AWS CloudTrail Feature Summary

2021-03-08 2021-03-08

1 What is AWS_CloudTrail?
- 1.1 feature
- 1.2 What exactly can we do?
2 NW Configuration Chart
3 About the Log
4 About Encryption
5 Charge
6 What does the dashboard look like?
7 How to use CloudTrail (work procedure)
8 AWS solutions for system audits

What is AWS_CloudTrail?

AWS CloudTrail is a service for governance, compliance, operational auditing, and risk auditing of AWS accounts.

CloudTrail allows you to log, continuously monitor, and retain account activity across your entire AWS infrastructure.

Services used for governance, compliance, and risk audits.

This service is used to monitor user activity, not AWS resource settings.

feature

AWS CloudTrail is a service for governance, compliance, operational auditing, and risk auditing of AWS accounts
Logging service for AWS user operations (API calls, user sign-in activity)
CloudTrail is an activity logging service that can be used for activity-related monitoring.
Service to track and log root account, IAM user operations and API calls
CloudTrail captures information about all requests that occur when using the CloudFront console, CloudFront API, AWS SDK, CloudFront CLI and other services (such as AWS CloudFormation).
S3 storage class
No analysis of
By default, CloudTrail log files are

Amazon S3 server-side encryption (SSE)

to encrypt them.

Incidentally, the tool used to verify whether unauthorized use occurs when external access is allowed is the IAM Access Analyzer.

What exactly can we do?

It is possible to find out who performed which action.

For example, when there is trouble with an EC2 instance terminating and you want to find out who performed this action.

NW Configuration Chart

An illustration of AWS CloudTrail is shown below.

Adapted from Udemy " This is all you need! AWS Certified Solution Architect - Associate exam prep course (for SAA-C02 exam)

About the Log

retention period

Stored for 90 days by default

Storage location

Encrypted and stored in S3

How do I see the logs?

Logs stored in S3 can be analyzed on CloudWatch

What are the contents of the logs?

View CloudTrail dashboard and S3

About Encryption

KMS encryption is also supported.
Encryption is done by default. It is encrypted without any action.

Charge

free

What does the dashboard look like?

Look at the dashboard to get an idea of the feel of the operation.

How to use CloudTrail (work procedure)

Enable CloudTrail trail (logs)

Configure the S3 bucket where CloudTrail log files will be stored.
S3 usage fee is free for a certain amount. A fee will be charged when the free quota is exceeded.

AWS solutions for system audits

AWS CloudTrail

https://aws.darcy-it.com/amazon_inspector%e3%81%a8%e3%81%af%ef%bc%9f/