A Deep Dive into AWS CloudTrail
Who made changes to sensitive parts of your cloud infrastructure? Capture audit logs with AWS CloudTrail. Learn how to analyze the audit logs with the help of CloudWatch Logs Insights or Athena. On top of that, we discuss how to rollout CloudTrail to all AWS accounts belonging to your organization. Last but not least, you will learn about the blind spots and how to avoid extensive costs.
What to expect from the video?
Hej, Andreas & Michael here!
We launched the cloudonaut blog in 2015. Since then, we have published 323 articles: small tips and tricks, best practices, and service reviews. We enjoy writing about all things AWS a lot.
Do you like our blog posts and podcast episodes? Have you learned something new? Consider supporting us create in-depth and independent AWS content. Please help us with a monthly or one-time payment through GitHub Sponsors.Start supporting us today!
- Demo: Querying audit logs with CloudWatch
- Demo: Querying audit logs with Athena
- Best practices for configuring CloudTrail (multi-account)
- About blind spots: S3, DynamoDB, SQS, SNS, …
- About extensive costs: data events are expensive
- Demo: Real-time alerts (CIS AWS Foundations)
Enjoy the video!
Capturing and storing audit logs is only half of the job. It would be best if you were capable of analyzing the logs as well. Here are some examples of queries for CloudWatch Logs Insights.
fields @timestamp, @message
Besides that, Athena offers a powerful way to search through audit logs captured by CloudTrail as well.