Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history ___________________________________________________ zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals. Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com

1. zekeLabs
Learning made Simpler !
www.zekeLabs.com

2. Amazon Web Services
CloudTrail

3. What is CloudTrail
➢You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across
your AWS infrastructure.
➢ Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.
➢You can identify who or what took which action, what resources were acted upon, when the event occurred,
and other details to help you analyze and respond to activity in your AWS account.
➢You can integrate CloudTrail into applications using the API, automate trail creation for your organization,
check the status of trails you create, and control how users view CloudTrail events.

4. How it works
➢CloudTrail is enabled on your AWS account when you create it. When activity occurs in your AWS
account, that activity is recorded in a CloudTrail event. You can easily view events in the CloudTrail
console by going to Event history.
➢Event history allows you to view, search, and download the past 90 days of supported activity in your
AWS account.
➢ A trail is a configuration that enables delivery of events to an Amazon S3 bucket that you specify.
➢You can also deliver and analyze events in a trail with Amazon CloudWatch Logs and Amazon
CloudWatch Events.
➢When you create a trail that applies to all regions, CloudTrail records events in each region and delivers
the CloudTrail event log files to an S3 bucket that you specify.
➢When you create a trail that applies to one region, CloudTrail records the events in that region only. It
then delivers the CloudTrail event log files to an Amazon S3 bucket that you specify.

5. How it works

6. CloudTrail Workflow
➢View event history for your AWS account
You can use the CloudTrail console to view the last 90 days of recorded API activity and
events in an AWS Region.
➢Download events
You can also download a file with that information, or a subset of information based on the
filter and time range you choose.
➢Create a trail
Create a configuration file that enables delivery of CloudTrail events to an Amazon
S3 bucket, CloudWatch Logs, and CloudWatch Events.
➢Create and subscribe to an Amazon SNS topic
Subscribe to a topic to receive notifications about log file delivery to your bucket.
➢View your log files
Use Amazon S3 to retrieve log files.
➢Manage user permissions
Use AWS IAM to manage which users have permissions to create, configure, or delete trails;
start and stop logging; and access buckets that have log files.
➢Monitor events with CloudWatch Logs
You can configure your trail to send events to CloudWatch Logs. You can then use
CloudWatch Logs to monitor your account for specific API calls and events

7. CloudTrail Workflow
.
➢Log management and data events
Configure your trails to log read-only, write-only, or all management and data events. By default,
trails log management events.
➢Enable log encryption
Log file encryption provides an extra layer of security for your log files.
➢Enable log file integrity
Log file integrity validation helps you verify that log files have remained unchanged since
CloudTrail delivered them.
➢Share log files with other AWS account
You can share log files between accounts.
➢Aggregate logs from multiple accounts
You can aggregate log files from multiple accounts to a single bucket.
➢Work with partner solutions
Analyze your CloudTrail output with a partner solution that integrates with CloudTrail. Partner
solutions offer capabilities such as change tracking, troubleshooting, and security analysis.

8. Workflow

9. CloudTrail Concepts
➢An event in CloudTrail is the record of an activity in an AWS account.
➢Management events provide insight into management operations that are performed on resources in your
AWS account.
Eg: Configuring security (IAM AttachRolePolicy API operations)
➢Data events provide insight into the resource operations performed on or in a resource.
Eg : Amazon S3 object-level API activity (GetObject, DeleteObject, and PutObject API operations)
➢CloudTrail event history provides a viewable, searchable, and downloadable record of the past 90 days of
CloudTrail events.
➢A trail is a configuration that enables delivery of CloudTrail events to an Amazon S3 bucket, CloudWatch
Logs, and CloudWatch Events.

10. Viewing Events with CloudTrail Event History
➢You can troubleshoot operational and security incidents over the past 90 days in the CloudTrail console by
viewing Event history.
➢You can look up events related to creation, modification, or deletion of resources (in your AWS account on
a per-region basis.
➢Events can be viewed and downloaded by using the AWS CloudTrail console.
➢You can customize the view of event history in the console by selecting which columns are displayed and
which are hidden.
➢You can programmatically look up events by using the AWS SDKs or AWS Command Line Interface.

11. Viewing Events with CloudTrail Event History

12. Visit : www.zekeLabs.com for more details
THANK YOU
Let us know how can we help your organization to Upskill the
employees to stay updated in the ever-evolving IT Industry.
Get in touch:
www.zekeLabs.com | +91-8095465880 | info@zekeLabs.com