All Notes
AWS
AWS
  • AIM
  • General Stuff about AWS
  • AWS Global Infrastructure
  • Interacting with AWS
  • AWS Identity and Access Management
    • AWS Organizations
    • Users
    • Policies and Permissions
    • Groups and Roles
    • Federation
    • Access Control (via available tools)
    • AWS Cognito
    • AWS IAM Identity Center
  • Networking and Content Delivery in AWS
    • AWS VPC
    • AWS Route 53
    • Elastic Load Balancing
    • AWS CloudFront
    • Amazon API Gateway
  • AWS Storage Services
    • Amazon EBS
    • Amazon EFS
    • Amazon FSx
    • S3
    • AWS Databases Services
      • Amazon RDS
      • Amazon DymanoDB
      • Amazon Elasticache
      • Amazon RedShift
      • Amazon DocumentDB
  • AWS Compute Services
    • EC2
    • Elastic BeanStalk
    • AWS Lambda
    • Container Services
      • ECR and ECS
      • EKS
      • AppRunner
  • Other AWS Services
    • CloudFormation
    • AWS Key Management Services (KMS)
    • AWS Secrets Manager
    • AWS Certificate Manager (ACM)
    • AWS Messaging Services
      • AWS SNS (Simple Notification Service)
      • AWS Simple Queue Service (SQS)
    • AWS Systems Manager
      • Application Management
      • Node Management
    • Logging and Monitoring
      • AWS CloudTrail
      • AWS CloudWatch
    • AWS Macie
    • AWS Inspector
    • AWS GuardDuty
Powered by GitBook
On this page
  1. Other AWS Services
  2. Logging and Monitoring

AWS CloudTrail

PreviousLogging and MonitoringNextAWS CloudWatch

Last updated 8 months ago

AWS CloudTrail is an AWS Service that records all activities performed in an AWS account (via cli or Mgmt Console or SDKs). This logging and auditing service from AWS can also be integrated in SIEM Solution for helping not only in Visibility, Incident Response, Debugging as well as fulfil the compliance requirements.

Event Logging in AWS:

As shown above, there are mainly two types of events, management events: (control plane operations) and data events (data plane operations) and both types of events will log AWS Account, User ID/Role, IP Address, Time and resource details etc.

Events from 90 days can be viewed from Event History.

Some of the things that should be considered while setting up CloudTrail

  • Not all services are supported

  • Only 5 trails per region are allowed

The logs collected in CloudTrail can be used with S3, Lamda, Athena and even CloudWatch for analysing, storage etc.

CloudTrail Creation:

To create an audit trail in this service, steps can be as follows:

Quick Trail Console:

More Detailed Console:

Finally create the trail:

Event History would look something like this:

Source:
https://quizlet.com/616135849/aws-cloudtrail-flash-cards/