Any information that helps to secure your Cloud infrastructure is of significant use to security engineers and architects. With AWS CloudTrail, you have the ability to capture all AWS API calls made by users and/or services.
Whenever an API request is made within your environment AWS CloudTrail can track that request with a host of metadata and record it in a Log which is then sent to AWS S3 for storage allowing your to view historical data of your API calls.
Having this information has a number of uses from both a security and a day-to-day operational perspective, but it also allows for additional compliance. Having an audited trail of requests which can be tracked back to a user or service, and even the IP address used, helps to maintain your required compliance levels.
This course provides a full explanation of the CloudTrail service, looking at what it does, how it does it, and what components and services it uses. It breaks down each of the configurable components allowing you to see exactly how it works and to what degree it can be configured.
It dives into permissions required to run and implement CloudTrail, covering roles and policies, along with an overview of S3 Bucket permissions required for log storage. There are also a number of demonstrations within the course showing first hand how to configure Trails and set up various controls and permissions giving you clear guidance on what to do.
CloudTrail Logs are examined to show you exactly how APIs are recorded and how this sensitive information can be encrypted using KMS and also shared between AWS Accounts.
If you have any feedback on this course, please let us know at support@cloudacademy.com.
Learning Objectives
- Understand what AWS CloudTrail is and how it works
- Understand permissions, trails, and logs in CloudTrail and how they are used
- Learn how to perform monitoring activities with the service
Intended Audience
- IT professionals responsible for cloud security: security consultants, security architects, security auditors, etc.
- Those studying for an AWS certification that requires knowledge of AWS CloudTrail
- Anyone with a general interest in AWS security
Prerequisites
To get the most out of this course, you should have a basic understanding of the following AWS services: Simple Storage Service (S3), Identity and Access Management (IAM), AWS CloudWatch, Simple Notification Service (SNS), and the Key Management Service (KMS).
Hello, and welcome to this course covering AWS CloudTrail.
CloudTrail is one of the services that falls under the Management Tools categorization within the AWS console. Throughout this course, I shall explain what the service is, what it does, and how it operates, along with its interaction with other AWS services.
AWS CloudTrail is a powerful service that is used to track, audit, and monitor all API requests made in your AWS account, making it an effective security analysis tool. And so it's worth understanding exactly what it is and what it can do.
Before we start, I'd like to introduce myself. My name is Stuart Scott. I am one of the trainers here at CloudAcademy specializing in AWS, Amazon Web Services. Feel free to contact me with any questions using the details shown on screen. Alternatively, you can always get in touch with us here at CloudAcademy using the community forum where one of cloud experts will reply to your question.
This course has been designed for an audience who have an active roll in managing AWS security, such as a security consultant, security architect, security auditor, etc. Also, if you have a general interest in security or perhaps you are studying for an AWS certification that requires knowledge of AWS CloudTrail, then this course will certainly be of benefit to you as well.
In this course, I will cover a range of topics, including what is AWS CloudTrail? In this lecture, I will explain what CloudTrail is and does and give examples of how the service can be used for a number of different use cases. How does CloudTrail work? In this section, I'll talk about CloudTrail and its components and elements, and we'll discuss how would they all link together to create the service. Understanding CloudTrail permissions. In this lecture, we'll talk about permissions for both read and write access, and also we'll touch on some IIM policies and S3 bucket policies here as well. Understanding trails. In this section, we'll define what a trail is, and we'll go into the configuration components, and I'll give a demonstration of how to create a trail here too. Insight into CloudTrail logs. Logs are a huge part of CloudTrail. It's the output of the service itself. So we'll dive into what logs are, and what you can do with them and how to share logs within your own account and across other accounts as well. And then finally, we'll look at monitoring with CloudTrail. Here, we'll look at how CloudTrail interacts with AWS CloudWatch and how to set up monitoring for specific API calls, etc.
As a student of this course, you will have a full understanding of the AWS CloudTrail service and how it interacts with other AWS services, allowing you to implement CloudTrail effectively, ensuring it fulfills your business requirements. You will have the knowledge to confidently configure Trails for your AWS account, whilst at the same time applying the correct level of encryption and access control against your sensitive log files. In addition to this, you will be able to combine CloudTrail with CloudWatch to implement a monitoring solution for your API calls if required.
Pre-requisites for this course include a basic understanding of the following AWS services: Simple Storage Service, so S3; Identity and Access Management, specifically around policies; AWS CloudWatch; Simple Notification Service, SNS, and the Key Management Service, KMS.
Your feedback on CloudAcademy courses are valuable to us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you could use the comment section found on the landing page of this course.
That brings us to the end of this first lecture. Coming up next, I will introduce you to AWS CloudTrail with an explanation of what it is and what it can do.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.