AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.In addition, you can use CloudTrail to detect unusual activity in your AWS accounts.
CloudTrail captures actions made directly by the user or on behalf of the user by an AWS service. For example, an AWS CloudFormation CreateStack call can result in additional API calls to Amazon EC2, Amazon RDS, Amazon EBS, or other services as required by the AWS CloudFormation template.
- Login to aws portal.
- Click on Services.
- Under Management & Governance select CloudTrail.
- Click on Create a trail.
- Provide CloudTrail name.
- Click on Create Trail.
- CloudTrail created successfully.
- Click on New CloudTrail name.
- Click on CloudWatch logs Edit option.
- Enable CloudWatch logs.
- Create or Select exiting logs group name.
- Create or Select existing IAM role.
- Click on Save Changes.
Create CloudTrail using Shell
- Setup aws-cli on your system so click on link https://www.hackerxone.com/blog/how-install-configure-aws-cli-ubuntu-1804
- Run the following command:
aws cloudtrail create-trail –name Trail-name –s3-bucket-name bucket-name [–is-multi-region-trail | –no-is-multi-region-trail] [–enable-log-file-validation | –no-enable-log-file-validation] [–include-global-service-events | –no-include-global-service-events] [–sns-topic-name <value>] [–is-organization-trail | –no-is-organization-trail] [–cloud-watch-logs-log-group-arn <value>] [–cloud-watch-logs-role-arn <value>]