AWS CloudTrail
1. Overview - AWS CloudTrail
-Track activity across teams, accoundts and organizations in one place, in a consistent format
-Explore acitivity using a single set of tools, and respond to activity in minutes.
-As AWS innovates, new services and features are covered automatically.
2. With CloudTrail you can ...
a) Simplify compliance workflows
-Keep track of API usage in a single location, simplifying audit and compliance processes
b) Enhance security analysis
-Perform security analysis and detect user behavior patterns across services, users, and accounts
c) Monitor data exfiltration risks
-Stay alert to data exfiltration risk by collecting activity data on Azmaon Simple Storage Service (Amazon S3) objects through object-level API events
d) Perform operational troubleshooting
- Simplify root cause analysis using CloudTrail events, to reduce time to resolution
3. CloudTrails Events
- integrated with over 130 AWS services
-Automatically gather usage activity
-Record event details, such as operartion, principal, request and response attributes
-Deliver events to central locations
a) types of events
Managment events
-Resource control actions, such as update and delete actions on an amazon Elastic Compute Cloud (Amazon EC2) instance
-Generally infrequent compared to data events
-available from nearly all services
Data events
-Fine-grained actions , such as reading from an object in Amazon S3
-Can be very high frequency events
-Available for Amazon S3 and Amazon AWS Lambda
b) Event delivery
-Delivery events to Amazon S3
-Optionally deliver events to Amazon CloudWatch Logs
-Central collection across accounts and regions if desired
-Delivery is typically <15 minutes at 99th percentile. some services have delivery times of 5 minutes at 99th percentile
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
-Track activity across teams, accoundts and organizations in one place, in a consistent format
-Explore acitivity using a single set of tools, and respond to activity in minutes.
-As AWS innovates, new services and features are covered automatically.
2. With CloudTrail you can ...
a) Simplify compliance workflows
-Keep track of API usage in a single location, simplifying audit and compliance processes
b) Enhance security analysis
-Perform security analysis and detect user behavior patterns across services, users, and accounts
c) Monitor data exfiltration risks
-Stay alert to data exfiltration risk by collecting activity data on Azmaon Simple Storage Service (Amazon S3) objects through object-level API events
d) Perform operational troubleshooting
- Simplify root cause analysis using CloudTrail events, to reduce time to resolution
3. CloudTrails Events
- integrated with over 130 AWS services
-Automatically gather usage activity
-Record event details, such as operartion, principal, request and response attributes
-Deliver events to central locations
a) types of events
Managment events
-Resource control actions, such as update and delete actions on an amazon Elastic Compute Cloud (Amazon EC2) instance
-Generally infrequent compared to data events
-available from nearly all services
Data events
-Fine-grained actions , such as reading from an object in Amazon S3
-Can be very high frequency events
-Available for Amazon S3 and Amazon AWS Lambda
b) Event delivery
-Delivery events to Amazon S3
-Optionally deliver events to Amazon CloudWatch Logs
-Central collection across accounts and regions if desired
-Delivery is typically <15 minutes at 99th percentile. some services have delivery times of 5 minutes at 99th percentile
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
Komentarze
Prześlij komentarz