d4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcClassicLinkDnsSupport","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"DescribeVpcClassicLinkDnsSupportRequest":{"VpcIds":{"tag":1,"content":"vpc-098ff30ff74b36f73"}}},"responseElements":null,"requestID":"80a8b6ad-5aba-42a5-b03d-9fe91be99821","eventID":"55a3e5b8-0286-4a14-ba30-1a8d85da4835","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcAttribute","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcId":"vpc-098ff30ff74b36f73"},"responseElements":null,"requestID":"f6bdb1bf-2716-415c-bcd2-abb5fbd32640","eventID":"2692a6a3-87a3-4f3e-a929-2a587e185772","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:33Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcAttribute","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcId":"vpc-098ff30ff74b36f73"},"responseElements":null,"requestID":"261c16f9-026e-4839-bb64-5e85aedaff66","eventID":"19e6319d-8b2c-4e04-898c-cf5e3e202f17","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcAttribute","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcId":"vpc-098ff30ff74b36f73"},"responseElements":null,"requestID":"c7f3c947-81d3-4894-89be-9696fecb46c7","eventID":"c03393e0-420e-4c4b-ab77-cc5bbd72798f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeNetworkAcls","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"networkAclIdSet":{},"filterSet":{"items":[{"name":"default","valueSet":{"items":[{"value":"true"}]}},{"name":"vpc-id","valueSet":{"items":[{"value":"vpc-098ff30ff74b36f73"}]}}]}},"responseElements":null,"requestID":"fe14c7e8-5ede-4e98-a526-03d6dcc25027","eventID":"0d0b7361-0492-4b6b-a054-f762d22daed1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketLifecycle","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.261 (go1.19.8; linux; amd64) HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchLifecycleConfiguration","errorMessage":"The lifecycle configuration does not exist","requestParameters":{"lifecycle":"","bucketName":"stratus-red-team-olc-bucket-xhfgzaowxc","Host":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"YoDwNri+RrlTZLTsGnjfif/dEK8NDFFxrOlvI55hvL1Fn7xaozrZenoHh0kiKD1ODCpdWXX77sc=","bytesTransferredOut":312},"requestID":"QFK7Y6VN1WQK1AEW","eventID":"05b2d167-590c-4faa-a16d-c55873a94f2d","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-olc-bucket-xhfgzaowxc"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-olc-bucket-xhfgzaowxc.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:36Z","eventSource":"ec2.amazonaws.com","eventName":"DeleteSubnet","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"subnetId":"subnet-08752c8d74ae2c324"},"responseElements":{"requestId":"128edb7d-5539-4ad6-803f-b96477fee48a","_return":true},"requestID":"128edb7d-5539-4ad6-803f-b96477fee48a","eventID":"f543572e-349a-4251-8d0d-61ffced89ecd","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:34Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeSecurityGroups","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"securityGroupSet":{},"securityGroupIdSet":{},"filterSet":{"items":[{"name":"group-name","valueSet":{"items":[{"value":"default"}]}},{"name":"vpc-id","valueSet":{"items":[{"value":"vpc-07b33857c7ad1c027"}]}}]}},"responseElements":null,"requestID":"eaef31c0-d7a6-4e56-9997-a64913710cc3","eventID":"806d909f-7d83-426e-b056-415eae67dce7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:39Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{"items":[{"routeTableId":"rtb-026f5220869c79072"}]},"filterSet":{}},"responseElements":null,"requestID":"437099c6-11b2-4a15-9eb8-767cc538fcc9","eventID":"be4b23a6-2615-4ff1-a1fa-4bc3a26