Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014

3,559 views

Published on

Do you need to know who made an API call? What resources were acted upon in an API call? Do you need to find the source IP address of an API call? AWS CloudTrail helps you answer these questions. In this session we review the basics of CloudTrail and then dive into CloudTrail features. We demo solutions that you can use to analyze API activity recorded and delivered by CloudTrail. Join us if you are interested in security or compliance and how you can architect, build, and maintain compliant applications on AWS.

Published in: Technology

(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014

  1. 1. November 13 2014 | Las Vegas, Nevada Sivakanth Mundru, Amazon Web Services
  2. 2. AgendaNewNew
  3. 3. Introduction to CloudTrail Customers are making API calls... On a growing set of services around the world… CloudTrail is continuously recording API calls… And delivering log files to customers
  4. 4. Use cases enabled by CloudTrail
  5. 5. CloudTrail Regional Availability
  6. 6. AWS Services supported by CloudTrail 7 8 16 21 24 0 5 10 15 20 25 30 # of AWS Services Quarter/Year Q4 2013 Q1 2014 Q2 2014 Q3 2014 Q4 2014
  7. 7. What can you answer using a CloudTrail event? •Who •When •What •Which •Where
  8. 8. Who made the API call?
  9. 9. Example 1:Who?
  10. 10. Example 2:Who?
  11. 11. When? and What? •When was the API call made? •What was the API call made?
  12. 12. Which resources?, Where from? and Where to? •Which resources were acted up on in the API call? •Where was the API call made from and made to?
  13. 13. Client Errors, Server Errors & Authorization failures
  14. 14. Aggregate log files across regions and accounts
  15. 15. Amazon SNS notifications for log file delivery
  16. 16. CloudTrail Customer Story Steve Toback Cloud Architect, Merck and Company
  17. 17. Build Applications that process CloudTrail log files
  18. 18. How does CloudTrail Processing Library work? AWS CloudTrail Amazon SNS Amazon SQS S3 Bucket Amazon DynamoDB Amazon Redshift Third Party Amazon CloudWatch Amazon SNS AWS CloudTrail Processing Library
  19. 19. Sample CloudTrail Processing Library Code publicvoidprocess(List<CloudTrailEvent> events) { for(CloudTrailEvent event : events) { CloudTrailEventData data = event.getEventData(); if(data.getEventSource().equals("ec2.amazonaws.com") && data.getEventName().equals("ModifyVpcAttribute")) { System.out.println("Processing event: "+ data.getRequestId()); sns.publish(myQueueArn, "{ "+ "'requestId'= '"+ data.getRequestId() + "',"+ "'request'= '"+ data.getRequestParameters() + "',"+ "'response' = '"+ data.getResponseElements() + "',"+ "'source'= '"+ data.getEventSource() + "',"+ "'eventName'= '"+ data.getEventName() + "'"+ "}"); } } } •Source available on GitHub and distributed under Apache 2.0 license
  20. 20. AWS Technology Partner solutions integrated with CloudTrail
  21. 21. AWS Consulting Partner solutions integrated with CloudTrail
  22. 22. CloudTrail integration with CloudWatch Logs
  23. 23. Demo: Receive notifications for failed console sign-in events
  24. 24. More Examples of Metric Filters
  25. 25. Additional ResourcesCloudTrail Detail PageCloudTrail FAQsCloudTrail PartnersCloudTrail Processing Library on GitHubCloudTrail documentation user guideSecurity at scale: Logging in AWS white paper
  26. 26. http://bit.ly/awsevals

×