Hello Readers! In this blog let’s see How to Deploy AWS CloudTrail with S3 Bucket. Firstly let’s see in short why we use CloudTrail ? So, AWS CloudTrail is a web service that records
AWS API calls for your account and delivers log files to you.
What is AWS CloudTrail
AWS CloudTrail is a service that enables governance, compliance, operational auditing and risk auditing of your AWS account.
Why we use AWS CloudTrail
- Allows you to log, continuously monitor and retain events related to API calls across your AWS infrastructure.
- Provides a history of AWS API calls for your account. It’s includes API calls made through the AWS Management Console, AWS SDKs, command line tools and other AWS Service.
- Simplified Compliance
- Visibility Into User and Resource Activity
- Security Automation
- Security Analysis and Troubleshooting
AWS CloudTrail features
- Management Event and S3 Data Event logging
- Multi region and multi trail enabled
- S3 log delivery
- Log file encryption
- Integrity validation
- SNS notification
- cross-account S3 delivery
- CloudWatch Logs integration
- CloudWatch Events integration
- Personal Health Dashboard integration
- Support for multi-region configurations
- Event filters for read/write event actions
AWS CloudTrail S3 Data Events
- S3 Data events are object-level API operations that access S3 objects, such as GetObject, DeleteObject and PutObject. By default, trails don’t log data events, but you can configure trails to log data events for S3 buckets and objects that you specify.
- S3 bucket-level operations are still captured by default as part of CloudTrail Management Events.
So, Let’s get started!
Step 1: Firstly you must have logged into your AWS Management Console before starting. So, Create your AWS account if you don’t have one. After that Login to your AWS account and Click on Services menu > Choose CloudTrail.
Creation of CloudTrail
So, let me go to the CloudTrail console and create a Trail, so here you have to keep two things in mind.
First thing is that logs are sent to the S3 bucket, So if you don’t have any bucket as of now it will create one by default to choose a different bucket or additional bucket we need to choose the full create trail workflow if you click on create trail workflow it will give you a full workflow of this one but this is the basic way to create a CloudTrail.
So, the first way is to use the default process where you just add the CloudTrail name and the trail bucket and the folder it.
Step 2: Second option is to click on create Trail workflow and follow the whole steps to customise. So, let’s click on this, So here that you get the full workflow for creating a Trail and you need to enter the trail name, enter a display name for your trail.
So we can just type like sample-trail and then choose a storage type, so you can create the buckets to store logs for the trail or you can choose the existing bucket to store logs for this trail, so i will choose the first option because i don’t have the existing s3 bucket.
Step 3: I will create a new S3 bucket and we can enable log file encryption using Log file SSE-KMS encryption, this is for your server side encryption using key management service and you can enable log file validation as well by clicking on this one like enabled you can just click the check box.
Step 4: Next you can enable your SNS notifications to create some actions like sending mails or messages, So if you enable this you need to create the SNS topic or use an existing one.
Step 5: Now you can enable log monitoring using CloudWatch log groups, If you have an existing log group, you can use it else you can create a new one and at last i don’t have any IAM role as of now give it to cloudtrail for the cloudwatch,I will go to the create one, Tag is totally optional if you want to modify you can do it and click on Next.
Choose log events
Step 6:We have three types of events are mentioned here, So let’s choose Management events, We have two options Read and Write API activity and click on Next.
Step 7: So, now just review and then confirm the details to create your trail and click on create trail, So now your trail is created, multi region trail is enabled, insights cloudtrail is disabled, and now this is the cloudtrail event log that we are capturing here this is the S3 bucket, So you can just right click on this and you can see the S3 bucket, Suppose if you want to use CloudWatch you can click on the above link.
Therefore, In this blog we learn how to deploy AWS CloudTrail with S3 bucket and you can also change the customisation as per your requirements.Thanks, If you find this blog helpful do share with your friends.