1. Home
  2. Training Library

Governing AWS accounts with AWS Config and AWS CloudTrail

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Setting up AWS Config
lock
Sending email notifications with Amazon Simple Notification Service
lock
Creating a trail with AWS CloudTrail
lock
Reviewing AWS Config resource timelines
lock
Inspecting AWS Config timeline changes
lock
Accessing an AWS IAM credential report

The hands-on lab is part of these learning paths

Architecting for Management & Governance in AWS - Level 3
1
9
AWS Advanced Networking – Specialty (ANS-C01) Certification Preparation for AWS
8
2
17
AWS Management & Governance
15
13

Ready for the real environment experience?

DifficultyIntermediate
Time Limit1h
Students1042
Ratings
4.4/5
starstarstarstarstar-half

Description

As deployments become increasingly complex and businesses allow developers more freedom to work with the AWS Cloud, understanding what users are doing becomes even more important.

Governance on AWS is the practice of using AWS tools to ensure that the way AWS is used meets strategic goals for a company. More concretely, this usually refers to a set of practices and techniques to monitor the usage of AWS APIs and services. In this lab, we will review methods for monitoring how developers use AWS.

Learn about the basic techniques and technologies for the governance of enterprise AWS accounts. This lab covers how to use AWS Config Rules, IAM monitoring techniques, AWS CloudTrails, and core reporting tools.

You will set up AWS Config to monitor changes to resources within an AWS account, subscribe to updates on these resources via email, create an audit trail of AWS API calls using AWS CloudTrail, learn how to read an AWS Config Resource Change Timeline, and pull an AWS IAM report for an account.

Learning objectives

Upon completion of this lab, you will be able to:

  • Set up AWS Config to monitor changes to AWS resources in your account
  • Subscribe to resource updates via email
  • Create an audit trail of AWS API calls using AWS CloudTrail
  • Learn how to read an AWS Config Resource Change Timeline
  • Access an AWS IAM report for an AWS account

Intended audiences

  • Candidates for the AWS Certified Solutions Architect - Associate exam
  • Cloud Architects
  • System Administrators

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • AWS Config
  • AWS IAM
  • AWS CloudTrail

Updates

March 21st, 2023 - Updated CloudTrail lab step instructions to match console UI experience

October 13th, 2022 - Resolved deployment issue

May 31st, 2022 - Updated lab format and lab step instructions to match console UI experience

July 20th, 2021 - Updated lab format and lab step instructions to match console UI experience

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

September 12th, 2018 - Updated instructions, screenshots, and permissions to match the new service workflows.

Environment before
PREVIEW
arrow_forward
Environment after
PREVIEW
About the Author
instructor-image

Andrew Templeton

Engineering Director
Students14982
Labs2
Courses3

Nothing gets me more excited than the AWS Cloud platform! Teaching cloud skills has become a passion of mine. I have been a software and AWS cloud consultant for several years. I hold all 5 possible AWS Certifications: Developer Associate, SysOps Administrator Associate, Solutions Architect Associate, Solutions Architect Professional, and DevOps Engineer Professional. I live in Austin, Texas, USA, and work as development lead at my consulting firm, Tuple Labs.

Covered Topics

ManagementSecurityMonitoringAmazon Web ServicesSecurity for AWSMonitoring for AWSManagement for AWSAWS Config