What is AWS CloudTrail and how to use it
AWS CloudTrail helps to enable compliance, governance, and risk auditing of your AWS account. Whatever actions that are carried out or performed using AWS IAM User, IAM Role, or an AWS service are recorded as events in AWS CloudTrail. As security and operational best practice, visibility is a key aspect. We can view, search, download, archive, analyze, and respond to account activity across our AWS infrastructure using AWS CloudTrail. We can identify what actions were performed on the AWS Account and who carried out those activities using AWS CloudTrail. To know about its pricing, click here.
In this article, we will see the simple steps to create an AWS CloudTrail and delete the same from the AWS Console. You can also create a Trail using AWS SDK, aws-cli.
- AWS Account (Create if you don’t have one).
- Basic understanding of S3 Bucket.
What will we do?
- Login to AWS
- Create a Trail
- Delete the Trail
Login to AWS
Click here to go to AWS Login Page.
You will see the login page as follows when you hit the above link. Enter your credentials to login into your AWS account.
After you log in successfully, you will see the AWS Management Console.
Create a Trail
In the search bar, search for "CloudTrail", you will get the result and then click on "CloudTrail" to go to the CloudTrail Dashboard.
This is how the Dashboard looks like. You can see various options available on this console. We will not explore all of them in this article.
You can check the history of the last 90 days here in the "Event History" console. When you click on any Event, you can see details of that event. You can also filter events on this console.
Having access to the event history for only the last 90 days is not sufficient. We may need access to the oldest possible event history. Sometimes it is very important to identify the source of the event, who carried it out, what resources were affected, etc.
To achieve this, we need to store our events in some kind of storage i.e. S3 Bucket.
CloudTrail lets us create a Trail containing a history of all the events after we create a Trail.
To create a Trail, go back to the CloudTrail Dashboard, and click on "Create Trail".
Creating a Trail needs an S3 Bucket where Event history will be stored. You can either create a new S3 Bucket or use the existing one.
Give a name to the Trail and create a new S3 Bucket where events will be stored and accessed later when required.
There are other options that we will not cover in this article.
You can also specify tags to the Trail we are creating.
Click on the "Next" button to proceed further.
You can choose the type of events that need to be stored in the trial.
Click on the "Next" button to proceed ahead.
Review the configuration once that we did and click on the "Create" button. This will create a Trail and store events in the S3 Bucket that we specified in the configuration.
Now, you can see that the Trail has been created and its status is "Logging". This means that, hereafter, the events will be logged in the Trail and stored in the S3 Bucket.
You can go to the S3 Bucket and verify that the required folders have been created in it by the Trail.
Delete the Trail
If you created the tail for testing purpose and don't need it any longer, you can easily delete it.
To delete the Trail, select it and click on the "Delete" button.
Confirm the deletion action. Make a note that once the Trail is deleted, it can not be retrieved.
CloudTrail can benefit you to store event history in the S3 bucket so that you can still have access to events older than 90 days, this helps in auditing and tracking events that took place in the account. In this article, we saw the steps to create a Trail and store events in the S3 Bucket. We also saw, how easily a Trail can be deleted when not required. You can now try other options available in the Trail. Hope this article was quite easy and helped you create a CloudTrail on AWS.