Difference between revisions of "AWS CloudTrail"
Jump to navigation
Jump to search
↑ https://aws.amazon.com/es/about-aws/whats-new/2013/11/13/announcing-aws-cloudtrail/
↑ https://aws.amazon.com/cloudtrail/faqs/#Event_payload.2C_timeliness.2C_and_delivery_frequency
↑ https://aws.amazon.com/blogs/aws/announcing-cloudtrail-insights-identify-and-respond-to-unusual-api-activity/
↑ https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/
↑ https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-dashboards-visualize-and-analyze-cloudtrail-data/
↑ https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/BidEvictedEvent.html
(29 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | [[wikipedia:AWS CloudTrail]] <ref>https://aws.amazon.com/es/about-aws/whats-new/2013/11/13/announcing-aws-cloudtrail/</ref> ([[AWS timeline|Nov 2013]]) is a web service that records [[API]] calls made on your account and delivers log files to your [[AWS S3]] bucket every 5 minutes<ref>https://aws.amazon.com/cloudtrail/faqs/#Event_payload.2C_timeliness.2C_and_delivery_frequency</ref>. Third party products such as [[CloudCheckr]] and [[Splunk]] can help you to analyze logs. Basic functionality of AWS CloudTrail is enabled on all AWS accounts by default and records up to 90 days of your account activity upon account creation. | + | [[wikipedia:AWS CloudTrail]] <ref>https://aws.amazon.com/es/about-aws/whats-new/2013/11/13/announcing-aws-cloudtrail/</ref> ([[AWS timeline|Nov 2013]]) is a web service that records [[API]] calls made on your account and delivers log files to your [[AWS S3]] bucket every 5 minutes<ref>https://aws.amazon.com/cloudtrail/faqs/#Event_payload.2C_timeliness.2C_and_delivery_frequency</ref>. Third party products such as [[CloudCheckr]] and [[Splunk]] can help you to analyze logs. Basic functionality of AWS CloudTrail is enabled on all AWS accounts by default and records up to 90 days of your account activity upon account creation by creating a trail you can extend [[retention period]]. |
* Homepage: https://aws.amazon.com/cloudtrail/ | * Homepage: https://aws.amazon.com/cloudtrail/ | ||
+ | Features: | ||
+ | * Basic funtionality enabled by default | ||
+ | * Create [[trails]] that will [[log events]] for all AWS accounts in the [[AWS organization]] | ||
+ | * Encrypted by default Amazon server-side encryption with [[Amazon S3-managed encryption keys]] ([[SSE-S3]]) | ||
+ | * Ingest events from a partner or external source | ||
+ | |||
+ | Services: | ||
* [[AWS CloudTrail Insights]] ([[AWS timeline|Nov 2019]]) <ref>https://aws.amazon.com/blogs/aws/announcing-cloudtrail-insights-identify-and-respond-to-unusual-api-activity/</ref> | * [[AWS CloudTrail Insights]] ([[AWS timeline|Nov 2019]]) <ref>https://aws.amazon.com/blogs/aws/announcing-cloudtrail-insights-identify-and-respond-to-unusual-api-activity/</ref> | ||
* [[AWS CloudTrail Lake]] ([[AWS timeline|Jan 2022]]) <ref>https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/</ref> | * [[AWS CloudTrail Lake]] ([[AWS timeline|Jan 2022]]) <ref>https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/</ref> | ||
+ | * [[AWS CloudTrail Lake Dashboards]] ([[AWS timeline|Jun 2023]]) <ref>https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-dashboards-visualize-and-analyze-cloudtrail-data/</ref> | ||
+ | |||
+ | |||
+ | |||
+ | * [[Data exfiltration]] | ||
+ | * [[AWS API]] history | ||
+ | ** Logging Amazon [[EKS API]] calls with AWS CloudTrail | ||
== [[Pricing]] == | == [[Pricing]] == | ||
Line 14: | Line 28: | ||
== Activities == | == Activities == | ||
+ | * [[Creating a trail for an organization with the AWS CLI]]: <code>[[aws organizations enable-aws-service-access]] --service-principal [[cloudtrail.amazonaws.com]]</code> | ||
* Read https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html | * Read https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html | ||
− | * Read [[ | + | * Read [[AWS CloudTrail Best Practices]]: https://aws.amazon.com/blogs/mt/aws-cloudtrail-best-practices/ |
* Read blog: https://aws.amazon.com/blogs/mt/category/management-tools/aws-cloudtrail/ | * Read blog: https://aws.amazon.com/blogs/mt/category/management-tools/aws-cloudtrail/ | ||
+ | * [[Validating CloudTrail log file integrity]]: <code>[[--enable-log-file-validation]]</code> | ||
+ | * [[Enabling CloudTrail event logging for S3 buckets and objects]] | ||
== Related terms == | == Related terms == | ||
Line 23: | Line 40: | ||
* [[Elastic SIEM]] | * [[Elastic SIEM]] | ||
* [[IAM Access Analyzer]] | * [[IAM Access Analyzer]] | ||
