Security - CloudTrail Flashcards
What is AWS CloudTrail?
CloudTrail is a web service that records activity made on your account and delivers log files to your Amazon S3 bucket.
What are the benefits of CloudTrail?
CloudTrail provides visibility into user activity by recording actions taken on your account.
Who should use CloudTrail?
Customers who need to track changes to resources, answer simple questions about user activity, demonstrate compliance, troubleshoot, or perform security analysis should use CloudTrail.
Does the CloudTrail Event History show all account activity within my account?
AWS CloudTrail will only show the results of the CloudTrail Event History for the current region you are viewing for the last 90 days and support the AWS services found here.
What search filters can I use to view my account activity?
You can specify Time range and one of the following attributes: Event name, User name, Resource name, Event source, Event ID, and Resource type.
What services are supported by CloudTrail?
AWS CloudTrail records account activity and service events from most AWS services.
Where are my log files stored and processed before they are delivered to my Amazon S3 bucket?
Activity information for services with regional end points (EC2, RDS etc.) is captured and processed in the same region as to which the action is made and delivered to the region associated with your S3 bucket.
What is applying a trail to all regions?
Applying a trail to all regions refers to creating a trail that will record AWS account activity in all regions
How many trails can I create in an AWS region?
You can create up to five trails in an AWS region. A trail that applies to all regions exists in each region and is counted as one trail in each region.
What information is available in an event?
An event contains information about the associated activity: who made the request, the services used, the actions performed, and parameters for the action, and the response elements returned by the AWS service.
How often will CloudTrail deliver log files to my Amazon S3 bucket?
CloudTrail delivers log files to your S3 bucket approximately every 5 minutes.
What are CloudTrail Insights events?
AWS CloudTrail Insights events help customers identify unusual activity in their AWS accounts such as spikes in resource provisioning, bursts of AWS Identity and Access Management (IAM) actions, or gaps in periodic maintenance activity.
What are Data events?
Data events provide insights into the resource (“data plane”) operations performed on or within the resource itself. Data events are often high volume activities and include operations such as Amazon S3 object level APIs and Lambda function invoke API.
What is the benefit of CloudTrail log file encryption using Server-side Encryption with KMS?
CloudTrail log file encryption using SSE-KMS allows you to add an additional layer of security to CloudTrail log files delivered to an Amazon S3 bucket by encrypting the log files with a KMS key.
What are the benefits of CloudTrail integration with CloudWatch Logs?
This integration enables you to receive SNS notifications of account activity captured by CloudTrail.
