Assignment No.11: What is Cloud Trail & Cloud Watch in AWS?

1. Cloud Trail:
AWS CloudTrail is an AWS service that helps you enable operational and risk
auditing, governance, and compliance of your AWS account. Actions taken by a user,
role, or an AWS service are recorded as events in CloudTrail. Events include actions
taken in the AWS Management Console, AWS Command Line Interface, and AWS
SDKs and APIs.

1. Event Logging: CloudTrail records AWS API calls made on your account. These logs
include the identity of the API caller, the time of the API call, the source IP
address of the API caller, the request parameters, and the response elements
returned by the AWS service.

2. Event History: CloudTrail provides a history of AWS API calls for your account,
including API calls made via the AWS Management Console, AWS SDKs,
command-line tools, and other AWS services.

3. Monitoring and Alerting: By integrating CloudTrail with Amazon CloudWatch

Logs, you can create alarms to be notified of unusual API activity. This can help in
detecting unauthorized access or other suspicious activity.

4. Compliance Aid: CloudTrail helps you meet compliance requirements by logging

detailed information about API activity and enabling you to demonstrate
compliance to auditors.

5. Insights: CloudTrail Insights helps you identify and respond to unusual activity
associated with write APIs by continuously analyzing CloudTrail management
events. It can detect and alert you about API activity that deviates significantly
from typical activity, such as a spike in resource provisioning or an increase in the
number of security group changes.

6. Data Retention and Export: You can store CloudTrail logs in Amazon S3 for long-
term analysis and archiving. The logs can be encrypted for security and can be
integrated with AWS services like Amazon Athena, AWS Lambda, and Amazon
CloudWatch for further analysis.
2. CloudTrail console:
Sign in to the AWS Management Console and open the CloudTrail console at
https://console.aws.amazon.com/cloudtrail/.

 The CloudTrail console provides a user interface for performing many CloudTrail tasks
such as:

 Viewing recent events and event history for your AWS account.

 Downloading a filtered or complete file of the last 90 days of management events

from Event history.

 Creating and editing CloudTrail trails.

 Creating and editing CloudTrail Lake event data stores.

3. AWS CLI:
The AWS Command Line Interface is a unified tool that you can use to interact with
CloudTrail from the command line. For more information, see the AWS Command
Line Interface User Guide. For a complete list of CloudTrail CLI commands, see
cloudtrail and cloudtrail-data in the AWS CLI Command Reference.
4. Cloud Watch:
Amazon CloudWatch is a monitoring and management service that provides data and
actionable insights for AWS, on-premises, hybrid, and other cloud applications and
infrastructure resources. You can collect and access all your performance and
operational data in the form of logs and metrics from a single platform rather than
monitoring them in silos (server, network, or database). CloudWatch enables you to
monitor your complete stack (applications, infrastructure, network, and services) and
use alarms, logs, and events data to take automated actions and reduce mean time to
resolution (MTTR). This frees up important resources and allows you to focus on
building applications and business value.
CloudWatch Logs classes
There are two log classes:

5. CloudWatch Logs classes

a. Amazon CloudWatch Logs Infrequent Access (Logs-IA) is purpose-built for

consolidating all your logs natively on AWS. It offers the managed ingestion, cross-
account log analytics, and encryption of CloudWatch Logs Standard, with a low per
GB ingestion price. This combination of tailored capabilities and low cost make
CloudWatch Logs-IA ideal for ad-hoc querying and after-the-fact forensic analysis.

b. Amazon CloudWatch Logs Standard for comprehensive log management intended for
real-time monitoring and advanced analytics capabilities like Live Tail, metric
extraction, alarming or data protection.
6. Key Aspects of Cloud Watch in AWS:
 Monitoring and Metrics: Collects and tracks metrics, monitors log files, sets alarms,
and automatically reacts to changes in your AWS resources.

 Alarms and Automated Actions: Allows you to set thresholds on metrics and trigger
automated actions such as scaling EC2 instances or sending notifications when
thresholds are crossed.

 Log Management: Enables you to aggregate, monitor, and analyze log data from
Amazon EC2 instances, AWS CloudTrail, and other sources in real-time.

 Dashboards: Provides customizable dashboards for a centralized view of your

resources and applications, aiding in the visualization of metrics and logs.

 Event Handling and Automation: Offers near real-time event streams for system
changes, allowing for automated responses like triggering AWS Lambda functions or
starting/stopping EC2 instances.