− | + | * [[Governance]], [[Compliance]], [[FedRAMP]] and [[PCI-DSS]] | |
− | * [[Governance]], [[Compliance]] | + | * Linux <code>[[acct]]</code> command |
− | |||
− | * <code>[[acct]]</code> | ||
* [[Oracle Cloud Infrastructure Audit]] + [[Oracle Cloud Logging]] | * [[Oracle Cloud Infrastructure Audit]] + [[Oracle Cloud Logging]] | ||
* [[Amazon EC2 Spot Instances]]: <code>BidEvictedEvent</code> event <ref>https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/BidEvictedEvent.html</ref> | * [[Amazon EC2 Spot Instances]]: <code>BidEvictedEvent</code> event <ref>https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/BidEvictedEvent.html</ref> | ||
* [[CloudTrail Events]] | * [[CloudTrail Events]] | ||
* [[GetSecretValue]] | * [[GetSecretValue]] | ||
+ | * [[AWS security]] | ||
+ | * [[AWS compliance]] | ||
+ | * [[AWS Governance]] | ||
+ | * [[AWS Audit Manager]] | ||
+ | * [[aWSCloudTrail_FullAccess]] | ||
+ | * [[Datadog SIEM Content Packs for Cloudtrail]] | ||
+ | * [[Logging All Lambda Function Invocations By Using Basic Event Selectors]] | ||
== See also == | == See also == | ||
+ | * {{aws cloudtrail events}} | ||
* {{aws cloudtrail}} | * {{aws cloudtrail}} | ||
* {{CloudTrail}} | * {{CloudTrail}} | ||
− | + | ||
− | |||
− | |||
[[Category:AWS security]] | [[Category:AWS security]] | ||
[[Category:Cloud]] | [[Category:Cloud]] | ||
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 15:19, 24 September 2024
wikipedia:AWS CloudTrail [1] (Nov 2013) is a web service that records API calls made on your account and delivers log files to your AWS S3 bucket every 5 minutes[2]. Third party products such as CloudCheckr and Splunk can help you to analyze logs. Basic functionality of AWS CloudTrail is enabled on all AWS accounts by default and records up to 90 days of your account activity upon account creation by creating a trail you can extend retention period.
- Homepage: https://aws.amazon.com/cloudtrail/
Features:
- Basic funtionality enabled by default
- Create trails that will log events for all AWS accounts in the AWS organization
- Encrypted by default Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3)
- Ingest events from a partner or external source
Services:
- AWS CloudTrail Insights (Nov 2019) [3]
- AWS CloudTrail Lake (Jan 2022) [4]
- AWS CloudTrail Lake Dashboards (Jun 2023) [5]
- Data exfiltration
- AWS API history
- Logging Amazon EKS API calls with AWS CloudTrail
Pricing[edit]
- Management events: Always free
- Data events: 0.10 per 100,000 data events delivered
Change log[edit]
- Aug 2020 AWS CloudTrail Insights https://aws.amazon.com/about-aws/whats-new/2020/08/aws-cloudtrail-now-provides-relevant-user-statistics-to-act-on-anomalies-detected-by-cloudtrail-insights/
Activities[edit]
- Creating a trail for an organization with the AWS CLI:
aws organizations enable-aws-service-access --service-principal cloudtrail.amazonaws.com
- Read https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html
- Read AWS CloudTrail Best Practices: https://aws.amazon.com/blogs/mt/aws-cloudtrail-best-practices/
- Read blog: https://aws.amazon.com/blogs/mt/category/management-tools/aws-cloudtrail/
- Validating CloudTrail log file integrity:
--enable-log-file-validation
- Enabling CloudTrail event logging for S3 buckets and objects
Related terms[edit]
- AWS Config (Dec 2015)
- Amazon GuardDuty (Nov 2017) analyzes AWS CloudTrail logs
- Elastic SIEM
- IAM Access Analyzer
- Governance, Compliance, FedRAMP and PCI-DSS
- Linux
acct
command - Oracle Cloud Infrastructure Audit + Oracle Cloud Logging
- Amazon EC2 Spot Instances:
BidEvictedEvent
event [6] - CloudTrail Events
- GetSecretValue
- AWS security
- AWS compliance
- AWS Governance
- AWS Audit Manager
- aWSCloudTrail_FullAccess
- Datadog SIEM Content Packs for Cloudtrail
- Logging All Lambda Function Invocations By Using Basic Event Selectors
See also[edit]
- AWS CloudTrail Events: management events, data events, insights events,
aws cloudtrail lookup-events, TerminateInstances, StopInstances
aws cloudtrail
[get-event-selectors | lookup-events | list-trails | create-trail | add-tags | delete-trail | describe-trails | get-trail-status | put-event-selectors | put-insight-selectors | remove-tags | start-logging | stop-logging | update-trail | validate-logs | create-event-data-store | list-public-keys | list-tags
], Terraform,enable-federation
,AWS CloudTrail, Events- AWS CloudTrail, AWS CloudTrail Insights, CloudTrail Events, AWS CloudTrail Lake, Terraform, Best practices, Datadog SIEM Content Packs for Cloudtrail
Advertising: