Skip to main content
  1. Projects/
  2. AWS DevOps Pro Certification/
  3. 3: Monitoring and Logging/

3: CloudTrail

·1 min

What is it?

  • Keeps an eye on various services and logs interactions
  • Records user interactions, API calls
  • Managed thru CLI, SDK, or web console
  • Interacts with most AWS services:
    • VPC
    • EC2
    • RDS
    • EBS
    • IAM
    • Etc.

What’s it good for?

  • Security analysis, compliance auditing
  • Storing logs just in case: Audit in 6 months
  • Operational troubleshooting
  • Take action when important events detected
  • Review recent events in the console
  • Analyze logfiles w/ Athena

Can logfiles from multiple accounts be consolidated?

  • Yes, they drop into s3 buckets
  • Multiple accounts can have access to s3 bucket
  • Just create a bucket policy with cross-account access

How can we guarantee the integrity of logfiles in s3?

  • Enable log file validation on CloudTrail
  • Lets us know if a logfile has been modified/deleted
  • This is set up in CloudTrail

What to do for cheaper log storage?

  • Ship from s3 to glacier

Diff from CloudWatch?

  • CloudWatch has logging, but logging of API calls is all CloudTrail

Are logFiles encrypted?

  • Yes, using s3 managed encryption keys (SSE-S3)
  • You can go manual encryption with SSE-KMS
    • Create a policy, attach to key, to give access