If you want to know what’s been going on in your AWS account, there’s a simple solution. You don’t have to add advanced analytics and thousands of notifications. You can use AWS CloudTrail for FREE.
What is AWS CloudTrail?
CloudTrail is a service that collects information about what is happening in your AWS account. Thanks to it, you can find out how the failure happened. This will allow you to quickly locate the problem and fix it. You will find out who and what did.
Every time someone changes the infrastructure, e.g. setting firewall, stopping EC2, this event will be recorded.
Also, if an unauthorized person starts using your AWS account, you will find out what they did, where they logged in from, etc. Thanks to this, you can easily investigate security breaches and find out how the failure happened.
ClodTrail creates event logs and provides log storage for free for 90 days.
You can check failed login attempts, you will find out, for example, that someone is trying to break in. You can extract information whether users use MFA.
On production systems, of course, it’s a good idea to send a copy of these logs to another account with severely restricted access. The cost of storing such logs depends on their size. For my part, I recommend creating an automatic rotation of such files. That is, new files will still be saved, and files older than the specified time will be deleted. Here you can read how to create an S3 lifecycle rule.
How long should such files be kept? This is usually determined by contracts or security people. If you are not limited by this, it is good practice to keep them for at least a year. However, this is not a rigidly defined rule.
How much does AWS CloudTrail cost?
AWS CloudTrail is available in FREE Tier. As I mentioned, storing information for 90 days is free. Older data is deleted.
You can also deliver one copy of live management events to Amazon S3 for free by creating ‘Trails’. Well, it’s free, but the cost of storage depends on how much data you have and how long you want to store it. Here you will find some more information about CloudTrails costs.
Is it worth using AWS CloudTrail?
As they say, free is a good price. Plus, it’s good to know what’s going on in your AWS account when you’re not there. Even if you have a test account, you may find it useful sometimes to analyze what you were doing and why something stopped working. It is worth getting acquainted with this service, because in production in real life you simply need to know it.
This is one of those AWS services that is worth knowing. Good to know how to use it.
By the way, if you have ‘Trails’ created, it is much easier to analyze data using CloudTrail Insights, CloudWatch – Logs Insights, Athena or some external tools. But this is material for a completely different article, which may also appear on the blog someday.
Thanks again for your time. If you like my articles, you can recommend them online. If you have any questions, comment. You can also support my YouTube channel.
By the way, you are doing a great job, read, learn, invest in yourself and your development. Knowledge can really positively change your life.