Logging IAM events with Cloud Trail

AWS Cloudtrail

There may be occasions when someone has done something that they shouldn’t have in your AWS account. For example, they might have terminated an instance that they shouldn’t have and you need to find out who it was.

To do this, enter your AWS dashboard and click on “CloudTrail”

  • Click “get started now”
  • Pick or create an s3 bucket in which you’ll store your logs
  • Click advanced – click yes on SNS and enter a topic
  • Go to SNS in the menu
  • Click on topics
  • See the one you just created
  • Open it
  • Click create subscription
  • Create an email subscription to send out email notifications
  • Go back to CloudTrail and see the logs once they’ve generated
  • When you open a log, you can see who carried out an action and you can see what API keys were used

Image used under creative commons

This article was brought to you by Netshock. Netshock aim to provide technology guides and insight to our readers

Tagged under: