23. 23
API Activity Lookupの制限事項①
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-supported-services.html
Compute
• Amazon Elastic Compute Cloud (EC2)
• Auto Scaling
• Elastic Load Balancing
• Amazon EC2 Container Service
• AWS Lambda
Database
• Amazon Relational Database Service
• Amazon ElastiCache
• Amazon Redshift
• Amazon DynamoDB
Deployment and Management
• AWS Elastic Beanstalk
• AWS OpsWorks
• AWS CloudFormation
• AWS CodeDeploy
• AWS CodePipeline
• Amazon API Gateway
Storage and Content Delivery
• AWS Storage Gateway
• Amazon Glacier
• Amazon CloudFront
Networking
• Amazon Virtual Private Cloud
• AWS Direct Connect
• Amazon Route 53
Administration and Security
• AWS Identity and Access Management
• AWS CloudTrail
• Amazon CloudWatch
• AWS Key Management Service
• AWS Security Token Service
• AWS CloudHSM
• AWS Config
• AWS Directory Service
• AWS Management Console Sign-in Service
Analytics
• Amazon Elastic MapReduce
• Amazon Kinesis
• AWS Data Pipeline
Enterprise Applications
• Amazon WorkDocs
• Amazon WorkSpaces
Application Services
• Amazon Simple Queue Service
• Amazon Simple Workflow Service
• Amazon Elastic Transcoder
• Amazon CloudSearch
• Amazon Simple Email Service
Mobile Services
• Amazon Simple Notification Service
※2015年7月15日時点
24. 24
API Activity Lookupの制限事項②
• Time Range検索
– 過去 7 日間の AWS アカウント内
のリソースの作成、変更、削除に
関する API アクティビティ
• Filter検索
– 検索できる属性の制限
• User name
• Event name
• Resource type
• Resource name
25. 25
Amazon CloudSearch, Amazon Elastic Beanstalk
https://medium.com/aws-activate-startup-blog/searching-cloudtrail-logs-easily-with-amazon-cloudsearch-2d716e23efee
CloudTrail Amazon SNS Topics Amazon SQS Queue AWS ElasticBeanstalk
Worker Role
Amazon S3 Backet
Amazon
CloudSearch
①
② ③ ④
⑤ ⑥
⑦
40. 40
リレーションシップ
Resource Relationship Related Resource
CustomerGateway is attached to VPN Connection
Elastic IP (EIP) is attached to Network Interface
is attached to Instance
Instance contains Network Interface
is attached to ElasticIP (EIP)
is contained in Route Table
is associated with Security Group
is contained in Subnet
is attached to Volume
is contained in Virtual Private Cloud (VPC)
InternetGateway is attached to Virtual Private Cloud (VPC)
… …. …..
http://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html