- 1 What is AWS_CloudTrail?
- 2 NW Configuration Chart
- 3 About the Log
- 4 About Encryption
- 5 Charge
- 6 What does the dashboard look like?
- 7 How to use CloudTrail (work procedure)
- 8 AWS solutions for system audits
What is AWS_CloudTrail?
AWS CloudTrail is a service for governance, compliance, operational auditing, and risk auditing of AWS accounts.
CloudTrail allows you to log, continuously monitor, and retain account activity across your entire AWS infrastructure.
Services used for governance, compliance, and risk audits.
This service is used to monitor user activity, not AWS resource settings.
- AWS CloudTrail is a service for governance, compliance, operational auditing, and risk auditing of AWS accounts
- Logging service for AWS user operations (API calls, user sign-in activity)
- CloudTrail is an activity logging service that can be used for activity-related monitoring.
- Service to track and log root account, IAM user operations and API calls
- CloudTrail captures information about all requests that occur when using the CloudFront console, CloudFront API, AWS SDK, CloudFront CLI and other services (such as AWS CloudFormation).
S3 storage class
No analysis of
- By default, CloudTrail log files are
Amazon S3 server-side encryption (SSE)
to encrypt them.
Incidentally, the tool used to verify whether unauthorized use occurs when external access is allowed is the IAM Access Analyzer.
What exactly can we do?
It is possible to find out who performed which action.
For example, when there is trouble with an EC2 instance terminating and you want to find out who performed this action.
NW Configuration Chart
An illustration of AWS CloudTrail is shown below.
Adapted from Udemy " This is all you need! AWS Certified Solution Architect - Associate exam prep course (for SAA-C02 exam)
About the Log
Stored for 90 days by default
Encrypted and stored in S3
How do I see the logs?
Logs stored in S3 can be analyzed on CloudWatch
What are the contents of the logs?
View CloudTrail dashboard and S3
- KMS encryption is also supported.
- Encryption is done by default. It is encrypted without any action.
What does the dashboard look like?
Look at the dashboard to get an idea of the feel of the operation.
How to use CloudTrail (work procedure)
Enable CloudTrail trail (logs)
Configure the S3 bucket where CloudTrail log files will be stored.
S3 usage fee is free for a certain amount. A fee will be charged when the free quota is exceeded.
AWS solutions for system audits