CloudTrail

Ship logs from CloudTrail to logstash

Step 1 - Confirm S3 Bucket

Ensure your logs are being sent to an S3 bucket. The following guide from Amazon will help you achieve this if you are not doing this already:

Cloudtrail to S3

Step 2 - Ensure Adequate Bucket Permissions

The following permissions applied to the AWS IAM Policy being used:

s3:ListBucket to check if the S3 bucket exists and list objects in it.
s3:GetObject to check object metadata and download objects from S3 buckets.

Below is how your permissions should appear:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SidID",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
             ],
            "Resource": [
                "arn:aws:s3:::your-bucket/*"
            ]
        }
    ]
 }

Step 3 - Start Sending Logs to a Stack

To start sending logs from CloudTrail to your stack you need to setup and apply an AWS input on an available stack.

Logit.io will verify your input before it is applied. This should be actioned in less than 24 hours, we will contact you to verify.

Step 4 - Check Logit.io for your logs

Now you should view your logs:

Launch Dashboard

If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.

Step 5 - Cloudtrail Logging Overview

AWS CloudTrail is a service that provides governance, compliance, operational auditing, and risk auditing of your AWS account. CloudTrail records all the API calls made in your AWS account by you, AWS services, or third-party applications, and stores the data in an S3 bucket. You can use this information for security analysis, resource change tracking, troubleshooting, and compliance auditing.

CloudTrail logs contain information such as the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. These logs are stored as JSON files and can be analyzed using Logit.io and the power of Opensearch.

CloudTrail logs can be used for a wide range of use cases, such as:

Security Analysis: You can use CloudTrail logs to monitor and analyze suspicious activity, such as unauthorized access attempts or policy changes.

Compliance Auditing: You can use CloudTrail logs to demonstrate compliance with various industry or regulatory standards, such as PCI DSS, HIPAA, or SOC 2.

Troubleshooting: You can use CloudTrail logs to troubleshoot issues, such as identifying the root cause of a resource deletion or a configuration change.

Resource Change Tracking: You can use CloudTrail logs to track changes to your AWS resources over time, such as the creation, modification, or deletion of an S3 bucket.

CloudTrail logs are an essential part of AWS security and compliance. By enabling CloudTrail, you can gain greater visibility into your AWS environment and ensure that your account remains secure and compliant.

As well as Cloudtrail’s logs, Logit.io’s centralised log management platform allows you to view RTMP & web distribution Logs.

If you need any assistance with analysing or viewing your logs we're here to help. Feel free to reach out by contacting the Logit.io support team via live chat & we'll be happy to help you get started.

Compact View