3: CloudTrail
·1 min
Table of Contents
What is it?
- Keeps an eye on various services and logs interactions
- Records user interactions, API calls
- Managed thru CLI, SDK, or web console
- Interacts with most AWS services:
- VPC
- EC2
- RDS
- EBS
- IAM
- Etc.
What’s it good for?
- Security analysis, compliance auditing
- Storing logs just in case: Audit in 6 months
- Operational troubleshooting
- Take action when important events detected
- Review recent events in the console
- Analyze logfiles w/ Athena
Can logfiles from multiple accounts be consolidated?
- Yes, they drop into s3 buckets
- Multiple accounts can have access to s3 bucket
- Just create a bucket policy with cross-account access
How can we guarantee the integrity of logfiles in s3?
- Enable log file validation on CloudTrail
- Lets us know if a logfile has been modified/deleted
- This is set up in CloudTrail
What to do for cheaper log storage?
- Ship from s3 to glacier
Diff from CloudWatch?
- CloudWatch has logging, but logging of API calls is all CloudTrail
Are logFiles encrypted?
- Yes, using s3 managed encryption keys (SSE-S3)
- You can go manual encryption with SSE-KMS
- Create a policy, attach to key, to give access