Cloudtrail Flashcards
What is AWS CloudTrail?
AWS CloudTrail is a service that provides a detailed audit log of all user activity and API usage across the AWS infrastructure, enabling governance, compliance, operational auditing, and risk auditing of your AWS account.
How does CloudTrail work?
CloudTrail works by recording AWS API calls and related events made by or on behalf of an AWS account and delivering the log files to an Amazon S3 bucket specified by the user.
What types of events does CloudTrail record?
CloudTrail records two types of events: management events, which include management operations performed on resources in your AWS account, and data events, which include operations that access or modify data within a resource.
Can CloudTrail monitor cross-account roles?
Yes, CloudTrail can monitor actions performed using cross-account roles, allowing you to track how users and applications are using delegated permissions across your AWS accounts.
How can CloudTrail logs be secured?
CloudTrail log files can be secured by enabling server-side encryption (SSE) in Amazon S3 and by using AWS Key Management Service (AWS KMS) keys for encryption. Additionally, access to log files can be controlled using S3 bucket policies and IAM policies.
Does CloudTrail support log file integrity validation?
Yes, CloudTrail supports log file integrity validation, providing an additional layer of security by ensuring that log files have not been tampered with after delivery to the S3 bucket.
What is the benefit of integrating CloudTrail with CloudWatch Logs?
Integrating CloudTrail with CloudWatch Logs enables real-time monitoring of CloudTrail log data, allowing for automated responses to specific API activity through the use of CloudWatch Alarms and AWS Lambda functions.
How long are CloudTrail logs retained?
By default, CloudTrail logs are retained indefinitely when delivered to an Amazon S3 bucket. However, users can configure retention policies within the S3 bucket to automatically delete old log files after a specified period.
Can CloudTrail track actions taken through the AWS Management Console, AWS CLI, and AWS SDKs?
Yes, CloudTrail tracks actions taken through the AWS Management Console, AWS CLI, AWS SDKs, and other AWS services, providing a comprehensive view of user activity and API usage.
What is the difference between CloudTrail and AWS Config?
While CloudTrail provides a history of API calls and related events for auditing, AWS Config provides a detailed view of the configuration of AWS resources within your account, including how resources are related and have changed over time.
