AWS CloudTrail Best Practices
Jump to navigation
Jump to search
- Enable CloudTrail log file integrity validation:
--enable-log-file-validation
- Receiving CloudTrail log files from multiple accounts
- Enable MFA-delete and versioning on the Amazon S3 Bucket storing log files:
aws_s3_versioning, mfa_delete
,aws s3api put-bucket-versioning
- Use advanced event selectors with data events:
DeleteObject
- Integrate CloudTrail with Amazon CloudWatch Logs
Related[edit]
- AWS CloudTrail Events
- AWS Best Practices
- Data events
--is-multi-region-trail
--enable-log-file-validation
See also[edit]
Advertising: