Cloudtrail
- All the
AWShistory and events are stored here, including - Console
- SDK
- CLI
- AWS Service
Cloudtrailis enabled by default- Can put the logs to
CloudWatch Logs - Example, if need to trace, who change the resource, need to go to
Cloudtrail - The logs are encrypted by default
- By default
Cloudtrail Logsare encrypted byS3 Server Side Encryption - Also we can use
KMSfor encryption - Enabling
Cloudtrail Log File Integrityensure - Non compliance log
- Generate public and private key of the logs
- Put the digest in separate folder
Cloudtrail Global Event Logscan only done byAWS CLI, notConsole- To monitor
APIcalls in theRedshift Cluster, need to useCloudtrail