Please enable JavaScript.

Coggle requires JavaScript to display documents.

Cloud Trail - Coggle Diagram

- - - - check whether a log file was modified,deleted
- - - - delivery of events on s3 bucket
        
        Analyzed by
        
        EventBridge
        
        CLoudWatch Logs
  - - - CloudTrail creates the same trail in each region, records the log files in each region, and delivers the log files to the specified single S3 bucket
      - Default setting when a trail is created using the CloudTrail console
      - A single SNS topic for notifications and CloudWatch Logs log group for events would suffice for all regions
      - :check:
        
        manage trail configuration for all regions from one location.
        
        create trails in regions not used often to monitor for unusual activity.
    - - An S3 bucket can be specified that receives events only from that region and it can be in any region that you specify
      - Additional individual trails are created that apply to specific regions, those trails can deliver event logs to a single S3 bucket.
- - - - SDK
      - CLI
      - CloudFormation
      - Management Console
    - - who
        
        accounts
        
        IP address calls
        
        users
      - when
    - - security analysis
      - resource change tracking
      - compliance auditing
    - - S3 lifecycle rules
- - - - provide information about management or control plane operations on resources
      - Includes resource creation, modification, and deletion events
      - trails log all management events for the AWS account
    - - information about the resource or data plane operations performed on or in a resource.
      - ike reading and writing of objects in S3 or items in DynamoDB.
      - trails don’t log
    - - capture
        
        capture unusual API call rate
        
        error rate activity
      - ecord of unusual levels of write management API activity
      - trails don’t log
        
        Insights events are logged only when CloudTrail detects changes in the account’s API usage
        
        error rate logging that differ significantly from the account’s typical usage patterns.
  - - - events are delivered to any trail that has the Include global services option enabled
      - US East
        
        OpsWork
        
        Route53
- - - - read messages delivered to SNS or SQS
      - downloads and reads the log files from S3 continuously
      - serializes the events into a POJO
      - allows custom logic implementation for processing
      - fault tolerant and supports multi-threading
- - - - single region
      - all regions
    - - managment account
    - - can not access to log files
      - see organization trial