Setting Up AWS Cloudtrail

Rohan Arora
A free video tutorial from Rohan Arora
Technology Evangelist, Solutions Architect and Instructor
4.3 instructor rating • 9 courses • 8,197 students

Learn more from the full course

AWS Cloud Practitioner Essentials

Prepare for the AWS Certified Cloud Practitioner exam.

13:08:12 of on-demand video • Updated November 2019

  • Learn the foundations of cloud computing and AWS, including its primary services, benefits, and use cases
  • Pass the AWS Certified Cloud Practitioner exam
English [Auto] We are back to the main page on our management console. And now let's click on the cloud under the management tools and this does take us to the cloud till dashboard Ashbolt. Now once we go over there you can see the event history for the events that have happened in my count in the last nine days or for the last nine days. So I can see we're here with set events. These are world most recent events recorded by cloud trail to view all the events for the next 90 days. Good thing that history got under the event history. I can't see the past 90 days. API calls all the activities right. For example if I show you one of the activities that has happened in the past you can see all the entire information. For example it shows the region where this activity or called the evade name deletes snapshot because a snapshot was deleted then the event date and time the source IP address so what was I bidder's off the machine when this operation was triggered and who did that to count right. So from my account this delete snapshot operation was triggered at this date and time using the source IP address right. So let's see some more event history so that you can get to know that how it look like for example. Yeah I just go with their now. I deleted one of the volumes in the region of use was default. That's not California. It was done to my account and the source library on my computer at that time was this one. And this is the event data type so I get to school back and see the event history to see each and every update call on each and every activity tapestried good with respect to the resources in my county for example I did one instance I Two-Minute did one instance in the region of about California Subaru to count and this was while the SOS on it was off my computer. Now over here you can see the past 90 days. Lawks What if you want to go beyond that because it is just the 90 days. For example if I want to see the logs of the past that's six months eight months a one here or maybe two years now from now on roads what I can do is I can nibble the cloud till cloud trail at East trail votes. Once it it's been captured it will start storing the locks in the street packet. So from today's date if I just create a trail that trail the start accumulating or storing the locked files of each and every event history packet now now after one year if I want to see any will the event histories in that what has happened in the gap of one year I can go to the packet and extract the LOC based upon the time and date. Now I can do that. So this event history you can see I know the event history under the dashboard right. If it does go the trails from here you can create the trail. So let's go ahead and create trail and you have to assign a name to it. I submit as test hyphen tail and that this is a body part option. Do you want to apply this drill to all the regions. If the answer is yes yes. In that case it would create a trail named as terrestrial in each of the regions so it would create a trail in each of these regions. If I say no then it would capture the operations all the EPA activity only for the Northern California in the region you're in right now. So it's all up to you if you have the infrastructure or the resources that's been scattered across all the regions then that this is an important option and situate now. Right. So you can just know and if you have two or three different regions you can you can have endangered trails for each and every region. So I just know in my case it's all going to souces reset and not kind of Fortean. It captured the loss of those two sources only. Under the management events. I can. It gives me insights into the management operations that's been performed on resources. In my count not these are two different options. All right. Only right Doli. None. All we said it will capture all the different management events read only means that it will capture the events that are being delayed. But to the information of these sources for example describe instances it's a read only API call if I just write Toli then any of the operations that will make the changes are implementation of these sources would come under right Tony. For example Tilmann it is Tess's largest Tiss. These are the years I don't see operations in use not that it's not kept to any of the log files and that the management of its such use all which is the default option in that case. It will capture the Read-Only and divide only events that we have detainments events will give you that side of the EPA called skepta. It was obvious to Puckett's are also it will it will see it will give you a direct quote of all the AP operations for integer functions that this is mandatory. If you if you if you are using nabû then you can go within the land did events. If you're not using a secure Lamda are if you want to capture the invocations then you can skip that. But of course the management of it is crucial because you can capture each and every event. But if not to specifically target the pocket and Lampa in locations then it could go with that. So we're going to skip the events and we're going to go with the management even slowly not to scroll down. Now we have to specify the storage location because these clockface what was saved in one of these two packets. So you can get you to packet by choosing gifts or you just know and could a new packet from scratch wanting you have to keep in mind is that the S3 package should be in the same region where your cloud tril is being created. So this cloud trail or the trail is being created in the region of North California hence the Buckie should be the same region. So if it uses and I could you bucket that new buckets will be created in the region of California. So let me name this new bucket as demo cloud tail hyphen we two words into something like that. Right. So indice a strip packet all my API calls all the operations all the activities will be saved in the form of Laux. Right. So from now on onwards it will start selling the locks and down the line after a few months or a few Yoseph go back. I can see that what events all the operations have been triggered so far. As. Go ahead click and create. And this creates my trail from scratch. OK. So it takes some time for the lock fonts to be delivered. If I had this go to this to packet it would take its salt sweet time to start showing me the locks. I think it it takes five minutes straight because the locks will be captured and stored after a gap of each firepit. So as of now you can see that there are new objects under at this path because we don't have any of the locks showing up on both this pocket. If I go to the street that I can see all the street Puckett's. So that's how your cloud trail tilts are being enabled. And from now onwards it would start accumulating the locks into mine. This demo Clotworthy to packet if you are satisfied with the event history of the past 90 days. So in that case there's no need to enable the trail. You can just go ahead and you can start using your event history just in case if you think that you don't have to go beyond 90 days. Right. So it's up to you. Either you can just stay to the event history or you can create the trail or you can use it. It's all up to you. I recommend that you also enable trades because it is very important for you to perform the troubleshooting just in case if you think that you may have to extract the locks maybe six months back or seven months. And that is this is useful also when we bought a tank if you had just performed an obsession just to understand that how it works for you please make sure that you disable or delete the trail just off the bat because the article will keep on storing acuminate the locks in the bucket and through a gap of five minutes. Now we have to remember one thing that you get only five G-B or three storage under the feet to account. So if you have the cloud enabled for many days they didn't few days are I think few weeks you'll find G-B off limits would be exceeded in that. But it's advisable that it does go to the trail after you're done being an obsession. You just go ahead and either you can stay or go. There's been an icon to delete this cloud trail or else you can dispute the Nagi ink for all to offer so you can hit the slide the button on the left side input logging to off hit continue and with stopped storing are generating a lot faster as to packet. So it's very important for you to apply that so that you don't exceed your fetal limit. Dude stole your data in your pocket. And was to go to Australia you can make any any change in any of the options that you have configured before. So that's all about the cloud trail. Thank you.