#cloudtrail | AWS CloudTrail (1)

Keep track of changes to your cloud infrastructure. The audit trail allows you to investigate after a security incident, and also enables realtime alerting.

A Deep Dive into AWS CloudTrail

Who made changes to sensitive parts of your cloud infrastructure? Capture audit logs with AWS CloudTrail. Learn how to analyze the audit logs with the help of CloudWatch Logs Insights or Athena. On top of that, we discuss how to rollout CloudTrail to al...

Use multiple AWS accounts, but keep it simple!

Getting started with AWS is a challenge. Unlimited possibilities, competing solutions, and distractions. Even the first step to create an AWS account requires careful planning. AWS marketers promote the AWS Landing Zone solution. Consulting partners add...

AWS CloudTrail: your audit log is incomplete

Recently, I was investigating the size of a security breach caused by leaked AWS credentials. The first place to go in such a scenario is the audit log recorded by CloudTrail. When configured correctly, CloudTrail captures the requests to the AWS API an...

Analyzing CloudTrail with Athena

Which IAM users have been active within your AWS account within the last 30 days? Are all of the 999 IAM roles still in use, or can you remove some of them to clean up your infrastructure? Is it safe to remove the action s3:GetObject from the IAM policy...

Event Driven Security Automation on AWS

If your developers create their own infrastructure in minutes, who cares about security? In some organizations the security teams become the new bottleneck if the company wants to deploy every commit to production. Because manual reviews can’t be done f...

Monitor your AWS account to detect suspicious behavior in real time

You can track every change made to your AWS account with CloudTrail. Did you know that you can also monitor your AWS account in near real time with custom rules specific to your use case? By combining CloudTrail, S3, SNS, and Lambda, you can run a piece...