Nov 25, 2018

AWS: Logging? CloudTrail!

Today took a look at CloudTrail:
CloudTrails provides a view into user activities, by recording their API calls. On the AWS webpages you can find the following graphic:

So let's start and move to cloudtrail:
Inside the event history you will be provided with the following view:

Here you can see my efforts for the posting AWS: How to delete a static website via aws cli.
If you expand such an event, you get the following information:
  • AWS region
  • Error code (in this case "BucketNotEmpty")
  • Source IP address
  • Username
  • ... 

The events will be stored for 90 days and can be downloaded via this button (right above the event table):

$ head -3 event_history.csv 
Event ID,Event time,User name,Event name,Resource type,Resource name,AWS access key,AWS region,Error code,Source IP address,Resources
5c0cd873-3cef-449c-9e6a-1809ba827ac1,"2018-11-24, 05:06:47 PM",root,TestEventPattern,,,,eu-west-1,,87.123.BBB.AAA,[]
dcd07bfa-780c-4640-9293-513c35b3db0a,"2018-11-24, 05:05:23 PM",root,ConsoleLogin,,,,us-east-1,,87.123.BBB.AAA,[]

No comments:

Post a Comment