The Benefits of Using CloudTrail
Start course
7h 20m

This course provides detail on the AWS Management & Governance services relevant to the AWS Certified DevOps Engineer - Professional exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
  • Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
  • Get a high-level understanding of Amazon CloudWatch
  • Learn about the features and use cases of the service
  • Create your own CloudWatch dashboard to monitor the items that are important to you
  • Understand how CloudWatch dashboards can be shared across accounts
  • Understand the cost structure of CloudWatch dashboards and the limitations of the service
  • Review how monitored metrics go into an ALARM state
  • Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
  • Know how to create a CloudWatch Alarm using Anomaly Detection
  • Learn what types of metrics are suitable for use with Anomaly Detection
  • Create your own CloudWatch log subscription
  • Learn how AWS CloudTrail enables auditing and governance of your AWS account
  • Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
  • Explain what AWS CloudFormation is and what it’s used for
  • Determine the benefits of AWS CloudFormation
  • Understand what the core components are and what they are used for
  • Create a CloudFormation Stack using an existing AWS template
  • Learn what VPC flow logs are and what they are used for
  • Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
  • Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
  • Understand how AWS Secrets Manager can be used to securely encrypt application secrets

With AWS CloudTrail's ability to capture a vast amount of data using either an All Region, Single Region, or AWS Organization trail, what benefits does this bring to your business, and why is it needed? Well, there are some simple and obvious reasons for this, some of which you would have already thought of yourself, but let’s go through a few to see how AWS CloudTrail is beneficial to your organization.

Using CloudTrail as a security tool is a great way to identify events that have happened that perhaps shouldn’t have.  Being able to search for specific events, such as an unsuccessful sign-in attempt, or perhaps a principal trying to run a restricted API, allows your security teams to find out how these events happened, who initiated them, and then put in preventative measures ensuring that they do not occur again. Analyzing this data can also help to spot weaknesses in your infrastructure allowing your engineers to bolster and reinforce boundaries and operational best practices.

Using the features of CloudTrail Trail, and CloudTrail Lakes you are able to consolidate activity records from more than one region into a single S3 bucket, providing a convenient way to analyze data, allowing you to identify patterns and audit activity at scale using queries.  Being able to bring data together from multiple sources and regions allows your teams to view API activity through a single-pane-of-glass approach, simplifying analysis of the data sets.

CloudTail provides a great way to allow you to gain visibility into your AWS cloud environment, allowing you to understand exactly what is happening, and when, and by whom.  Having enhanced visibility of your environment provides an opportunity to increase your awareness of attacks, and can provide an early warning to unusual behavior.  In fact, CloudTrail has an interesting feature called CloudTrail Insights which helps to track and identify any unusual behavior detected within your account based on the action of a Write API.  

These events are only captured based upon the behavior pattern of API calls that fall outside the realms of your normal operations.  To help you ascertain the reason behind the insight that has been triggered, additional metadata is also captured. 

CloudTrail Insights is not enabled by default, however, when it is enabled CloudTrail will review, monitor and advise about irregularities in Write management events.  When captured, these events are then stored in a different folder within your destination trail bucket, this folder will be named as /CloudTrail-Insight.  To help you review these insights quickly and effectively, they are also viewable from within the AWS management console of the AWS CloudTrail dashboard.

As AWS CloudTrail is designed to track API calls, it can be used as a very effective method of maintaining a recorded audit of actions and configuration changes taken against your AWS resources across multiple accounts and multiple regions.  The data collected from CloudTrail logs can be used to help you maintain governance and meet regulatory requirements.  From an auditing perspective, each event recorded captures information pertaining to:

  • The principal who carried out the API, including the ARN

  • The Account ID

  • The username and session information

  • The time of the event

  • The source

  • The eventname (API)

  • The Region

  • Source IP address

  • And many more

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.