· 7 years ago · Mar 22, 2018, 12:00 PM
1import-module awspowershell
2
3
4#You should have already saved your credentials locally using:
5# set-awscredentials -accesskey myaccesskey -secretkey mysecretkey -StoreAs MyDeveloper
6$credential = get-awscredentials -ProfileName MyDeveloper
7
8# Get the current timestamp
9$Current_Unix_Timestamp = [Math]::Floor([decimal](Get-Date(Get-Date).ToUniversalTime()-uformat "%s")) * 1000
10
11# Get the timestamp to start at.
12$hours_to_look_back = 48
13$Past_Unix_Timestamp = [Math]::Floor([decimal](Get-Date((Get-Date).AddHours(-1*$hours_to_look_back)).ToUniversalTime()-uformat "%s")) * 1000
14
15# Get a list of all of our CloudWatch log groups
16$All_CW_RDS_Logs = get-CWLLogGroup -LogGroupNamePrefix "/aws/rds" | where {$_.LogGroupName -like "*/myproject*"}
17
18foreach ($Specific_CW_Log_Group in $All_CW_RDS_Logs) {
19write-host $Specific_CW_Log_Group.LogGroupName
20
21$CW_NextToken = $null # reset for each log group. Required for NextToken to work
22
23#Using $null for NextToken means we can use the same pattern as for regular logs
24#NOTE: this hangs if the FilterPattern is invalid. Which apparently includes commas, backslashes, etc.
25DO {
26$CW_RDS =
27Get-CWLFilteredLogEvent `
28-LogGroupName $Specific_CW_Log_Group.LogGroupName `
29-StartTime $Past_Unix_Timestamp `
30-EndTime $Current_Unix_Timestamp `
31-FilterPattern "QUERY" `
32-Limit 500 `
33-NextToken $CW_NextToken
34#FilterPattern can't use commas. ",QUERY," should show all create/truncate/drop, but we must use QUERY instead
35
36#unlike the regular logs, this one returns a normal powershell dataset - nothing left to do
37$CW_RDS.Events|ogv
38
39$CW_NextToken = $CW_RDS.NextToken
40}WHILE ($CW_NextToken -ne $null)
41}