Enable AWS CloudTrail to monitor your AWS account Infrastructure

Category: Security

February 24, 2022 by Nick Triantafillou

If you’re new to hosting your infrastructure on the cloud, especially AWS, you may be unaware of the security services that are on offer that can really save you time and money while leaving your accounts monitored and secure. And a whole lot of these are included in your AWS console that you visit every day.

Let's take a look at one of the simplest but most powerful, AWS CloudTrail.

cloudtrail1

AWS CloudTrail monitors and records any activity across your AWS infrastructure. If someone makes an API request, it’s logged. If someone stops an EC2 instance, it’s logged. Someone deletes a DNS record from your production website at 4pm on a friday? No problem, it’s logged and you can quickly find out who did it.

You can even configure it to capture and store events from multiple regions and even multiple AWS accounts into one centralized location, perfect for monitoring activity across your entire organization.

And speaking of monitoring, because it sends the logs straight into Amazon CloudWatch, you’re able to graph, monitor and even trigger alerts based on those logs too.

Lets take a look at how easy it is to enable AWS CloudTrail.

Visiting the CloudTrail service in the AWS console, you are presented with an easy to see “Create a trail” button. We select that.

cloudtrail

We give the trail a name, we can select if we’re going to enable CloudTrail for all accounts in the organization, or we simply leave it unchecked if we’re only going to use it for the current account.

cloudtrail

We then can select between creating a new S3 bucket to store the CloudTrail logs, or to use an existing bucket. I’m going to use a new bucket with the pre-defined bucket name the AWS console has suggested to me, and I’ll leave everything else as default, including encryption options and additional settings.

cloudtrail

There are a few more optional settings, such as enabling CloudWatch Logs to monitor your trail logs and notify you when specific activity occurs, and Tags you can configure. Feel free to configure these if you like, and then click Next.

Now we’re able to choose which type of log event we want CloudTrail to monitor. I’m just after Management events performed on my AWS resources, such as API calls and AWS console usage, but if you’re after data or insight events feel free to select them also.

cloudtrail

And then our management events themselves will have a few options to select from. I’m going to log both API Read and Write activity.

cloudtrail

We’ll then be shown a review page, and at the bottom you will see our final button: Create Trail.

cloudtrail

And that’s it! Once you’re up and running you can click into your trail and get a fantastic insight into what’s happening in your AWS account.

CloudTrail is your first step towards securing your AWS account, and it’s one of the first items we enable when delivering our Security Platform. Want to learn more? Contact us here!