Why CloudTrail logs should be configured in CloudWatch?

Amazon-CloudTrail-Logs-Configuration-CloudWatch-AWS-Security

Cloud services are used to store confidential data which raises security concerns. Enterprises want to ensure that their data is always accessible as well as secure in cloud. For offline data, you can use a surveillance system or biometric to restrict the access only to authorized users but these options are not applicable to the data stored in cloud. Thus, to solve the problem of surveillance and notification, AWS offers services like CloudTrail and CloudWatch to keep tabs on the activities that happen around your data.

What is AWS CloudTrail?

AWS CloudTrail is the service that allows you to govern your account, enable operational auditing as well as risk auditing. With CloudTrail, you can monitor your account continuously and retain a log for account related activity across your AWS infrastructure. The log records the history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This history of events simplifies security analysis, tracking, and troubleshooting of resources.

What is Amazon CloudWatch?

Amazon CloudWatch, on the other hand, is used to provide you with data and actionable insights to monitor your applications, understand and respond to system-wide performance changes. It collects operational and monitoring data in the form of logs and metrics for your AWS Applications, resources, and services that are running anywhere in your AWS ecosystem. This further helps you in optimizing resource utilization and get a unified view of operational health. It can also be implemented to set high-resolution alarms, virtualize logs & metrics side-by-side, take automated actions, troubleshoot issues, and discover insights to optimize your applications and ensure they are running smoothly.

Why you should configure CloudTrail logs in CloudWatch?

On configuring CloudTrail logs in CloudWatch, you get an extra measure of security according to your preference. You can decide which one are the important trails for you and set alarms against them. Hence, with the help of notifications, monitoring reports, and auditing of trails you can monitor changes in your AWS resources, applications, and services. This configuration is also recommended for effective management of AWS infrastructure.

Leveraging Centilytics:

CloudTrail detects critical events that occur in your infrastructure while CloudWatch . Centilytics ensures that all your CloudTrails are being monitored by CloudWatch for operational auditing, risk auditing, and overall governance.

Our dedicated insight checks the configuration of your CloudTrail logs in CloudWatch. For a better understanding, we represent your settings in a tabular form with dedicated categories. You can, therefore, create an alarm according to your preferred trail and take required actions whenever critical or unusual events take place.

Insight Description:

Ok
 Ok: CloudTrail has CloudWatch logs groups configured with metric filter, alarm, and SNS topic with at least one subscriber.
Warning
Warning: For your CloudWatch alarms, either no SNS topic is created or no individual is present in the list of topic subscribers to receive the alerts.
Critical
 Critical: Delivery to CloudWatch logs are not configured.

 

Description of further columns are as follows:

1. Account Id: Shows the respective account ID of the user’s account.

Account ID CloudWatch

2.  Account Name: Shows account name corresponding to the user’s account.

Account Name CloudWatch

3.    Custom Severity Description: Shows the region-wise severity of custom description.

Custom Severity Description Cloudwatch

Filters Applicable:

Filter Name Description
Account Id Applying account Id filter will display all the public snapshots for the selected account Id.
Region Applying the region filter will display all the public snapshots corresponding to the selected region.
Severity Applying severity filter will display public snapshots according to the selected severity type. Selecting critical will display all instances with critical severity. Same will be the case for Warning and Ok severity types.
Resource Tags Applying resource tags filter will display those public snapshots which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those snapshots.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which are tagged as “environment: production”. The user can use the tag value filter only when a tag name has been provided.
Compliance Applying Compliance filter, you can further refine your security and health checks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here