hands-on lab

Analyzing Account Activity With AWS CloudTrail

Intermediate
1h 30m
141
5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

AWS CloudTrail is an account management tool that records user activity and API usage in AWS services. CloudTrail stores various types of events as logs in an Amazon S3 bucket, and provides various services that allow you to track, aggregate, and analyze the data.

In this lab, you will explore the offerings of the AWS CloudTrail service. You will review and track activity with CloudTrail by observing the event history dashboard and creating a trail. You will also aggregate specific data events into an event data store to form a CloudTrail lake.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Access CloudTrail Event history to look up and filter management events
  • Create a CloudTrail Trail to log S3 data events
  • Apply advanced event selectors to scope event criteria
  • Aggregate CloudTrail events into an Event Data Store
  • Form and query a CloudTrail Lake

Intended audience

  • Candidates for the AWS Certified Security - Specialty certification
  • Cloud Architects
  • Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • AWS CloudTrail

The following content can be used to fulfill the prerequisites:

 

Updates

February 1st, 2024 - Updated screenshots and instructions to reflect the latest UI

Environment before
Environment after
About the author
Avatar
Jun Fritz
Cloud Labs Developer
Students
38,328
Labs
102
Courses
1
Learning paths
6

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics
Lab steps
Logging In to the Amazon Web Services Console
Reviewing management events in AWS CloudTrail event history
Tracking S3 data events with an AWS CloudTrail trail
Generating S3 data events
Aggregating data with an AWS CloudTrail event data store
Querying an AWS CloudTrail Lake