AWS CloudTrail | Getting Started Flashcards
Who should use CloudTrail?
Getting Started
AWS CloudTrail | Management Tools
Customers who need to track changes to resources, answer simple questions about user activity, demonstrate compliance, troubleshoot, or perform security analysis should use CloudTrail.
If I am a new AWS customer or existing AWS customer and don’t have CloudTrail setup, do I need to enable or setup anything to view my account activity?
Getting Started
AWS CloudTrail | Management Tools
No, nothing is required to begin viewing your account activity. You can visit the AWS CloudTrail console or AWS CLI and begin viewing up to the past 90 days of account activity.
Does the CloudTrail Event History show all account activity within my account?
Getting Started
AWS CloudTrail | Management Tools
AWS CloudTrail will only show the results of the CloudTrail Event History for the current region you are viewing for the last 90 days and support the AWS services found here. These events are limited to management events with create, modify, and delete API calls and account activity. For a complete record of account activity, including all management events, data events, and read-only activity, you’ll need to configure a CloudTrail trail.
What search filters can I use to view my account activity?
Getting Started
AWS CloudTrail | Management Tools
You can specify Time range and one of the following attributes: Event name, User name, Resource name, Event source, Event ID, and Resource type.
Can I use the lookup-events CLI command even if I don’t have a trail configured?
Getting Started
AWS CloudTrail | Management Tools
Yes, you can visit the CloudTrail console or use the CloudTrail API/CLI and begin viewing the past 90 days of account activity.
What additional CloudTrail features are available by setting up CloudTrail and creating a trail?
Getting Started
AWS CloudTrail | Management Tools
By setting up a CloudTrail trail you can deliver your CloudTrail events to Amazon S3, Amazon CloudWatch Logs, and Amazon CloudWatch Events. This enables you to leverage features to help you archive, analyze, and respond to changes in your AWS resources.
Can I restrict access for users in my account from seeing the CloudTrail Event History?
Getting Started
AWS CloudTrail | Management Tools
Yes, CloudTrail integrates with AWS Identity and Access Management (IAM), which allows you to control access to CloudTrail and to other AWS resources that CloudTrail requires, including the ability to restrict permissions to view and search account activity. This is accomplished by removing the “cloudtrail:LookupEvents” from the Users IAM policy which will then prevent that IAM user from viewing account activity.
Is there any cost associated with CloudTrail Event History being enabled on my account upon creation?
Getting Started
AWS CloudTrail | Management Tools
There is no cost for viewing or searching account activity with CloudTrail Event History.
