AWS CloudTrail | CloudTrail Log File Integrity Validation Flashcards
What charges do I incur once I configure encryption using SSE-KMS?
CloudTrail Log File Integrity Validation
AWS CloudTrail | Management Tools
Once you configure encryption using SSE-KMS, you will incur standard AWS KMS charges. For details,go to AWS KMS pricing page.
What is CloudTrail log file integrity validation?
CloudTrail Log File Integrity Validation
AWS CloudTrail | Management Tools
CloudTrail log file integrity validation feature allows you to determine whether a CloudTrail log file was unchanged, deleted, or modified since CloudTrail delivered it to the specified Amazon S3 bucket.
What is the benefit of CloudTrail log file integrity validation?
CloudTrail Log File Integrity Validation
AWS CloudTrail | Management Tools
You can use the log file integrity validation as an aid in your IT security and auditing processes.
How do I enable CloudTrail log file integrity validation?
CloudTrail Log File Integrity Validation
AWS CloudTrail | Management Tools
You can enable the CloudTrail log file integrity validation feature from the AWS Management Console, AWS CLI or AWS SDKs.
What happens once I turn on the log file integrity validation feature?
CloudTrail Log File Integrity Validation
AWS CloudTrail | Management Tools
Once you turn on the log file integrity validation feature, CloudTrail will deliver digest files on an hourly basis. The digest files contain information about the log files that were delivered to your Amazon S3 bucket, hash values for those log files, digital signatures for the previous digest file, and the digital signature for the current digest file in the Amazon S3 metadata section. For more information about digest files, digital signatures and hash values, go to CloudTrail documentation.
Where are the digest files delivered to?
CloudTrail Log File Integrity Validation
AWS CloudTrail | Management Tools
The digest files are delivered to the same Amazon S3 bucket where your log files are delivered to. However, they are delivered to a different folder so that you can enforce granular access control policies. For details, refer to the digest file structure section of the CloudTrail documentation.
How can I validate the integrity of a log file or digest file delivered by CloudTrail?
CloudTrail Log File Integrity Validation
AWS CloudTrail | Management Tools
You can use the AWS CLI to validate that the integrity of log file or digest file. You can also build your own tools to do the validation. For more details on using the AWS CLI for validating the integrity of a log file, refer to the CloudTrail documentation.
