When the cloudtrail integrity check is enabled, it will deliver checksum files with the same extension .json.gz into a "CloudTrail-Digest" folder location. The customer cannot use the lambda suffix/prefix options in this case as the folder structure is XXX/cloudtrail/AWSLogs//CloudTrail-Digest/XXX.json.gz for the digest and XXX/cloudtrail/AWSLogs//CloudTrail/XXX.json.gz for the logs. These cloudtrail logs are from multiple (100+) AWS accounts saved in a central location in one AWS Account.
For a use case like this, the AWS S3 Lambda prefix and suffix options do not work as they don't support wildcards. Rather than hardcode the exclusion of the folder CloudTrail-Digest in the function, the better option would be to add a feature to base the exclusion of folders on a regex that is passed into the function as an env variable.
When the cloudtrail integrity check is enabled, it will deliver checksum files with the same extension .json.gz into a "CloudTrail-Digest" folder location. The customer cannot use the lambda suffix/prefix options in this case as the folder structure is XXX/cloudtrail/AWSLogs//CloudTrail-Digest/XXX.json.gz for the digest and XXX/cloudtrail/AWSLogs//CloudTrail/XXX.json.gz for the logs. These cloudtrail logs are from multiple (100+) AWS accounts saved in a central location in one AWS Account.
For a use case like this, the AWS S3 Lambda prefix and suffix options do not work as they don't support wildcards. Rather than hardcode the exclusion of the folder CloudTrail-Digest in the function, the better option would be to add a feature to base the exclusion of folders on a regex that is passed into the function as an env variable.