Total Pageviews


June 3, 2018

AWS Logging and Analysis - Part 1 - Introduction to CloudTrail

by 4hathacker  |  in AWS Logging and Analysis at  10:08 AM

Hi folks !!!

Welcome to AWS Logging and Analysis Quest...
Its been more than two months since my last post. This is a new quest that I am starting now in AWS. As we all know, AWS is one of the reliable cloud vendors in the market which provides a lot of services based on compute, storage, networking, etc. In this quest, we particularly deal with understanding AWS logs and related services, filtering of logs, setting of Alarms and sending emails using some AWS services, and much more.

Lets start then.

AWS account activities whether done by any user or by root account will get logged by a service named as CloudTrail. This can be seen in AWS Services in the Management tools.

CloudTrail events are the record of the activities since the AWS account is created. All API and non API activities  are recorded by CloudTrail by default and can be used for monitoring purpose. If you would like to know more about CloudTrail, just go through AWS documentation of CloudTrail here.

Lets see how a CloudTrail event looks like. I have created an EC2 instance (a VM from AWS compute service) in Mumbai region and an S3 bucket (a folder from AWS storage service for unstructured data) named as 's3_trail_check'.

Note: Feel free to visit the AWS documentation for getting any help for launching EC2 instances and creating an S3 bucket. 

Now let's follow up this with CloudTrail. According to the AWS documentation, if any event is happened in AWS account, it will appear in CloudTrail --> Dashboard (Recent events) within 15 minutes of its occurrence.

1. A unique "eventId" represents each event record.
2. For the CloudTrail event record of EC2 instance creation, observe the "eventName" attribute as "RunInstances".
3. Similarly, it will reflect the S3( bucket creation event in CloudTrail with a different "eventName" attribute as "CreateBucket".
4. We can see that there are a lot of attributes in the events in a well versed JSON if we click on "event" and then "view event"

I would like to emphasize on attributes appearing in the CloudTrail events. This could be a great help if we want to filter the events on the basis of these attributes. But CloudTrail is not the service which provides us this filtering feature. This could be done with the help of AWS CloudWatch. We will be looking into CloudWatch and its use in the upcoming post.


Like Our Facebook Page

Nitin Sharma's DEV Profile
Proudly Designed by 4hathacker.