The US-EAST-1 AWS Region must be used with Event Engine
AWS CloudTrail is an AWS service that helps you enable governance, compliance, risk auditing and operational auditing of your AWS Account. Actions taken by a Principal (User, Role or AWS Service) are recorded as events in CloudTrail. To learn more about AWS CloudTrail you can click on this link. Documentation on creating a Trail via the Console is located here. We will highlight the steps below.
Search for the CloudTrail Service under the Management Tools Section in the console and click on CloudTrail.
Starting the week of August 10, 2020, the new CloudTrail console becomes the default experience. You’ll still be able to switch back to the old console. However, we are going to use the new CloudTrail Console in this workshop.
Once in the CloudTrail Console, click on Trails on the Left Side of the screen.
Then Click on Create Trail, to create our trail for this lab.
Apply the following settings and create the trail
We now have a trail capturing activity in our AWS Account. Later on, we will search through our trail.
In this section, we will use the pre-defined CloudFormation template to create a set of CloudWatch Alarms to monitor for security and network related activity.
Launch the following CloudFormation template.
On the Create stack page, we will click Next.
In the Specify stack details page, we will specify a valid e-mail address and the LogGroupName we used in step 5 of the previous section. Click Next.
On the next page, leave the default options and click Next.
When you see the Create stack button, click on it.
The CloudFormation template will create various resources, including CloudWatch Alarms and an SNS Topic with a Subscription. After the CloudFormation template deployment is complete, you will receive an SNS Subscription notification. When you receive, confirm the subscription.