c5743","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:40Z","eventSource":"ec2.amazonaws.com","eventName":"DeleteRouteTable","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableId":"rtb-026f5220869c79072"},"responseElements":{"requestId":"c906ce5b-3709-4dee-b8ad-7c2c07ac177f","_return":true},"requestID":"c906ce5b-3709-4dee-b8ad-7c2c07ac177f","eventID":"7e5fd3b4-836b-420b-a3f9-dde2fe5753c5","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:40Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","errorCode":"Client.InvalidRouteTableID.NotFound","errorMessage":"The routeTable ID 'rtb-01982f631c227e48f' does not exist","requestParameters":{"routeTableIdSet":{"items":[{"routeTableId":"rtb-01982f631c227e48f"}]},"filterSet":{}},"responseElements":null,"requestID":"00c7c7d2-99bc-469a-a3b9-4ec70bee8aad","eventID":"efcaa9b3-a99c-4c7b-83d0-68981490cc35","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:39Z","eventSource":"rds.amazonaws.com","eventName":"DeleteDBInstance","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"dBInstanceIdentifier":"terraform-20230710121504061500000001","skipFinalSnapshot":false,"finalDBSnapshotIdentifier":"terraform-20230710121504061500000001-snapshot","deleteAutomatedBackups":true},"responseElements":{"dBInstanceIdentifier":"terraform-20230710121504061500000001","dBInstanceClass":"db.t3.micro","engine":"mysql","dBInstanceStatus":"deleting","masterUsername":"admin","dBName":"stratusredteamsharesnapdb","endpoint":{"address":"terraform-20230710121504061500000001.c2m8opohni2g.us-east-1.rds.amazonaws.com","port":3306,"hostedZoneId":"Z2R2ITUGPM61AM"},"allocatedStorage":10,"instanceCreateTime":"Jul 10, 2023 12:19:33 PM","preferredBackupWindow":"04:41-05:11","backupRetentionPeriod":0,"dBSecurityGroups":[],"vpcSecurityGroups":[{"vpcSecurityGroupId":"sg-0a1ae80d31d1e9c86","status":"active"}],"dBParameterGroups":[{"dBParameterGroupName":"default.mysql8.0","parameterApplyStatus":"in-sync"}],"availabilityZone":"us-east-1b","dBSubnetGroup":{"dBSubnetGroupName":"stratus-red-team-share-snap-vpc","dBSubnetGroupDescription":"Database subnet group for stratus-red-team-share-snap-vpc","vpcId":"vpc-07b33857c7ad1c027","subnetGroupStatus":"Complete","subnets":[{"subnetIdentifier":"subnet-0cac13291c6f317ec","subnetAvailabilityZone":{"name":"us-east-1a"},"subnetOutpost":{},"subnetStatus":"Active"},{"subnetIdentifier":"subnet-0c8a70cf4fd24084f","subnetAvailabilityZone":{"name":"us-east-1b"},"subnetOutpost":{},"subnetStatus":"Active"}]},"preferredMaintenanceWindow":"tue:03:39-tue:04:09","pendingModifiedValues":{},"multiAZ":false,"engineVersion":"8.0.32","autoMinorVersionUpgrade":true,"readReplicaDBInstanceIdentifiers":[],"licenseModel":"general-public-license","storageThroughput":0,"optionGroupMemberships":[{"optionGroupName":"default:mysql-8-0","status":"in-sync"}],"publiclyAccessible":false,"storageType":"gp2","dbInstancePort":0,"storageEncrypted":false,"dbiResourceId":"db-PDUCDGLRGDVGNFIUKF4FRJGEGY","cACertificateIdentifier":"","domainMemberships":[],"copyTagsToSnapshot":false,"monitoringInterval":0,"dBInstanceArn":"arn:aws:rds:us-east-1:123837392027:db:terraform-20230710121504061500000001","iAMDatabaseAuthenticationEnabled":false,"performanceInsightsEnabled":false,"deletionProtection":false,"associatedRoles":[],"httpEndpointEnabled":false,"tagList":[{"key":"StratusRedTeam","value":"true"}],"customerOwnedIpEnabled":false,"networkType":"IPV4","backupTarget":"region","dedicatedLogVolume":false},"requestID":"23ffb7fd-6479-46bd-9db4-62348a02d8a4","eventID":"b5232796-c668-4d71-a006-d9cabb3d607d","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:34Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"engine":"custom-sqlserver-se","engineVersion":"15.00.4312.2.v1","vpc":true},"responseElements":null,"requestID":"0eeaafc8-e41b-45ad-8862-6c200aa413f7","eventID":"6ce82867-0d3b-428f-a545-8bac2565839e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:24Z","eventSource":"rolesanywhere.amazonaws.com","eventName":"DeleteTrustAnchor","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_22fd7cec-81a8-4518-9133-fb57a8af00b8","requestParameters":{"trustAnchorId":"49e25ec3-bdfe-4150-8683-b4ea4ee85cfd"},"responseElements":{"trustAnchor":{"createdAt":"2023-07-10T12:27:13.230465Z","enabled":true,"name":"malicious-rolesanywhere-trust-anchor","notificationSettings":[{"channel":"ALL","configuredBy":"rolesanywhere.amazonaws.com","enabled":true,"event":"CA_CERTIFICATE_EXPIRY","threshold":45},{"channel":"ALL","configuredBy":"rolesanywhere.amazonaws.com","enabled":true,"event":"END_ENTITY_CERTIFICATE_EXPIRY","threshold":45}],"source":{"sourceData":{"x509CertificateData":"-----BEGIN CERTIFICATE-----\nMIIE3zCCAsegAwIBAgIJAOZLUn/n7YvYMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNV\nBAYTAkVTMB4XDTIyMDcxMDIxMjgxOVoXDTMyMDcwNzIxMjgxOVowDTELMAkGA1UE\nBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDb0ga7LzegYNXV\noBTY7ByNCtgqAEoZVQAEQAxpWzK4wL4V+TKRRGiP9KQSbMsU35dBuxzg2Ih62dwr\nh6S7vYX4eU8YpGcutrWekzAl+G4GwfbHcwJYt9ALrneFUUWEedYA6BTVG0b+cwIL\nOkVJSlB/4bAVFocwafdnFi3CLsIhXF/Yn90mnug+qsXSWPMZmTXaykiO9+AWV/pO\n/JNS2WLPp4EKUT3CGm12TxBMHG0sWG0xopuj4KXTsyJFELDevSo92ldqyCIJFgG8\nwBmbETxx9TlTPEU6hVkG4MLE2ekkEQK8WVLpZvTGFRrauawMhAzfFV9ZcgIsURy7\nv2/FlYL7OedesimPfGD8M1dkm4yK2dVvUf/HyEL1IB1+3NtAOoifZ5jBBJKaybF0\n/W85asZWVg+yKokFhmQRzu4BFnPhsoTwau+WuySYokbWIEzdW8FljWpwiPlvnqy+\nVJVKdZuzWx12yLzK5srQ4Qcb/tQqkooVASM0PH5ts3PYlf5hRgxqKgCR5lXODxoA\n0aylk6+wC2oBLhvufmwObsOMcxMbPv+EQvzYChL1MRLvEPAmATiE64ZLn8IOu9MG\n9GRC6D/NkLy9LdsPWfzx+W1itrWR3ft/uD/HXILAVc54HejbZGsPsLe7qITDNc7n\nD5zM+orgu67zgRaBOm1kPZbr/vHUFQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYw\nHQYDVR0OBBYEFJNT8WprixUiturSY9GAHXmAcP/RMA8GA1UdEwEB/wQFMAMBAf8w\nDQYJKoZIhvcNAQELBQADggIBAJ1clg4GzHuMxTmpz+riL2klUZEMpJPvy682c0iH\nNlG0f30cNHdSlnhCnx78h3n1xotSM8zZf6+LepCZWCzho5p3Fep7sDumQ+chgdIp\nNApgcGX7tpx+TVjrrwkpxioMSfVFHJ7RMSewumnOXw4NsUQmGJdku8FUR7BWRRiY\nfk0MoQ9nuwjt+RcSz/IKdFTzjI70nPikjSSd0L/ovWk5aXgLcnZpgzv6r4HbafJU\n7dEnP+paZugEUts+SNXr3vkSuiLod7iiOcmQFvtRDFUAn4QonoN/6lDDOGLYsy0J\nrv9GI+Y5VYt6JRGNJq/yCBV1KhhjaWll0kl/UNxIr+hBQ5Vul9SiR3jbbNlRh1PE\nMPEAzhcqG8i3oZwwl62pjqPja+EvSuoPHf0tJ1rmjWmBt3irShSnuFN69+E4h20d\n2cHVyF4GqF2VdNPYa0lh0cSIsNCJJ5+eyXRHKPcUCKI7pDYdbKZt+8ILlZC5PsSK\nC0XsWIzqSG69Uqkm8c0P07NPmcAnGC3O92uhOrb4ytC2KyHVrNa+Bs6VYlYr3ayq\n5AVfJZGuSxldlyM0N/peEKqz9vok4FoBxxSZGDi9ZDIMjLTpypHOMXi0d8YcClFO\nlmRijJoUF95T+svxE60fdndPlleDKC8OnxvcIbS4OSK0ZqK1SFgTNaIgOniUSY6Q\nV0KM\n-----END CERTIFICATE-----\n"},"sourceType":"CERTIFICATE_BUNDLE"},"trustAnchorArn":"arn:aws:rolesanywhere:us-east-1:123837392027:trust-anchor/49e25ec3-bdfe-4150-8683-b4ea4ee85cfd","trustAnchorId":"49e25ec3-bdfe-4150-8683-b4ea4ee85cfd","updatedAt":"2023-07-10T12:27:13.230465Z"}},"requestID":"5ce1232d-7faf-4a42-9897-15dc23717d76","eventID":"7663e5f0-fdb7-40ac-9186-47bdefbc26d5","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"rolesanywhere.