Security Memo

Search (Ctrl+K)

SearchSearch

Recent Notes

See 1423 more sorted by tag →

CloudTrail

created Jan 08, 2024updated May 26, 20241 min read

CloudTrail logs CloudTrail events, i.e. AWS API actions (e.g. change security group, add EC2 instance)

  • NOT real-time
  • by default stores 90 days, but can be alteranatively stored as JSON in S3 indefinitely
  • free on default settings, to customize, create more trails
  • event types
    • management event: creating EC2, etc
      • by default, mgmt. event is the only type being recorded
    • data event: adding/reading objects to S3, use lambda function, etc
      • much higher volume
    • insight event
  • By default, CloudTrail has a trail that is for one region. Trails can be set to record all regions.
  • A trail can also be configured to receive global service events (IAM events). By default global service events are logged to us-east-1.
  • Data flow
    • save logs to S3 to bypass 90 day history limit
    • send events to CloudWatch Logs to search and use metric filters.

Graph View

Backlinks