Amazon CloudTrail integration into CloudWatch is a security best practice

Amazon-CloudTrail-integration-in-CloudWatch_Cloud-Security

Amazon CloudTrail and CloudWatch are two security pillars of your cloud. Majorly they must maintain logs, create metrics of sign-ins and notify the subscribed user about sign-ins. This way the user can react immediately. Since the reach of these two is incomparable, you can subscribe to them and have their services in more than 32 assigned regions. To ensure that Amazon CloudTrail and CloudWatch perform their duty without any delay, ensure that CloudTrail logs are delivered to CloudWatch alarms. For their configuration, you need to check their integrated status.

How to monitor Amazon CloudTrail Log files with Amazon CloudWatch Logs?

  1. First, you need to configure your trails to send log events to CloudWatch Logs.
  2. To evaluate log events for matches in terms, phrases or values, define the CloudWatch metric filters. For example, you can monitor events in Console Login.
  3. Assign CloudWatch metrics to the metric filter.
  4. Create CloudWatch alarms which are triggered by the thresholds and time periods specified by you. You can set up alarms to get notified when alarms are triggered so that you can take the required action.
  5. You can also automate a particular action in response to a particular alarm by configuring CloudWatch.

How Centilytics helps you in monitoring configuration status?

Centilytics have a dedicated insight to check whether CloudWatch logs are configured or not. It saves your time and effort to not look around in AWS console. Even if it stops due to an error it will indicate its severity and warn you about the configuration. So, your data always get protected and you get notified about every update.

Insight Description:

OK
 OK: Amazon CloudTrail has CloudWatch logs groups configured with metric filter, alarm, SNS topic with at least one subscriber.
Warning
Warning: For your CloudWatch alarms, either no SNS topic is created or no individual is present in the list of topic subscribers to receive the alerts.
Critical
 Critical: Delivery to CloudWatch logs not configured

 

Description of further columns are as follows:

Account Id: Shows the respective account ID of the user’s account.

Account ID

Account Name: Shows corresponding account name to the user’s account.

Account Name

Region: This column shows the region of your instance where it has been used.

Region

Identifier: Shows you the service with its trial name.

Identifier

Trail Name: Shows the name of the trail that you have entered while creating your trial.

Trail Name

Bucket Name: Show the bucket name that you have specified to receive the log files.

Bucket Name

Latest CloudWatch Delivery Time: Shows the time and date when your last logs were sent to the storage S3 bucket.

Latest Cloud Trail Delivery

Filters Applicable:

Filter Name Description
Account Id Applying account Id filter will display all the public snapshots for the selected account Id.
Region Applying the region filter will display all the public snapshots corresponding to the selected region.
Severity Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all instances with critical severity. Same will be the case for Warning and Ok severity types.
Resource Tags Applying resource tags filter will display those public snapshots which have been assigned the selected resource tag. For e.g., If the user has tagged some public snapshots by a resource tag named environment, then selecting an environment from the resource tags filter will display all those snapshots.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment:production). Hence, the user can view data of all the resources which are tagged as “environment: production”. The user can use the tag value filter only when a tag name has been provided.
Compliance Applying Compliance filter, you can further refine your security and health checks.

 

Learn about AWS security best practices here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here