loader image

AWS CloudTrail

x Mindflow

AWS CloudTrail was integrated by Mindflow to enable users to automate their incident management and better protect their information system.

AWS CloudTrail Overview

AWS CloudTrail is a service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. 

Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.

Visibility into your AWS account activity is key to security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure. 

You’re able to identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account. Optionally, you can enable AWS CloudTrail Insights on a trail to help you identify and respond to unusual activity.

An event in CloudTrail is the record of activity in an AWS account: an action taken by a user, role, or service that is monitorable by CloudTrail. CloudTrail events provide a history of API and non-API account activity made through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. 

Three types of events can be logged in AWS CloudTrail: management events, data events, and CloudTrail Insights events. 

Management events provide information about management operations that are performed on resources in your AWS account.

Data events provide information about the resource operations performed on or in a resource. These are also known as data plane operations. Data events are often high-volume activities.

CloudTrail Insights events capture unusual API call rate or error rate activity in your AWS account. Insights events are logged to a different folder or prefix in the destination S3 bucket for your trail. You can also see the type of insight and the incident time period. They provide relevant information, such as the associated API, error code, incident time, and statistics, that help you understand and act on unusual activity.

CloudTrail event history provides a viewable, searchable, and downloadable record of the past 90 days of CloudTrail events.

Trails are a configuration that enables the delivery of CloudTrail events to an Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events. You can use a trail to filter the CloudTrail events you want to be delivered, encrypt your CloudTrail event log files with an AWS KMS key, and set up Amazon SNS notifications for log file delivery. 

Organization trails are a configuration that enables delivery of CloudTrail events in the management account and all member accounts in an AWS Organizations organization to the same Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events. Creating an organization trail helps you define your organization’s uniform event logging strategy.

aws cloudtrail

Benefits

Create a trail for an ongoing record of events in your AWS account to deliver log files to an Amazon S3 bucket that you specify. Without creating such a Trail, CloudTrail isn’t a permanent record, and it does not provide information about all possible types of events

To help manage your CloudTrail data, create one trail that logs management events in all AWS Regions, and then additional trails logging specific event types for resources

Apply trails to all AWS Regions to obtain a complete record of events taken by a user, role, or service in your AWS account.

Enable CloudTrail log file integrity, which is especially valuable in security and forensic investigations. It also lets you know if a log file has been deleted or changed or asserts positively that no log files were delivered to your account during a given period of time.

Integrate with Amazon CloudWatch Logs to monitor and receive alerts for specific events captured by AWS CloudTrail.

Want to enhance your service with orchestration and automation capabilities? Get in touch with our partner team.

Related integrations