What is AWS CloudTrail?
AWS CloudTrail is a service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Its main function is to keep a continuous log of anything a user does or looks at that is related to the AWS Management Console. Using AWS CloudTrail is an AWS best practice.
How does it work?
AWS CloudTrail turns on by default when you create your AWS account, and keeps 90 days of history in the console. Trails are the configurations that enable the delivery of events to an Amazon S3 bucket that you specify. These trails are the key way that users can archive, analyze or respond to changes in your AWS resources.
What best practices does JetSweep recommend?
- Send trails to an S3 bucket for long-term storage. This will allow users to have a better understanding of long-term activity. S3 buckets allow you to provide third-party access to other security services, like CloudCheckr.
- Enable encryption.
- Enable log validation to ensure that all logs remain accurate and unchanged.
What are the key security benefits?
AWS CloudTrail allows users to gain visibility into their environment – any changes made, who made them, and more. This visibility is useful for auditing your environment and is key to understanding how to reverse any issues that arise with your environment.
How do we help our managed services customers use AWS CloudTrail?
When we help managed services customers tackle security, we often recommend using CloudCheckr, a tool that provides total visibility into a user’s environment. AWS CloudTrail is a requirement for using CloudCheckr, so we often help customers get fully set up. First, we help customers create the S3 bucket for long-term storage of the event history. We then connect it to CloudCheckr. Insights from CloudCheckr, using the logs, can help us improve your security posture and reduce costs.