AWS CloudTrail | Integration with CloudWatch Logs Flashcards
I have multiple AWS accounts. I would like log files for all the accounts to be delivered to a single S3 bucket. Can I do that?
Integration with CloudWatch Logs
AWS CloudTrail | Management Tools
Yes. You can configure one S3 bucket as the destination for multiple accounts. For detailed instructions, refer to aggregating log files to a single Amazon S3 bucket section of the AWS CloudTrail User Guide.
What is CloudTrail integration with CloudWatch Logs?
Integration with CloudWatch Logs
AWS CloudTrail | Management Tools
CloudTrail integration with CloudWatch Logs delivers management and data events captured by CloudTrail to a CloudWatch Logs log stream in the CloudWatch Logs log group you specify.
What are the benefits of CloudTrail integration with CloudWatch Logs?
Integration with CloudWatch Logs
AWS CloudTrail | Management Tools
This integration enables you to receive SNS notifications of account activity captured by CloudTrail. For example, you can create CloudWatch alarms to monitor API calls that create, modify and delete Security Groups and Network ACL’s.
How do I turn on CloudTrail integration with CloudWatch Logs?
Integration with CloudWatch Logs
AWS CloudTrail | Management Tools
You can turn on CloudTrail integration with CloudWatch Logs from the CloudTrail console by specifying a CloudWatch Logs log group and an IAM role. You can also use the AWS SDKs or the AWS CLI to turn on this integration.
What happens when I turn on CloudTrail integration with CloudWatch Logs?
Integration with CloudWatch Logs
AWS CloudTrail | Management Tools
After you turn on the integration, CloudTrail continuously delivers account activity to a CloudWatch Logs log stream in the CloudWatch Logs log group you specified. CloudTrail also continues to deliver logs to your Amazon S3 bucket as before.
In which AWS regions is CloudTrail integration with CloudWatch Logs supported?
Integration with CloudWatch Logs
AWS CloudTrail | Management Tools
This integration is supported in the regions where CloudWatch Logs is supported. For more information, see Regions and Endpoints in the Amazon Web Services General Reference.
How does CloudTrail deliver events containing account activity to my CloudWatch Logs?
Integration with CloudWatch Logs
AWS CloudTrail | Management Tools
CloudTrail assumes the IAM role you specify to deliver account activity to CloudWatch Logs. You limit the IAM role to only the permissions it requires to deliver events to your CloudWatch Logs log stream. To review IAM role policy, go to the user guide of the CloudTrail documentation.