CloudTrails provides a view into user activities, by recording their API calls. On the AWS webpages you can find the following graphic:
So let's start and move to cloudtrail:
Here you can see my efforts for the posting AWS: How to delete a static website via aws cli.
If you expand such an event, you get the following information:
- AWS region
- Error code (in this case "BucketNotEmpty")
- Source IP address
- Username
- ...
The events will be stored for 90 days and can be downloaded via this button (right above the event table):
$ head -3 event_history.csv
Event ID,Event time,User name,Event name,Resource type,Resource name,AWS access key,AWS region,Error code,Source IP address,Resources
5c0cd873-3cef-449c-9e6a-1809ba827ac1,"2018-11-24, 05:06:47 PM",root,TestEventPattern,,,,eu-west-1,,87.123.BBB.AAA,[]
dcd07bfa-780c-4640-9293-513c35b3db0a,"2018-11-24, 05:05:23 PM",root,ConsoleLogin,,,,us-east-1,,87.123.BBB.AAA,[]
No comments:
Post a Comment