Difference between revisions of "AWS CloudTrail"
Jump to navigation
Jump to search
↑ https://aws.amazon.com/es/about-aws/whats-new/2013/11/13/announcing-aws-cloudtrail/
↑ https://aws.amazon.com/cloudtrail/faqs/#Event_payload.2C_timeliness.2C_and_delivery_frequency
↑ https://aws.amazon.com/blogs/aws/announcing-cloudtrail-insights-identify-and-respond-to-unusual-api-activity/
↑ https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/
↑ https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/BidEvictedEvent.html
| (11 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
* Homepage: https://aws.amazon.com/cloudtrail/ | * Homepage: https://aws.amazon.com/cloudtrail/ | ||
| − | * [[AWS CloudTrail Insights]] ([[AWS timeline|Nov 2019]])<ref>https://aws.amazon.com/blogs/aws/announcing-cloudtrail-insights-identify-and-respond-to-unusual-api-activity/</ref> | + | * [[AWS CloudTrail Insights]] ([[AWS timeline|Nov 2019]]) <ref>https://aws.amazon.com/blogs/aws/announcing-cloudtrail-insights-identify-and-respond-to-unusual-api-activity/</ref> |
| − | * [[AWS CloudTrail Lake]] ([[AWS timeline|Jan 2022]] <ref>https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/</ref> | + | * [[AWS CloudTrail Lake]] ([[AWS timeline|Jan 2022]]) <ref>https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/</ref> |
| + | |||
| + | * [[Data exfiltration]] | ||
| + | * [[AWS API]] history | ||
| + | ** Logging Amazon [[EKS API]] calls with AWS CloudTrail | ||
== [[Pricing]] == | == [[Pricing]] == | ||
| Line 11: | Line 15: | ||
== Change log == | == Change log == | ||
| − | * [[AWS CloudTrail Insights]] https://aws.amazon.com/about-aws/whats-new/2020/08/aws-cloudtrail-now-provides-relevant-user-statistics-to-act-on-anomalies-detected-by-cloudtrail-insights/ | + | * Aug 2020 [[AWS CloudTrail Insights]] https://aws.amazon.com/about-aws/whats-new/2020/08/aws-cloudtrail-now-provides-relevant-user-statistics-to-act-on-anomalies-detected-by-cloudtrail-insights/ |
== Activities == | == Activities == | ||
| + | * [[Creating a trail for an organization with the AWS CLI]]: <code>[[aws organizations enable-aws-service-access]] --service-principal [[cloudtrail.amazonaws.com]]</code> | ||
* Read https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html | * Read https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html | ||
* Read [[best practices]]: https://aws.amazon.com/blogs/mt/aws-cloudtrail-best-practices/ | * Read [[best practices]]: https://aws.amazon.com/blogs/mt/aws-cloudtrail-best-practices/ | ||
| Line 19: | Line 24: | ||
== Related terms == | == Related terms == | ||
| − | |||
* [[AWS Config]] (Dec 2015) | * [[AWS Config]] (Dec 2015) | ||
* [[Amazon GuardDuty]] (Nov 2017) analyzes AWS CloudTrail logs | * [[Amazon GuardDuty]] (Nov 2017) analyzes AWS CloudTrail logs | ||
* [[Elastic SIEM]] | * [[Elastic SIEM]] | ||
* [[IAM Access Analyzer]] | * [[IAM Access Analyzer]] | ||
| − | + | * [[Governance]], [[Compliance]], [[FedRAMP]] and [[PCI-DSS]] | |
| − | * [[Governance]], [[Compliance]] | + | * Linux <code>[[acct]]</code> command |
| − | |||
| − | * <code>[[acct]]</code> | ||
* [[Oracle Cloud Infrastructure Audit]] + [[Oracle Cloud Logging]] | * [[Oracle Cloud Infrastructure Audit]] + [[Oracle Cloud Logging]] | ||
* [[Amazon EC2 Spot Instances]]: <code>BidEvictedEvent</code> event <ref>https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/BidEvictedEvent.html</ref> | * [[Amazon EC2 Spot Instances]]: <code>BidEvictedEvent</code> event <ref>https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/BidEvictedEvent.html</ref> | ||
Revision as of 17:55, 10 July 2024
wikipedia:AWS CloudTrail [1] (Nov 2013) is a web service that records API calls made on your account and delivers log files to your AWS S3 bucket every 5 minutes[2]. Third party products such as CloudCheckr and Splunk can help you to analyze logs. Basic functionality of AWS CloudTrail is enabled on all AWS accounts by default and records up to 90 days of your account activity upon account creation.
- Homepage: https://aws.amazon.com/cloudtrail/
- Data exfiltration
- AWS API history
- Logging Amazon EKS API calls with AWS CloudTrail
Pricing
- Management events: Always free
- Data events: 0.10 per 100,000 data events delivered
Change log
- Aug 2020 AWS CloudTrail Insights https://aws.amazon.com/about-aws/whats-new/2020/08/aws-cloudtrail-now-provides-relevant-user-statistics-to-act-on-anomalies-detected-by-cloudtrail-insights/
Activities
- Creating a trail for an organization with the AWS CLI:
aws organizations enable-aws-service-access --service-principal cloudtrail.amazonaws.com - Read https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html
- Read best practices: https://aws.amazon.com/blogs/mt/aws-cloudtrail-best-practices/
- Read blog: https://aws.amazon.com/blogs/mt/category/management-tools/aws-cloudtrail/
Related terms
- AWS Config (Dec 2015)
- Amazon GuardDuty (Nov 2017) analyzes AWS CloudTrail logs
- Elastic SIEM
- IAM Access Analyzer
- Governance, Compliance, FedRAMP and PCI-DSS
- Linux
acctcommand - Oracle Cloud Infrastructure Audit + Oracle Cloud Logging
- Amazon EC2 Spot Instances:
BidEvictedEventevent [5] - CloudTrail Events
- GetSecretValue
See also
- AWS CloudTrail:
aws cloudtrail[get-event-selectors | lookup-events | list-trails | create-trail | add-tags | delete-trail | describe-trails | get-trail-status | put-event-selectors | put-insight-selectors | remove-tags | start-logging | stop-logging | update-trail | validate-logs | create-event-data-store | list-public-keys | list-tags], Terraform,enable-federation - AWS CloudTrail, AWS CloudTrail Insights, CloudTrail Events, AWS CloudTrail Lake, Terraform, Best practices
- AWS security, AWS Security Hub, AWS CloudTrail, Amazon GuardDuty, Amazon Detective, AWS WAF, AWS Audit Manager, Amazon Fraud Detector, Cloudsploit, AWS Certified Security - Specialty, AWS Security Assurance Services, AWS GDPR, Amazon Inspector, AWS Network Firewall
- AWS compliance: AWS CloudTrail, AWS Audit Manager, AWS Artifact
- AWS, AWS Management & Governance, AWS Organizations, AWS CloudTrail, AWS Control Tower, AWS Resource Access Manager (RAM), AWS Service Catalog, AWS Landing Zone, AWS SSO
Advertising:
