CloudTrail

Introduction

  • Logging event history for audit, enabled by default.

Feature

  • By default, only shows "create", "modify", "delete" events in 90 days.

  • Covers:

    • Console

    • SDK

    • CLI

    • AWS Services

  • Can include events happening at the object level in S3

  • May take up to 15 minutes to deliver events

    • The most reactive way is to stream logs from CloudTrail to CloudWatch logs.

    • CloudWatch metrics, alarms can be used afterwards.

  • Can send logs from CloudTrail to S3 buckets in every 5 minutes.

  • Can be region specific or global & include global events (IAM, etc.)

Scenario

  • If an AWS resource is deleted, look into CloudTrail first.

PreviousCatalogNextCloudWatch

Last updated