Monitoring AWS CloudTrail events with AWS CloudWatch

Beginner

46 students completed the lab in ~1h:30m

Total available time: 2h:0m

Be the first to rate this lab!

Monitor AWS infrastructure and services with CloudTrail and CloudWatch

 

Lab Overview

AWS CloudTrail is a service that enables you to log, monitor and capture API related events across your AWS infrastructure and most AWS services. Events that CloudTrail captures get delivered to an S3 bucket, and are also available for viewing from the CloudTrail console. CloudTrail captures create, modify and delete API calls triggered from the console, API, command line tools or even other AWS services. Optionally, CloudTrail can be configured to send events to CloudWatch as well (and this lab does indeed tackle that too). Typical use cases for CloudTrail operating with CloudWatch are monitoring, auditing, and security (governance, compliance, analysis).

It is important to know that CloudTrail is not a replacement for CloudWatch. It simply adds to the monitoring capabilities offered by AWS. Notice the focus for each service:

  • CloudTrail focuses on API activity
  • CloudWatch focuses on performance monitoring and overall system health

Lab Objectives

Upon completion of this Lab you will be able to:

  • Turn on and configure CloudTrail so that it captures key events and delivers log files to a specific S3 bucket
  • Navigate the S3 bucket structure where CloudTrail logs are stored (as compressed JSON files)
  • Generate traffic in order to verify CloudTrail is working
  • Use the CloudTrail console to learn more about the events CloudTrail captures
  • Configure CloudTrail to send events to CloudWatch
  • Create a metric filter and alarm so that you receive a notification when specific events occur in AWS

Lab Prerequisites

Although this is a beginner level lab, it is on the more challenging side for beginners (almost intermediate ;-) you should be familiar with AWS basics including:

  • Using the AWS Console
  • S3 (bucket and folder creation, uploading files to S3)
  • EC2 (creating and launching a basic instance)
  • Conceptual understanding of CloudWatch and Simple Notification Service (SNS)

Lab Environment

After completing the lab instructions the environment will look similar to:

Follow these steps to learn by building helpful cloud resources

Log In to the Amazon Web Service Console

Your first step to start the laboratory experience

Creating your first Trail

Turn on CloudTrail and create your first Trail

Generating and Viewing Events

Generate then view CloudTrail events

Configuring CloudTrail to log to a CloudWatch log group

Configure CloudTrail to send logs to a CloudWatch log group too

Configuring a Metric Filter and Alarm for Testing and Troubleshooting

Configure a basic filter and alarm to confirm CloudWatch is working correctly

Configuring CloudWatch for EC2 Alarms and Testing with CloudTrail

Configure CloudWatch and test end-to-end with CloudTrail