cloudtrailLakeSearch
cloudtrailLakeSearch
cloudtrailLakeSearch (resource: ID!, searchQuery: String!, maxResults: Int) → CloudTrailLakeSearchResult
Execute a SQL query against a CloudTrail Lake Event Data Store.
The resource parameter specifies which CloudTrail Lake connection to use (by ID or AKA).
The searchQuery parameter is the SQL query to execute against CloudTrail Lake.
Example:
{
cloudtrailLakeSearch(
resource: "arn:aws:cloudtrail:us-east-1:123456789012:eventdatastore/abc-123"
searchQuery: "SELECT * FROM abc123 WHERE eventName = 'RunInstances' LIMIT 10"
maxResults: 100
) {
queryId
resultCount
results
}
}