CloudTrail

Jan 1, 0001

Definition

AWS CloudTrail is a service that enables governance, compliance, and operational and risk auditing of your AWS account. It records AWS API calls and related events made by or on behalf of your AWS account and delivers log files to an Amazon S3 bucket. CloudTrail provides visibility into user activity by recording actions taken on your account, which can be used to detect unusual activity and troubleshoot operational issues.

Secure Settings Example

{
  "Trail": {
    "Name": "my-secure-trail",
    "S3BucketName": "my-secure-bucket",
    "IsMultiRegionTrail": true,
    "IncludeGlobalServiceEvents": true,
    "EnableLogFileValidation": true,
    "KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef"
  }
}

Insecure Settings Example

{
  "Trail": {
    "Name": "my-insecure-trail",
    "S3BucketName": "my-insecure-bucket",
    "IsMultiRegionTrail": false,
    "IncludeGlobalServiceEvents": false,
    "EnableLogFileValidation": false
  }
}

CloudTrail

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter