AWS CloudTrail is a web service that records AWS API calls for your AWS account and places these records in log files stored in an S3 bucket of your choice. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.
With CloudTrail, you can get a history of AWS API calls for your account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation). This essentially provides a complete audit trail of any activity on your AWS account and thus serves as a great source of information for security & compliance as well as for troubleshooting system issues.
We are excited to announce that as of today, you can easily configure Logentries with your CloudTrail logs to analyze this data.
However you might be wondering: What are the MOST important log events that you should be looking out for? We have identified these for you, and the Tags and Alerts are available to you now through an easy import into your Logentries account. These CloudTrail events include:
- Starting, stopping, terminating, rebooting instances
- Creating or deleting security groups
- Creating and deleting users
- Updating user profiles
- Adding and removing groups
- Updating role and password policies
- Signing certificate upload or deletion
Once imported you will see the tags listed on your Tags and Alerts page. You can then create alerts so you are notified when somebody changes a password, or terminates an instance for example.
You can easily get access to the new CloudTrail support in Logentries for free here. Let us know if there are any other important events that you are monitoring today in your CloudTrail tags. As always looking forward to your feedback!