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:43Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"engineVersion":"19.0.0.0.ru-2023-04.rur-2023-04.r1","engine":"oracle-ee-cdb"},"responseElements":null,"requestID":"85f87675-2196-4a0c-b78f-df24f964aa16","eventID":"626642ce-1821-4b23-bbc4-15afda4d14f8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:38Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"engineVersion":"8.0.32","engine":"mysql"},"responseElements":null,"requestID":"8b091083-a43a-4320-80c6-a4f3b8474a6b","eventID":"19a3a222-f0ea-4109-80ce-20027d06d10d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:39Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIubTZnZC44eGxhcmdlCmdlbmVyYWwtcHVibGljLWxpY2Vuc2UKOC4wLjMyClkKZ3Az","engineVersion":"8.0.32","engine":"mysql"},"responseElements":null,"requestID":"62f6ae8e-b3e3-4185-b321-dba3d19fa68d","eventID":"1d358f46-ed32-4114-9577-1c9a655d0a46","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:39Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIucjQueGxhcmdlCmdlbmVyYWwtcHVibGljLWxpY2Vuc2UKOC4wLjMyClkKaW8x","engineVersion":"8.0.32","engine":"mysql"},"responseElements":null,"requestID":"f2f46637-9535-4b57-9ddf-02fb48fc736e","eventID":"abd788ba-fab5-4594-a6cf-037b4b0dc3e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:39Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIucjZnLjh4bGFyZ2UKZ2VuZXJhbC1wdWJsaWMtbGljZW5zZQo4LjAuMzIKWQppbzE=","engineVersion":"8.0.32","engine":"mysql"},"responseElements":null,"requestID":"4d701ef8-3eaa-428b-9cd9-79124201c302","eventID":"f1fdb94b-6de7-4682-867c-40394fc443eb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:39Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIudDIubWljcm8KZ2VuZXJhbC1wdWJsaWMtbGljZW5zZQo4LjAuMzIKWQpncDI=","engineVersion":"8.0.32","engine":"mysql"},"responseElements":null,"requestID":"32aaefe1-ba9c-4dd8-9a19-3f6cd1098d9e","eventID":"0bbcc440-cadf-46d5-a991-5ccb97be0755","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:39Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIueDJpZWRuLnhsYXJnZQpnZW5lcmFsLXB1YmxpYy1saWNlbnNlCjguMC4zMgpZCmdwMw==","engineVersion":"8.0.32","engine":"mysql"},"responseElements":null,"requestID":"cbe25ecd-6614-4f1d-8777-f703668fa902","eventID":"9665bbf0-9a78-4452-a609-9bffe7ae3ab9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:43Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIucjUuMTJ4bGFyZ2UKYnJpbmcteW91ci1vd24tbGljZW5zZQoxOS4wLjAuMC5ydS0yMDIzLTA0LnJ1ci0yMDIzLTA0LnIxClkKZ3Ay","engineVersion":"19.0.0.0.ru-2023-04.rur-2023-04.r1","engine":"oracle-ee-cdb"},"responseElements":null,"requestID":"76299743-0025-4fd5-b5e1-912998dbf427","eventID":"97840496-074c-4a69-a012-c074ea127003","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:43Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIucjViLjR4bGFyZ2UudHBjMi5tZW00eApicmluZy15b3VyLW93bi1saWNlbnNlCjE5LjAuMC4wLnJ1LTIwMjMtMDQucnVyLTIwMjMtMDQucjEKWQpncDI=","engineVersion":"19.0.0.0.ru-2023-04.rur-2023-04.r1","engine":"oracle-ee-cdb"},"responseElements":null,"requestID":"582c6d35-6e33-46ab-9cbc-be1133dd8398","eventID":"143ee649-ea0b-4d11-95a4-4f0301ba7012","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:43Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIucjZpLjJ4bGFyZ2UKYnJpbmcteW91ci1vd24tbGljZW5zZQoxOS4wLjAuMC5ydS0yMDIzLTA0LnJ1ci0yMDIzLTA0LnIxClkKZ3Ay","engineVersion":"19.0.0.0.ru-2023-04.rur-2023-04.r1","engine":"oracle-ee-cdb"},"responseElements":null,"requestID":"24237ad2-d043-46b6-ac28-861d44fe3984","eventID":"3c3eea14-f4fb-490c-9cc2-710cc85e4144","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:43Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIueDJpZWRuLjMyeGxhcmdlCmJyaW5nLXlvdXItb3duLWxpY2Vuc2UKMTkuMC4wLjAucnUtMjAyMy0wNC5ydXItMjAyMy0wNC5yMQpZCmdwMg==","engineVersion":"19.0.0.0.ru-2023-04.rur-2023-04.r1","engine":"oracle-ee-cdb"},"responseElements":null,"requestID":"2ae53e4e-b693-441b-bfbb-124a51e10bcd","eventID":"71606056-75c3-4547-bf0c-c0ddb1cfb9fa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