AWS General Knowledge

Question 1

What is ARN?

Answer 1

Amazon Resource Name.

Uniquely identifies resources within any AWS accounts. You can use wildcards to refer to a group of resources.

Question 2

What are ARN parts explained?

arn:aws:s3:east-us1:jas-gt-1:asd-es-5-pics/es-5-20210598.png

Answer 2

arn: partition:service:region:account-id:resource-id
arn: partition:service:region:account-id:resource-type/resource-id
arn: partition:service:region:account-id:resource-type:resource-id

Question 3

Is CloudWatch Logs a Private or Public service?

Answer 3

Public

Question 4

What is CloudWatch Logs used for?

Answer 4

Store, Monitor and Access logging data

Question 5

How can CloudWatch Logs integrate with other AWS services?

Answer 5

AWS Service Integrations or Unified CloudWatch Agent

Question 6

In CloudWatch Logs, What are Log Groups?

Answer 6

A group of Log Streams.

Question 7

Where do you apply Retention and Persmissions for CloudWatch logs?

Answer 7

At the Log Group level

Question 8

What is CloudTrail used for?

Answer 8

CloudTrail logs API actions which affects AWS accounts

Question 9

What are the different types of events in CloudTrail?

Answer 9

Management events provide information about management operations that are performed on resources in your AWS account. These are also known as control plane operations.
Data events provide information about the resource operations performed on or in a resource. These are also known as data plane operations. Data events are often high-volume activities.
CloudTrail Insights events capture unusual activity in your AWS account. If you have Insights events enabled, and CloudTrail detects unusual activity, Insights events are logged to a different folder or prefix in the destination S3 bucket for your trail

Question 10

What is a CloudTrail Trail?

Answer 10

A trail is a configuration that enables delivery of CloudTrail events to an Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events. You can use a trail to filter the CloudTrail events you want delivered, encrypt your CloudTrail event log files with an AWS KMS key, and set up Amazon SNS notifications for log file delivery.

Question 11

Are CloudTrail Trails regional or global?

Answer 11

A trail can be applied to all Regions or a single Region. As a best practice, create a trail that applies to all Regions in the AWS partition in which you are working. This is the default setting when you create a trail in the CloudTrail console.

Question 12

By default, What is the CloudTrail Event History time limit?

Answer 12

90 days; if you wish to store beyond that you need to create a Trail to store events in S3.

Question 13

In CloudTrail; What is an Organization Trail?

Answer 13

An organization trail is a configuration that enables delivery of CloudTrail events in the management account and all member accounts in an AWS Organizations organization to the same Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events. Creating an organization trail helps you define a uniform event logging strategy for your organization.

Question 14

What types of events are enabled by default in CloudTrail?

Answer 14

Management events only.

Question 15

Name some services that log events as Global Services in CloudTrail

Answer 15

IAM, STS, CloudFront log events as global events on us-east-1

Question 16

Can you enable CloudTrail for real time logging?

Answer 16

No. There is a delay usually +/- 15 min of account activity