AWS study notes (5)--enable CloudTrail to record AWS account operation logs

Others 2022-05-23 12:55:22 views: 0

Where can I view the operation logs of my AWS account? The default is no logging, you need to enable CloudTrail to log.

Enabling CloudTrail is as simple as using the AWS CloudTrail Console or the AWS CLI.

 

AWS CloudTrail Console

Log in to the AWS Management Console, then open the CloudTrail console, click the Get Stared Now button, and fill out the form. CloudTail saves logs in S3, it is recommended to use the new S3 Buket. There are also log file prefix, log file validation, Amazon SNS notifications options in Advanced. CloudTrail stores multiple events in a single log file, and SNS notification sends notifications once per file, not per event.

Once enabled, you can view logs from the CloudTrail console, add, update, delete, and disable trails.

 

AWS CLI

Create a trail

# Create a single-region trail

# The specified S3 bucket must already exist and have the appropriate CloudTrail permissions applied.

$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket

 

# Create a trail that applies to all regions

$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket --is-multi-region-trail

 

Start logging

After the create-trail command completes, run the start-logging command to start logging for that trail.When you create a trail with the CloudTrail console or the create-subscription command, logging is turned on automatically.

$ aws cloudtrail start-logging --name my-trail

 

Stop logging

$ aws cloudtrail stop-logging --name my-trail

 

Update Trail

# Converting a multi-region trail to a single-region trail

$ aws cloudtrail update-trail --name my-trail --no-is-multi-region-trail

 

# Enabling log file validation

$ aws cloudtrail update-trail --name my-trail --enable-log-file-validation

 

Get trail status

$ aws cloudtrail get-trail-status --name my-trail

 

Retrieve trail settings

$ aws cloudtrail describe-trails

 

Delete a trail

$ aws cloudtrail delete-trail --name my-trail

Deleting trail does not delete S3 and SNS topic

 

Creating and Updating a Trail with the CloudTrail Console

Creating and Updating a Trail with the AWS Command Line Interface

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326774888&siteId=291194637
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com