Scribd
Upload
49 views13 pages

Day 19 Cloudwatch & Cloudtrail Lab 24 - 25

The document provides an overview of AWS CloudWatch and CloudTrail, detailing their functionalities and key components. CloudWatch is a monitoring service that tracks metrics, logs, and alarms, while CloudTrail logs actions performed on AWS resources for auditing purposes. It also compares the two services, highlighting CloudWatch's real-time monitoring capabilities and CloudTrail's detailed audit trails.

Uploaded by

Tom Cruise
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
49 views13 pages

Day 19 Cloudwatch & Cloudtrail Lab 24 - 25

The document provides an overview of AWS CloudWatch and CloudTrail, detailing their functionalities and key components. CloudWatch is a monitoring service that tracks metrics, logs, and alarms, while CloudTrail logs actions performed on AWS resources for auditing purposes. It also compares the two services, highlighting CloudWatch's real-time monitoring capabilities and CloudTrail's detailed audit trails.

Uploaded by

Tom Cruise
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

INDEX

➢ Understanding CloudWatch

➢ Key Components of CloudWatch

➢ CloudTrail

➢ Compare Cloudwatch & Cloudtrail

➢ Lab 24 - Cloudwatch, Setup Alarms for Metric changes, Use SNS Messaging

➢ Lab 25 - Cloudtrail
Cloudwatch

➢ CloudWatch is a monitoring and observability service provided by AWS.

➢ It allows you to collect and track metrics, collect and monitor log files, set
alarms, and automatically react to changes in your AWS resources.

➢ Key components include metrics, logs, events, dashboards, and alarms.


Key Components of CloudWatch
➢ Metrics: Metrics are quantitative measurements that track the performance or
behavior of a system, such as CPU utilization or request latency.

➢ Events: Events are notifications or signals generated by AWS services or


applications to indicate changes or occurrences, which can trigger automated
responses.

➢ Dashboards: Dashboards are visual representations of metrics and data

➢ Alarms: Alarms are notifications triggered by predefined thresholds on metrics,


alerting users to potential issues or changes in the system that require attention.
Cloudtrail

➢ CloudTrail logs detailed records of all actions performed on your AWS


resources, including who performed the action, what action was performed,
when it was performed, and other pertinent details.
Cloudtrail - Events
➢ An "event" is a record of an activity that has occurred in your AWS account.

➢ Events capture API calls made by users, services, or applications.

➢ Each event provides detailed information about the request made to an AWS
service, including:
Who: The identity of the user, role, or service that made the request.
What: The details of the API call, including the service, action, and
parameters.
When: The timestamp of when the activity occurred.
Where: The source IP address from where the request was made.
Response: The outcome of the request, including any returned data or
error messages.
Cloudtrail - Event Types
➢ Management Events

➢ Data Events

➢ Insights Events
Management Events
➢ Management events provide visibility into management operations that are
performed on resources in your AWS account. These are typically API calls
made to create, delete, or modify AWS resources.

➢ EC2 : StartInstances, StopInstances, TerminateInstances, RebootInstances


CreateSecurityGroup, DeleteSecurityGroup

➢ S3 : CreateBucket, DeleteBucket, PutBucketPolicy, GetBucketPolicy

➢ IAM: CreateUser, DeleteUser, AttachUserPolicy, DetachUserPolicy

➢ RDS
CreateDBInstance, DeleteDBInstance, ModifyDBInstance
Data Events
➢ Data events provide visibility into the resource operations performed on or
within a resource. These are typically API calls that access or modify the data
within a resource.

➢ S3 : GetObject, PutObject, DeleteObject, ListObjects

➢ DynamoDB : GetItem, PutItem, DeleteItem, Query, Scan

➢ Lambda : InvokeFunction, GetFunction, UpdateFunctionCode

➢ EBS : CreateSnapshot, DeleteSnapshot, CreateVolume,DeleteVolume


Insight Events
➢ Insights events provide visibility into unusual operational activity in your
AWS account. CloudTrail Insights can detect unusual activity patterns, such as
spikes in resource provisioning or IAM management activities.

➢ Anomalous Activity Detected


Unusual increase in API call volume
Unusual activity in IAM actions
Unusual activity in EC2 instance launches
Default Event History v/s Trail Set up

➢ Event History provides a record of recent Management Events that have


occurred in your AWS account. This includes activities such as creating,
modifying, and deleting AWS resources.

➢ Event History retains events for the past 90 days.

➢ You can access Event History directly from the CloudTrail console without
any prior setup.

➢ It is useful for quick access to recent events for troubleshooting, auditing,


and security analysis.
Default Event History v/s Trail Set up (Conti.)
➢ A Trail allows you to configure the logging of Management, Data and Insight
Events across your AWS account.

➢ Trails can store event logs for an extended period, as long as you configure
the destination storage (typically an S3 bucket) and manage the lifecycle
policies of the logs.

➢ Use Cases: Trails are essential for long-term auditing, compliance


requirements, detailed security analysis, and maintaining a comprehensive
log of all activities in your AWS account.
Cloudwatch V/S Cloudtrail

➢ AWS CloudWatch helps you monitor metrics like CPU usage and memory on
your EC2 instances, and can trigger alerts if thresholds are exceeded.

➢ AWS CloudTrail logs all API calls made in your account, so you can see who
made changes to your resources, such as creating or deleting an S3 bucket.

➢ CloudWatch provides real-time performance data, while CloudTrail offers a


detailed audit trail for security and compliance.

You might also like