Skip to content

feat: enhance CloudTrail log encoder with extra attributes #43584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 20, 2025
Merged

feat: enhance CloudTrail log encoder with extra attributes #43584

merged 7 commits into from
Oct 20, 2025

Conversation

@Kavindu-Dodan
Copy link
Contributor

@Kavindu-Dodan Kavindu-Dodan commented Oct 15, 2025
edited
Loading

Description

Enhance the CloudTrail log encoder by adding additional/missing fields. Given below are new fields and their mappings,

CloudTrail field Attribute in OpenTelemetry log
apiVersion aws.cloudtrail.api_version
additionalEventData aws.additional_event_data(map of all additional event data)
userIdentity.accountId aws.user_identity.account_id
userIdentity.invokedBy aws.user_identity.invoked_by
userIdentity.sessionContext.attributes.creationDate aws.user_identity.session_context.attributes.creation_date
userIdentity.sessionContext.attributes.mfaAuthenticated aws.user_identity.session_context.attributes.mfa_authenticated
userIdentity.sessionContext.sessionIssuer.type aws.user_identity.session_context.issuer.type
userIdentity.sessionContext.sessionIssuer.principalId aws.user_identity.session_context.issuer.principal_id
userIdentity.sessionContext.sessionIssuer.arn aws.user_identity.session_context.issuer.arn
userIdentity.sessionContext.sessionIssuer.accountId aws.user_identity.session_context.issuer.account_id
userIdentity.sessionContext.sessionIssuer.userName aws.user_identity.session_context.issuer.user_name

Official documentation links to refer details on these fields,

Link to tracking issue

Completes first part of #43403

Testing

Validated the parsing with publicly available AWS CloudWatch logs. Further added additional logs for end-to-end validation.

Documentation

Updated Original to OTel log attributes table of the documentation.

@Kavindu-Dodan Kavindu-Dodan requested review from a team and axw as code owners October 15, 2025 21:38
@github-actions github-actions bot requested a review from constanca-m October 15, 2025 21:38
@Kavindu-Dodan Kavindu-Dodan changed the title Feat/enhance cloudtrail log parsing feat: Enhance CloudTrail log encoder with extra attibutes Oct 15, 2025
@Kavindu-Dodan Kavindu-Dodan changed the title feat: Enhance CloudTrail log encoder with extra attibutes feat: enhance CloudTrail log encoder with extra attibutes Oct 15, 2025
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/enhance-cloudtrail-log-parsing branch from 46d3469 to a82f1c9 Compare October 15, 2025 21:52
@Kavindu-Dodan
Copy link
Contributor Author

@axw @constanca-m appreciate a review. Also let me know if the choice of attribute names looks fine.

constanca-m
constanca-m reviewed Oct 16, 2025
View reviewed changes
Copy link
Contributor

@constanca-m constanca-m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good apart from one thing, thanks for the contribution!

@Kavindu-Dodan
feat: enhance CloudTrail logs with extra attributes
f6fa3ff 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
update documentation and change attribute names
d215541 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
fix lint error
093e982 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
review change: set specific context attributes
1c85554 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/enhance-cloudtrail-log-parsing branch from e2d9102 to 1c85554 Compare October 16, 2025 16:38
@Kavindu-Dodan
update readme with new attributes
f4f5c73 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan Kavindu-Dodan changed the title feat: enhance CloudTrail log encoder with extra attibutes feat: enhance CloudTrail log encoder with extra attributes Oct 16, 2025
axw
axw reviewed Oct 17, 2025
View reviewed changes
Copy link
Contributor

@axw axw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Kavindu-Dodan!

@Kavindu-Dodan @axw
Update extension/encoding/awslogsencodingextension/README.md
c0a37d6 
Co-authored-by: Andrew Wilkins <axwalk@gmail.com>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/enhance-cloudtrail-log-parsing branch from 3b256b5 to 571a59f Compare October 17, 2025 18:58
@Kavindu-Dodan
review: improve field mappings to match conventions and origin schema
f342760 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/enhance-cloudtrail-log-parsing branch from 571a59f to f342760 Compare October 17, 2025 19:43
@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Oct 17, 2025
Open
@Kavindu-Dodan Kavindu-Dodan requested a review from axw October 17, 2025 19:57
@Kavindu-Dodan
Copy link
Contributor Author

Thanks @axw for the review and @atoulme for the approval.

I do not have merge rights, so feel free to merge on behalf of me :)

@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Oct 20, 2025
Closed
2 tasks
@atoulme atoulme merged commit 4fc6612 into open-telemetry:main Oct 20, 2025
188 checks passed
@github-actions github-actions bot added this to the next release milestone Oct 20, 2025
@otelbot
Copy link
Contributor

otelbot bot commented Oct 20, 2025

Thank you for your contribution @Kavindu-Dodan! 🎉 We would like to hear from you about your experience contributing to OpenTelemetry by taking a few minutes to fill out this survey. If you are getting started contributing, you can also join the CNCF Slack channel #opentelemetry-new-contributors to ask for guidance and get help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@atoulme atoulme atoulme approved these changes

@axw axw axw approved these changes

@constanca-m constanca-m Awaiting requested review from constanca-m

Assignees

@atoulme atoulme

Labels

extension/encoding/awslogsencoding

Projects

None yet

Milestone

next release

Development

Successfully merging this pull request may close these issues.

4 participants

@Kavindu-Dodan @atoulme @axw @constanca-m