AWS CloudTrail is a relatively new API and users have many queries related to them. This article tries to answer some of the main questions related to AWS CloudTrail.
What is AWS CloudTrail?
AWS CloudTrail is an API (Application Program Interface) service for the dual purpose of the call and log monitoring. These services are provided by Amazing Web Services.
It allows the customers of this API to record all the calls on the Application Program Interface and also sends log files to Amazon S3 for storage purposes. The entire activity data of the API are also included in the service.
These Services Are –
• API caller identity
• An API call time
• API caller IP address source
• Request parameters
• AWS service returned response elements
AWS CloudTrail can be configured for publishing a notification for every delivered log file. It allows users in taking action upon delivery of log file. Per AWS, the entire process should take around 15 minutes time. The same facility can also be configured for aggregating log files across more than one account. This helps in delivering log files to a single S3 bucket.
The service of AWS CloudTrail facilitates regulatory compliance for companies that use Amazon Web Service. In fact, it is also helpful for those who want to track Application Program Interface calls for one AWS account or multiple AWS accounts. CloudTrail can be configured for supporting SIEM security information, resource management, and event management platforms.
AWS Cloudtrail – What Are The Benefits You Can Expect?
This API gives user activity visibility by recording all the actions that were taken on a specific account. Important information about every action is recorded by the service.
Recording of the Following Features Are Done –
• The used services
• The request is made by whom
• What are the actions performed?
• What are the parameters associated with the actions?
• What are the response elements that the AWS returned?
All these information helps the user in tracking all the changes that were made on the AWS resources as well as for troubleshooting operational issues. Ensuring compliance becomes easier when you use AWS CloudTrail because it comes with regulatory standards as well as internal policies.
Who Can Use It?
The Customers Who Can Use this Service Include –
• Customers who can track resource changes
• Answer easy questions about activity of a user
• Customers who can demonstrate compliance
• Customers who need troubleshooting
• Customers who perform an analysis of the security
Does the Account Show All Account Activity in the Cloudtrail Event History?
CloudTrail Event History result for the current region will be shown for the last 3 months (90 days to be exact). The events are basically Management Events that basically include 4 important aspects –
• Creation of the API calls as well as the activity of the account
• Modification of the API calls as well as the activity of the account
• Deleting of the API calls as well as the activity of the account
You need to configure the account of your AWS CloudTrail for getting full account activity record, which includes Data Events, Management Events, and Read-Only activity.