:47Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"engineVersion":"14.7","engine":"postgres"},"responseElements":null,"requestID":"79197926-b6ec-4d52-9c3f-7e2e7b9ae7a9","eventID":"52508ae7-6cff-4650-b2a9-820c0daca411","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:47Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIubTZpLjI0eGxhcmdlCnBvc3RncmVzcWwtbGljZW5zZQoxNC43ClkKaW8x","engineVersion":"14.7","engine":"postgres"},"responseElements":null,"requestID":"305fec58-5e3a-45b4-b6ff-d58dab5d74e6","eventID":"92cdc9e5-598a-4519-9d83-63e6a9fcc796","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:48Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIucjViLjh4bGFyZ2UKcG9zdGdyZXNxbC1saWNlbnNlCjE0LjcKWQppbzE=","engineVersion":"14.7","engine":"postgres"},"responseElements":null,"requestID":"6226bf98-4935-4a11-8d13-1efd9a1eebc4","eventID":"db3be211-4641-4eee-9244-c9e1e96baf36","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:48Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIucjZpLjh4bGFyZ2UKcG9zdGdyZXNxbC1saWNlbnNlCjE0LjcKWQpncDI=","engineVersion":"14.7","engine":"postgres"},"responseElements":null,"requestID":"8fcc7d1b-cc25-49df-8751-7822b386373d","eventID":"f102a0ad-36dd-43dc-b0ae-39ab78fe6cef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCS5BLNV76","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:28:48Z","eventSource":"rds.amazonaws.com","eventName":"DescribeOrderableDBInstanceOptions","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"vpc":true,"marker":"ZGIueDJnLjR4bGFyZ2UKcG9zdGdyZXNxbC1saWNlbnNlCjE0LjcKWQpncDI=","engineVersion":"14.7","engine":"postgres"},"responseElements":null,"requestID":"d569554c-e6f8-4258-a5e6-3cb47b995ea1","eventID":"af54eba8-8169-410b-8d81-4b2c6f571a0e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:28:36Z","eventSource":"lambda.amazonaws.com","eventName":"GetFunctionCodeSigningConfig","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.18.0 os/linux lang/go/1.19.8 md/GOOS/linux md/GOARCH/amd64 api/lambda/1.34.1 HashiCorp-terraform-exec/0.17.3","requestParameters":{"functionName":"stratus-red-team-olc-func-xhfgzaowxc"},"responseElements":null,"requestID":"d53001d7-8a72-48df-9597-ae43038b28d4","eventID":"e7d2403d-d764-4283-8644-5d5175f6fb69","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"lambda.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:29:09Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBInstances","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) HashiCorp-terraform-exec/0.17.3","requestParameters":{"dBInstanceIdentifier":"terraform-20230710121504061500000001"},"responseElements":null,"requestID":"d63a5c64-c1c2-4709-95da-faefb8cb5574","eventID":"76e9512a-f9b7-404e-898e-48d3078169b0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"rds.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCTXHGKQOQ","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:19Z","eventSource":"health.amazonaws.com","eventName":"DescribeEventAggregates","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"AWS Internal","requestParameters":{"aggregateField":"eventTypeCategory","filter":{"eventStatusCodes":["open","upcoming"],"startTimes":[{"from":"Jul 3, 2023 12:29:19 PM"}]}},"responseElements":null,"requestID":"ce7a45aa-463f-4dae-a20e-a8c808482d19","eventID":"37720bab-5666-4d98-a811-f2244ef05794","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","sessionCredentialFromConsole":"true"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"ListAccessPoints","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"bucket":"baker221b-bucketsevidenceeeedc25d-1q9cl0tuy4gbm","Host":"123837392027.s3-control.us-east-1.amazonaws.com","maxResults":"1"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"+WFUdHeJKA8nyHLr+32fthl6Xi7W6d7lrwbzKGlRVwFvuMXdLJhN2ujwYujo7GxfyHKG/BRywSrX4ukq/JfBvQ==","bytesTransferredOut":72},"requestID":"0DE5X09FCFV6493A","eventID":"b7e9b376-d292-46c4-a0d3-247a11b6ee72","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"123837392027.s3-control.