![Page 1: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/1.jpg)
November 13 2014 | Las Vegas, Nevada
Sivakanth Mundru, Amazon Web Services
![Page 2: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/2.jpg)
Agenda
New
New
![Page 3: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/3.jpg)
![Page 4: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/4.jpg)
Introduction to CloudTrail
Customers are making API calls...
On a growing set of services
around the world…
CloudTrail is continuously
recording API calls…
And delivering log files to customers
![Page 5: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/5.jpg)
Use cases enabled by CloudTrail
![Page 6: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/6.jpg)
CloudTrail Regional Availability
![Page 7: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/7.jpg)
AWS Services supported by CloudTrail
78
16
21
24
0
5
10
15
20
25
30
# o
f A
WS
Serv
ices
Quarter/Year
Q4 2013 Q1 2014 Q2 2014 Q3 2014 Q4 2014
![Page 8: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/8.jpg)
![Page 9: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/9.jpg)
What can you answer using a CloudTrail event?
• Who
• When
• What
• Which
• Where
![Page 10: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/10.jpg)
Who made the API call?
![Page 11: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/11.jpg)
Example 1:Who?
![Page 12: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/12.jpg)
Example 2:Who?
![Page 13: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/13.jpg)
When? and What?
• When was the API call made?
• What was the API call made?
![Page 14: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/14.jpg)
Which resources?, Where from? and Where to?• Which resources were acted up on in the API call?
• Where was the API call made from and made to?
![Page 15: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/15.jpg)
Client Errors, Server Errors & Authorization failures
![Page 16: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/16.jpg)
Aggregate log files across regions and accounts
![Page 17: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/17.jpg)
Amazon SNS notifications for log file delivery
![Page 18: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/18.jpg)
![Page 19: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/19.jpg)
CloudTrail Customer Story
Steve Toback
Cloud Architect, Merck and Company
![Page 20: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/20.jpg)
![Page 21: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/21.jpg)
Build Applications that process CloudTrail log files
![Page 22: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/22.jpg)
How does CloudTrail Processing Library work?
AWS
CloudTrail
Amazon
SNS
Amazon
SQS
S3 Bucket
Amazon DynamoDB
Amazon Redshift
Third Party
Amazon CloudWatch
Amazon SNS
AWS CloudTrail
Processing Library
![Page 23: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/23.jpg)
Sample CloudTrail Processing Library Code public void process(List<CloudTrailEvent> events) {
for (CloudTrailEvent event : events) {CloudTrailEventData data = event.getEventData();if (data.getEventSource().equals("ec2.amazonaws.com") &&
data.getEventName().equals("ModifyVpcAttribute")) {System.out.println("Processing event: " + data.getRequestId());
sns.publish(myQueueArn, "{ " + "'requestId'= '" + data.getRequestId() + "'," + "'request' = '" + data.getRequestParameters() + "'," +"'response' = '" + data.getResponseElements() + "'," +"'source' = '" + data.getEventSource() + "'," +"'eventName'= '" + data.getEventName() + "'" +"}");
}}
}
• Source available on GitHub and distributed under Apache 2.0 license
![Page 24: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/24.jpg)
![Page 25: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/25.jpg)
AWS Technology Partner solutions integrated with CloudTrail
![Page 26: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/26.jpg)
AWS Consulting Partner solutions integrated with CloudTrail
![Page 27: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/27.jpg)
![Page 28: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/28.jpg)
CloudTrail integration with CloudWatch Logs
![Page 29: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/29.jpg)
Demo: Receive notifications for failed console sign-in events
![Page 30: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/30.jpg)
More Examples of Metric Filters
![Page 31: (SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022052508/559446ae1a28abfc728b4645/html5/thumbnails/31.jpg)
Additional ResourcesCloudTrail Detail Page
CloudTrail FAQs
CloudTrail Partners
CloudTrail Processing Library on GitHub
CloudTrail documentation user guide
Security at scale: Logging in AWS white paper