Send data via CloudTrail to your Logstash instance provided by Logit.io

CloudTrail

Ship logs from CloudTrail to logstash

Step 1 - Confirm S3 Bucket

Ensure your logs are being sent to an S3 bucket. The following guide from Amazon will help you achieve this if you are not doing this already:

Cloudtrail to S3

Step 2 - Ensure Adequate Bucket Permissions

The following permissions applied to the AWS IAM Policy being used:

  • s3:ListBucket to check if the S3 bucket exists and list objects in it.
  • s3:GetObject to check object metadata and download objects from S3 buckets.

Below is how your permissions should appear:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SidID",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
             ],
            "Resource": [
                "arn:aws:s3:::your-bucket/*"
            ]
        }
    ]
 }

Step 3 - Start Sending Logs to a Stack

To start sending logs from CloudTrail to your stack you need to setup and apply an AWS input on an available stack.

Logit.io will verify your input before it is applied. This should be actioned in less than 24 hours, we will contact you to verify.

Login

expand view

Expand View

compact view

Compact View

Return to Search
Sign Up