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketPolicyStatus","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","errorCode":"NoSuchBucketPolicy","errorMessage":"The bucket policy does not exist","requestParameters":{"bucketName":"invictus-aws-2022-10-27-quygr","Host":"invictus-aws-2022-10-27-quygr.s3.us-east-1.amazonaws.com","policyStatus":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"BuavljEDq8YIGdyuH6RkovXzybGRIjgXMKtb2pFLxhioPomAKsGSvXEavRqoNEUEHVOlpMN5P00=","bytesTransferredOut":322},"requestID":"0DE1H4QPMX3V9DG6","eventID":"cfa1a92b-1341-4a64-b4fa-d3ee5f4e4db3","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::invictus-aws-2022-10-27-quygr"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"invictus-aws-2022-10-27-quygr.s3.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketPublicAccessBlock","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","errorCode":"NoSuchPublicAccessBlockConfiguration","errorMessage":"The public access block configuration was not found","requestParameters":{"publicAccessBlock":"","bucketName":"invictus-aws-2022-10-27-quygr","Host":"invictus-aws-2022-10-27-quygr.s3.us-east-1.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"3iC9cnoDLxP69HY9DcFZWwvm+HYtFwWPwtrrm4s/HfpdCHhH3gbkKRUCcPe228W+WmjNQRejCGw=","bytesTransferredOut":359},"requestID":"0DE59D2ZBQPSHJGS","eventID":"b4302b08-c152-408a-9cb5-83ef699c45e8","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::invictus-aws-2022-10-27-quygr"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"invictus-aws-2022-10-27-quygr.s3.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketAcl","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"bucketName":"invictus-aws-2022-10-27-quygr","Host":"invictus-aws-2022-10-27-quygr.s3.us-east-1.amazonaws.com","acl":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"WaqfuShqUAsb59ezcK8e1jyLkls9L+8AzuW0pq6WJz41OMuGmTGIYutmSQJySRdecgwrcIG/m2M=","bytesTransferredOut":552},"requestID":"0DE044PDK7EY7SN0","eventID":"26faf505-59b8-46f2-b00a-d581340f1205","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::invictus-aws-2022-10-27-quygr"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"invictus-aws-2022-10-27-quygr.s3.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC2T5YJDEY","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:27:45Z","mfaAuthenticated":"true"}}},"eventTime":"2023-07-10T12:29:48Z","eventSource":"s3.amazonaws.com","eventName":"ListAccessPoints","awsRegion":"us-east-1","sourceIPAddress":"10.8.8.10","userAgent":"[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.10.184-153.731.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]","requestParameters":{"bucket":"baker221b-bucketssecuritylogsbef08b3e-13nrzhi7fcs7w","Host":"123837392027.s3-control.us-east-1.amazonaws.com","maxResults":"1"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"zlduhIXSMMy4+W9M3MotK3k0X+z2CGltv9lIkHbt6czxuw5+Rmsb56FJdvmzTn+qUuhCU8e4lMPgsYwwONSFtA==","bytesTransferredOut":72},"requestID":"0DE1V8ZHQJ3MPWAF","eventID":"2900944a-3f69-4ec5-9dee-199e7d888789","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-f40dc59d","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"123837392027.s3-control.us-east-1.amazonaws.com"}}]}