The org master account does not seem to be queryable

[0xdabbad00]

In an Organization trail, if you have account 000000000000 as your Org master, and say 111111111111 as another account, then your S3 bucket will contain:

- AWSLogs
  - 000000000000
  - o-123
    - 000000000000
    - 111111111111

Note that the 000000000000 account has two buckets dedicated to it. The first bucket (/AWSLogs/000000000000) is empty. The real logs are at /AWSLogs/o-123/000000000000. Looks like the code identifies the first bucket as being the one to make queries against, which it should use the one that is a child of the org key.

[abhinavbom]

checking if this issue is still considered for enhancement?

[0xdabbad00]

This project is no longer maintained. See this project instead: https://github.com/alsmola/cloudtrail-parquet-glue