Private/S3/Get-LoadBalancerAccessLogs.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<#
    .SYNOPSIS
        Get S3 objects for load balancer logs in given time range

    .PARAMETER LoadBalancerId
        Classic - Load balancer name
        ALB - Resource ID

    .PARAMETER AccountId
        The AWS account ID of the owner.

    .PARAMETER BucketName
        The name of the S3 bucket.

    .PARAMETER KeyPrefix
        The prefix (logical hierarchy) in the bucket. If you don't specify a prefix, the logs are assumed to be at the root level of the bucket.

    .PARAMETER StartTime
        Log batches older than this are excluded

    .PARAMETER EndTime
        Log batches newer than this are excluded

    .PARAMETER Last
        Get log batches for last X minutes

    .NOTES
        s3:GetBucketLocation
        s3:GetObject

#>

function Get-LoadBalancerAccessLogs
{
    param
    (
        [Parameter(Mandatory = $true)]
        [string]$LoadBalancerId,

        [Parameter(Mandatory = $true)]
        [string]$AccountId,

        [Parameter(Mandatory = $true)]
        [string]$BucketName,

        [string]$KeyPrefix,

        [Parameter(ParameterSetName = 'Range')]
        [DateTime]$StartTime,

        [Parameter(ParameterSetName = 'Range')]
        [DateTime]$EndTime,

        [Parameter(ParameterSetName = 'LastX')]
        [int]$Last
    )


    if ($PSCmdlet.ParameterSetName -ieq 'LastX')
    {
        $EndTime = [datetime]::UtcNow
        $StartTime = $EndTime - [timespan]::FromMinutes($Last)
    }

    $region = Get-BucketLocation -BucketName $Bucket

    if (-not [string]::IsNullOrEmpty($KeyPrefix))
    {
        $KeyPrefix = $KeyPrefix.Trim('/') + "/AWSLogs"
    }
    else
    {
        $KeyPrefix = "AWSLogs"
    }

    $LoadBalancerId = $LoadBalancerId.Replace('/', '.')
    $startPrefix = "$KeyPrefix/$AccountId/elasticloadbalancing/$region/$($StartTime.ToString('yyyy/MM/dd'))/$($AccountId)_elasticloadbalancing_$($region)_$($LoadBalancerId)"
    $endPrefix = "$KeyPrefix/$AccountId/elasticloadbalancing/$region/$($EndTime.ToString('yyyy/MM/dd'))/$($AccountId)_elasticloadbalancing_$($region)_$($LoadBalancerId)"

    ($startPrefix, $endPrefix) |
        Sort-Object -Unique |
        ForEach-Object {
        Get-S3Object -BucketName $BucketName -KeyPrefix $_ |
            Foreach-Object {

            if ($_.Key -match '(?<year>\d{4})(?<month>\d{2})(?<day>\d{2})T(?<hour>\d{2})(?<minute>\d{2})Z_(?<ip>\d+\.\d+\.\d+\.\d+)')
            {
                $_ | Add-Member -PassThru -MemberType NoteProperty -Name EndTime -Value (New-Object DateTime -ArgumentList @($Matches.year, $Matches.month, $Matches.day, $Matches.hour, $Matches.minute, 0, 0, 'Utc')) |
                    Add-Member -PassThru -MemberType NoteProperty -Name NodeIp -Value ([System.Net.IPAddress]::Parse($Matches.ip).IPAddressToString)
            }
        }
    }  |
        Where-Object {
            $_.EndTime -le $EndTime -and $_.EndTime -ge $StartTime
    }
}