Operational and Risk Auditing using AWS CloudTrail Service | Cloud With Mohsin
Hello There,
Welcome back to my youTube Channel ' Cloud With Mohsin'
I wish you all a very merry Christmas in advance !!!
In today's session we are going to cover a very interesting and useful service from AWS called as CloudTrail Service.
AWS CloudTrail is an AWS service that helps us to enable operational and risk auditing, governance, and compliance of the AWS account.
CloudTrail records user activity and API calls across AWS services as events. CloudTrail events help us to answer the question of "Who did what, where, and when?
Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
CloudTrail is enabled by default in the AWS account. When activity occurs in the AWS account, that activity is recorded in a CloudTrail event.
CloudTrail provides three ways to record events:
a. Event history: provides a record of the past 90 days of management events in an AWS Region. Events can be searched by filtering on a single attribute.
b. CloudTrail Lake:
A managed data lake for capturing, storing, accessing, and analyzing
user and API activity on AWS for audit and security purposes.
Converts existing events in row-based JSON format to Apache
ORC format. ORC is a columnar storage format that is optimized for fast
retrieval of data.
The event data can be retained for up to 3,653 days (about 10 years)
with the One-year extendable retention pricing option, or up to 2,557
days (about 7 years) with the Seven-year retention pricing option.
CloudTrail Lake event data stores and queries incur charges
c. Trails:
Trails capture a record of AWS activities, delivering and storing these
events in an Amazon S3 bucket, with optional delivery to AWS
CloudWatch Logs and Amazon EventBridge.
Trails can be created for a single AWS account or for multiple AWS
accounts by using AWS Organizations. CloudTrail records 3 types of
CloudTrail events:
1. Management events: Capture management operations performed on the AWS resources.
2. Data events: Log the resource operations performed on or within a resource.
3. Insights events: - Identify unusual activity, errors, or user behavior in the account.
Audit activity
Immutably store audit-worthy events for seven years, and validate activity events for authenticity. Easily generate audit reports required by internal policies and external regulations.
Use cases of AWS CloudTrail are as below:
Multi-cloud and multi-source
Ingest activity events from AWS and sources outside AWS, including other cloud providers, in-house applications, and SaaS applications running in the cloud or on premises.
Identify and analyze unusual activity
Detect unauthorized access and analyze activity logs using SQL-based queries. Respond with rules-based EventBridge alerts and automated workflows.
CloudTrail supports logging events and integration with many AWS services. Listed below are some of the services
Amazon Athena
Amazon CloudWatch Logs
Amazon EventBridge
AWS Organizations
Amazon API Gateway
Amazon S3
Amazon CloudFront
Amazon EC2
Amazon DynamoDB
Key Differences between CloudWatch and CloudTrail -
a. AWS CloudWatch is basically performance monitoring service whereas AWS CloudTrail is mainly used for auditing purpose that logs API calls.
b.Both of these services are enabled by default
c. While AWS CloudWatch delivers metric data within 5 minutes for basic monitoring and 1 minute for detailed monitoring, CloudTrail delivers events within 15 minutes of API calls
d. AWS CloudWatch Stores data in its dashboard in the form of metrics and logs whereas CloudTrail consolidates and stores the logs on S3 bucket ans optionally can sent data to CloudWatch logs.
I hope you will find this video useful to get some insights of AWS CloudTrail Service.
Please like,share,comments and subscribe to my YouTube Channel
'Cloud With Mohsin'
Happy Learning :)
#cloudwithmohsin
Видео Operational and Risk Auditing using AWS CloudTrail Service | Cloud With Mohsin канала cloud with mohsin
Welcome back to my youTube Channel ' Cloud With Mohsin'
I wish you all a very merry Christmas in advance !!!
In today's session we are going to cover a very interesting and useful service from AWS called as CloudTrail Service.
AWS CloudTrail is an AWS service that helps us to enable operational and risk auditing, governance, and compliance of the AWS account.
CloudTrail records user activity and API calls across AWS services as events. CloudTrail events help us to answer the question of "Who did what, where, and when?
Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
CloudTrail is enabled by default in the AWS account. When activity occurs in the AWS account, that activity is recorded in a CloudTrail event.
