image
hands-on labMonitoring AWS CloudTrail management events with Amazon CloudWatch Logs
Beginner
1h 15m
10,605
4.2/5
Start lab
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab steps
Logging In to the Amazon Web Services Console
Creating a CloudTrail trail integrated with CloudWatch Logs
Generating CloudTrail management events
Configuring a CloudWatch alarm on CloudTrail management events
Lab description

AWS CloudTrail is a service that enables you to log and monitor activity in an AWS account. CloudTrail events are delivered to an S3 bucket and are also available for viewing from the CloudTrail console. AWS CloudTrail can be configured to send events to CloudWatch where log events can be further monitored and audited for compliance.

In a use case that involves tracking and auditing account activity, AWS CloudTrail and Amazon CloudWatch have the following responsibilities:

  • AWS CloudTrail tracks API activity within an AWS account
  • Amazon CloudWatch Logs stores event logs and is capable of triggering downstream notifications and processes using alarms

In this lab, you will create a CloudTrail trail integrated with CloudWatch Logs. You will configure the CloudWatch metric filters and alarms to send notifications based on certain management events.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

  • Configure a trail to capture management events and deliver log files to an S3 bucket
  • Integrate the trail with CloudWatch Logs
  • Generate management events by launching an Amazon EC2 instance
  • Configure a CloudWatch metric filter and alarm

Intended audiences

  • Candidates for the AWS Certified Security - Specialty Certification
  • Cloud Architects
  • Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:
  • AWS CloudTrail
The following content can be used to fulfill the prerequisites:

Updates

May 7th, 2023 - Updated instructions to specify Linux AMI

March 20th, 2023 - Updated lab content, lab step order, and topics covered

December 18th, 2022 - Updated the instructions and screenshots to reflect the latest UI

June 13, 2022 - Updated instructions and screenshots to reflect the new launch instance wizard

May 11, 2022 - Updated instructions & screenshots

May 9th, 2022 - Updated lab security policy to support the new requirements for enabling CloudWatch logs from CloudTrail

August 13th, 2020 - Modified instructions to let students know that certain warning messages can be ignored

June 4th, 2020 - Modified the CloudTrail Trail validation check to be more tolerant of name and region variations

June 3rd, 2020 - Addressed an issue with the IAM policy

June 28th, 2019 - Added more S3 permissions to suppress S3 error messages that appear during the lab and improved instructions related to opening log files

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

Environment before
environment before preview
Environment after
environment after preview
About the author
Avatar
Greg DeRenne
Lab Research dev
Students
74,168
Labs
8

Greg has been a consistent high performer for pioneering technologies in the wireless web industries with an illustrious career that is a testament to his breadth of knowledge. Dabbling with MS Azure, at Cloud Academy, Greg really thrives on evangelizing the benefits of Amazon Web Services. A dedicated and passionate professional who learns new and emerging technologies quickly, Greg always ensures the highest quality and caliber of everything he produces.

Covered topics
Amazon Web Services
Development for AWS
Security for AWS
Storage for AWS
Monitoring for AWS
Management for AWS
Amazon Simple Notification Service (SNS)
Amazon CloudWatch
Amazon S3
AWS CloudTrail
Messaging
Management
Development
Security
Storage
Monitoring
High Availability