AWS CloudTrail
A service that records API calls and delivers log files for you (S3).
You can turn on CloudTrail on a per-region basis.
Commands
- create-trail
- delete-trail
- start-log / stop-log
JSON metric filter examples
- {($.event_Name=ConsoleLogin) && ($.responseElements.ConsoleLogin=”Failure”) }
-> Match all console login failures - {($.event_Name=ConsoleLogin) && ($.userIdentity.userName=”csmith”) }
-> Match all console logins by IAM user csmith
VPC Flow Logs
Captures traffic flow details in your VPC
- Accepted, rejected or ALL traffic
- Can be enabled for VPCs, subnets and ENIs
- Logs published to
- CloudWatch
- S3
- Use cases:
- Troubleshoot connectivity issues
- Test network access rules
- Monitor traffic
- Detect and investigate security incidents
AWS Study Guide
-
Introduction
- Concepts
- Networking
- Management
- Security, Identity and compliance
- Compute and containers
- Storage
- Databases
- Other services
New pages coming soon...