[AWS] CloudTrail

CloudTrail is a governance, compliance, risk management, and auditing service that records account activities (by Console or APIs).

  • CloudTrail tracks all user activities and API calls across your AWS accounts – through a console, SDKs, and CLI
  • You can track the user name, event name, event date/time, IP address, access key, region, and error code.

AWS CloudTrail

CloudTrail is automatically enabled for all new accounts.

CloudTrail Event

  • Activities are recorded as events – 90 days via event history by default.

CloudTrail log files

  • CloudTrail can deliver log files from multiple accounts to a bucket belonging to a central account.
  • By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE).

Types of events

Management events

  • Account Activities such as login, actions taken through APIs or the Console
  • Enabled by default

Data events

  • S3 object-level API activities or Lambda function execution activities
  • Disabled by default

Insights events

  • Unusual activities, e.g. when there are more than usual API calls (deleteBucket).

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s