AWS CloudTrail & AWS CloudWatch

Please visit my website and subscribe to my youtube channel for more articles

https://devops4solutions.com/

It is used for compliance monitoring, risk auditing, and overall governance of your environments

AWS CloudTrail provides you with the ability to log every single action taken by a user, service, role, or even API, from within your AWS account. Each action recorded is treated as an event which can then be analyzed for enhancing the security of your AWS environment.

Creating your first CloudTrail Trail

To get started, log in to your AWS Management Console and filter the CloudTrail service from the AWS services filter. On the CloudTrail dashboard, select the Create Trail option to get started:

Image for post
Image for post

Selecting the Read-only option will capture all the GET API operations, whereas the Write-only option will capture only the PUT API operations that occur within your AWS environment.

Image for post
Image for post

With this, you should be able to see the newly created Trail by selecting the Trails option from the CloudTrail dashboard’s navigation pane, as shown in the following screenshot:

Image for post
Image for post

Monitoring CloudTrail Logs using CloudWatch

Image for post
Image for post

Create Cloud Watch Log Group

Go to AWS Console -> CLoudWatch -> Logs -> Create Log Group

In this section, we will be using the AWS CLI to integrate the Trail’s logs with Amazon CloudWatch Logs:

# aws logs create-log-group --log-group-name useast-prod-CloudTrail-LG-01
# aws logs describe-log-groups
Image for post
Image for post
# vi policy.json 
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
# aws iam create-role --role-name useast-prod-CloudTrail-Role-01 \ 
--assume-role-policy-document file://policy.json
# vi permissions.json
{
"Version": "2012-10-17",
"Statement": [
{

"Sid": "CloudTrailCreateLogStream",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream"
],
"Resource": [
"<YOUR_LOG_GROUP_ARN>"
]

},
{
"Sid": "CloudTrailPutLogEventsToCloudWatch",
"Effect": "Allow",
"Action": [
"logs:PutLogEvents"
],
"Resource": [
"<YOUR_LOG_GROUP_ARN>"
]
}
]
}
# aws iam put-role-policy --role-name useast-prod-CloudTrail-Role-01 \ --policy-name cloudtrail-policy \ 
--policy-document file://permissions.json
# aws cloudtrail update-trail --name useast-prod-CloudTrail-01 \ 
--cloud-watch-logs-log-group-arn <YOUR_LOG_GROUP_ARN> \
--cloud-watch-logs-role-arn <YOUR_ROLE_ARN>

With this you have now integrated your CloudTrail Logs to seamlessly flow into the CloudWatch Log Group that we created. You can verify this by viewing the Log Groups provided under the CloudWatch Logs section of your CloudWatch dashboard.

Devops Automation Enginneer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store