CloudTrail provides three ways to record events:
a. Event history: provides a record of the past 90 days of management events in an AWS Region. Events can be searched by filtering on a single attribute.
b. CloudTrail Lake:
A managed data lake for capturing, storing, accessing, and analyzing
user and API activity on AWS for audit and security purposes.
Converts existing events in row-based JSON format to Apache
ORC format. ORC is a columnar storage format that is optimized for fast
retrieval of data.
The event data can be retained for up to 3,653 days (about 10 years)
with the One-year extendable retention pricing option, or up to 2,557
days (about 7 years) with the Seven-year retention pricing option.
CloudTrail Lake event data stores and queries incur charges
c. Trails:
Trails capture a record of AWS activities, delivering and storing these
events in an Amazon S3 bucket, with optional delivery to AWS
CloudWatch Logs and Amazon EventBridge.
Trails can be created for a single AWS account or for multiple AWS
accounts by using AWS Organizations. CloudTrail records 3 types of
CloudTrail events:
1. Management events: Capture management operations performed on the AWS resources.
2. Data events: Log the resource operations performed on or within a resource.
3. Insights events: - Identify unusual activity, errors, or user behavior in the account.
Audit activity
Immutably store audit-worthy events for seven years, and validate activity events for authenticity. Easily generate audit reports required by internal policies and external regulations.
Use cases of AWS CloudTrail are as below:
Multi-cloud and multi-source
Ingest activity events from AWS and sources outside AWS, including other cloud providers, in-house applications, and SaaS applications running in the cloud or on premises.
Identify and analyze unusual activity
Detect unauthorized access and analyze activity logs using SQL-based queries. Respond with rules-based EventBridge alerts and automated workflows.
CloudTrail supports logging events and integration with many AWS services. Listed below are some of the services
Amazon Athena
Amazon CloudWatch Logs
Amazon EventBridge
AWS Organizations
Amazon API Gateway
Amazon S3
Amazon CloudFront
Amazon EC2
Amazon DynamoDB
Key Differences between CloudWatch and CloudTrail -
a. AWS CloudWatch is basically performance monitoring service whereas AWS CloudTrail is mainly used for auditing purpose that logs API calls.
b.Both of these services are enabled by default
c. While AWS CloudWatch delivers metric data within 5 minutes for basic monitoring and 1 minute for detailed monitoring, CloudTrail delivers events within 15 minutes of API calls
d. AWS CloudWatch Stores data in its dashboard in the form of metrics and logs whereas CloudTrail consolidates and stores the logs on S3 bucket ans optionally can sent data to CloudWatch logs.
I hope you will find this video useful to get some insights of AWS CloudTrail Service.
Please like,share,comments and subscribe to my YouTube Channel
'Cloud With Mohsin'
Happy Learning :)
#cloudwithmohsin
Видео Operational and Risk Auditing using AWS CloudTrail Service | Cloud With Mohsin канала cloud with mohsin
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Hands-On-Lab | AWS S3 Bucket Policy and Identity Policies
Lets create a custom VPC -part 1 | Cloud With Mohsin
2 tier system design using NAT Gateway | Cloud With Mohsin
The Ultimate Guide to Successful Transfer and Migration
Learn how to configure AWS Auto Scaling Group with demo | Cloud With Mohsin
Hands-on Lab - How to Copy AMI between AWS regions
AWS Core Services and Global Infrastructure
Demo - Enable automated backup and DB snapshots on RDS Database | Cloud With Mohsin
Surprising facts about the cloud computing#1 Choice of Processors for ec2 instances
How difficult is AWS Cloud Practitioner CLF-C02 Certification exam?
Terraform Basics | Automate your cloud infra | Cloud With Mohsin
How to create a new account on AWS cloud.
Hands On Lab - Creating a VPC Peering connection
AWS EFS Storage - Simple,Scalable and fully managed filesystem with demo!!!
What is a Virtual Private Cloud (VPC) in AWS ? | Cloud With Mohsin
Hands-On Lab | Migrating MySQL DB to Amazon Aurora DB
How to Book and Schedule AWS Certification Exam Online at home or at Pearson VUE Test Center?
Hands-on Lab | Creating DynamoDB table for absolute beginners
Cloudwatch 101 | Cloud With Mohsin
AWS Well-Architected Tool: Your Step-by-Step Guide to Cloud Optimization