Monitoring AWS CloudTrail Events with Amazon CloudWatch

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Creating Your First Trail
lock
Generating and Viewing Events
lock
Configuring CloudTrail to Log to a CloudWatch Log Group
lock
Configuring a Metric Filter and Alarm for Testing and Troubleshooting
lock
Configuring CloudWatch for EC2 Alarms and Testing with CloudTrail

The hands-on lab is part of these learning paths

DevOps Engineer – Professional Certification Preparation for AWS
course-steps
35
certification
6
lab-steps
18
quiz-steps
2
description
3
Security - Specialty Certification Preparation for AWS
course-steps
23
certification
2
lab-steps
12
quiz-steps
4
GDPR: Using AWS Compliance Enabling Services
course-steps
7
certification
1
lab-steps
2
quiz-steps
2
AWS Cloud Management Tools
course-steps
4
certification
1
lab-steps
5
quiz-steps
2
AWS Services Monitoring & Auditing
course-steps
6
certification
1
lab-steps
3
quiz-steps
2
more_horizSee 3 more

Ready for the real environment experience?

DifficultyBeginner
Time Limit2h 15m
Students3421
Ratings
4.3/5
starstarstarstarstar-half

Description

AWS CloudTrail is a service that enables you to log, monitor, and capture API-related events across your AWS infrastructure and most AWS services. Events that CloudTrail captures get delivered to an S3 bucket, and are also available for viewing from the CloudTrail console. CloudTrail captures, creates, modifies, and deletes API calls triggered from the console, API, command line tools, or even other AWS services. Optionally, CloudTrail can be configured to send events to CloudWatch as well (and this Lab does indeed tackle that, too). Typical use cases for CloudTrail, operating with CloudWatch, are monitoring, auditing, and security (governance, compliance, analysis).

It is important to know that CloudTrail is not a replacement for CloudWatch. It simply adds to the monitoring capabilities offered by AWS. Notice the focus for each service:

  • CloudTrail focuses on API activity
  • CloudWatch focuses on performance monitoring and overall system health

Prerequisites

Although this is a beginner level Lab, it is on the more challenging side for beginners (almost intermediate ;-). You should be familiar with AWS basics including:

  • Using the AWS Console
  • S3 (bucket and folder creation, uploading files to S3)
  • EC2 (creating and launching a basic instance)
  • Conceptual understanding of CloudWatch and Simple Notification Service (SNS)

Learning Objectives

Upon completion of this Lab, you will be able to:

  • Turn on and configure CloudTrail to capture key events and deliver log files to a specific S3 bucket
  • Navigate the S3 bucket structure where CloudTrail logs are stored (as compressed JSON files)
  • Generate traffic in order to verify CloudTrail is working
  • Use the CloudTrail console to learn more about the events CloudTrail captures
  • Configure CloudTrail to send events to CloudWatch
  • Create a metric filter and alarm so that you receive a notification when specific events occur in AWS

Lab Environment

After completing the lab instructions the environment will look similar to:

 

Updates

August 13th, 2020 - Modified instructions to let students know that certain warning messages can be ignored

June 4th, 2020 - Modified the CloudTrail Trail validation check to be more tolerant of name and region variations

June 3rd, 2020 - Addressed an issue with the IAM policy

June 28th, 2019 - Added more S3 permissions to suppress S3 error messages that appear during the lab and improved instructions related to opening log files

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

About the Author
Students26703
Labs10

Greg has been a consistent high performer for pioneering technologies in the wireless web industries with an illustrious career that is a testament to his breadth of knowledge. Dabbling with MS Azure, at Cloud Academy, Greg really thrives on evangelizing the benefits of Amazon Web Services. A dedicated and passionate professional who learns new and emerging technologies quickly, Greg always ensures the highest quality and caliber of everything he produces.