๐๐๐ ๐๐ฅ๐จ๐ฎ๐๐๐ซ๐๐ข๐ฅ โ ๐๐ข๐ฆ๐ฉ๐ฅ๐ข๐๐ข๐๐
In this blog letโs explore AWS CloudTrail
โ AWS CloudTrail
In nutshell AWS CloudTrail = has all API calls within it
History of all events, API calls made inside AWS Account are been saved here, ex: if some resource is deleted- we can find it using CloudTrail at the first instance.
Provides audit, compliance, governance for AWS Account and enabled by default.
โ CloudTrail working
source: Stรฉphane Maarek
We get logs from SDK, CLI, aws console, iam users / roles, all aws services are taken as input then its inspected & audited then sent to S3bucket or cloudwatch logs. By default, it is applied to all regions, can select specific single region too.
โ CloudTrail components
It has three components
ยท Management Events
ยท Data Events
ยท CloudTrail Insights Events
โ Management Events
Anything that are modifies in resources are called managed events, ex: IAM Policy, creating a subnet
By default, trials are loged as management events, with cloudtrial we can separately save read events & write events. For example: events that donโt modify resources & modify resources
โ Data Events
Due to high volume generation of data events, they are not logged by default)
example for data events: get object, put object in S3 etc.
โ CloudTrail Insights Events
Its quit difficult when there are many events, api calls and filter out what is odd
Insights comes in handy when above case happens, we have to pay for this service and it will analyze unusual activity
CloudTrail Insights Events Working:
source: Stรฉphane Maarek
Explanation: after we enable in console from management events it takes data in then continuously analysis it and it generates insights events. Which then can be saved in S3 or event bridge or within trial console.
๐จFollow me on Medium & LinkedIn Ajay Bj
https://www.linkedin.com/in/ajay-bj/ for interesting information and Quick Learnings. ๐จ
Letโs keep the conversation going! Your engagement through learning ๐and comments โ๏ธ helps build a vibrant community of like-minded individuals.
