CloudTrail

API Logging as a Service

Essentials

  • An API logging service that logs API calls made to AWS

  • It does not matter if the API calls came from the command line, an SDK, or the console

  • All created logs are placed into a designated S3 bucket - so they are highly available by default

    • Cross-account buckets for multiple accounts

    • Limit access!

    • Encrypted

  • Cloudtrail logs help when addressing security concerns, by allowing you to view what actions users on your AWS account have performed

  • Since AWS is just one big API - CloudTrail can log every configuration change in your account

  • Has to be enabled for each region

CloudWatch Logs Integration

  • Sends CloudTrail Events to CloudWatch Logs

  • Define custom metrics and alarms

    • Security Group and NACL Changes

    • VPC Changes

    • Failed Console Login Attempts

    • Failed API Authorizations

    • IAM Changes

PreviousVPC Flow LogsNextGuard Duty

Last updated

Was this helpful?