Austin's SWE Notes 😭

    CloudTrail

    • Provides governance, compliance and audit for AWS account
    • Enabled by default (for all region)
      • Have option to put into single region
    • Get history of events / API calls make within your AWS account
      • SDK
      • CLI
      • Webconsole
      • IAM Users, Role
    • Can put logs into S3 or CloudWatch Logs
    • If something is deleted, investigate in cloud trail
      Pasted image 20221005171600.png

    CloudTrail Events

    • Management events (default)
      • Operations that are performed on resources in your account
      • by default CloudTrail only log this
      • Can separate Read events (that don't modify resources) from Write Events (may modify resources)
    • Data events (not enabled by default)
      • S3 Object level activity (GetObject, Delete Object, ...) can separate Read and Write Events
      • AWS Lambda Function execution Activity (Invoke API)
    • CloudTrail Insights Events

    Notes: Events are only store 90 days. To keep them longer, store into S3 and then analyse using Athena

    Pasted image 20221005172604.png

    ← CloudTrail Vs CloudWatch Vs X-Ray
    CloudWatch Alarms →