0

I am new to AWS. Can anyone please tell me how to track user activities like login, logout, other stuff etc in AWS CloudTrail. Also, I need to mention that I want to track all users activities which are in my group. Please help. Also, what kind of user activities we can track by using cloudTrail??

SONIA SINGH
  • 11
  • 1
  • Cloudtrail docs are here: https://aws.amazon.com/cloudtrail/ ask here if you have difficulties doing something in particular and what have you tried – Lev Kuznetsov Aug 23 '18 at 14:13

1 Answers1

0

With cloudtrail you could monitor all things that happens in your aws account. The cloudtrail logs are good detailed and have full information of an event, like login or user creation, for example.

In order to visualize and manage alerts, you have to develop and deploy a solution. There are a lot of solutions out there.

Check these:

https://aws.amazon.com/es/blogs/mt/monitor-changes-and-auto-enable-logging-in-aws-cloudtrail/

https://aws.amazon.com/es/blogs/big-data/streamline-aws-cloudtrail-log-visualization-using-aws-glue-and-amazon-quicksight/

In my personal experience, I deployed an ELK solution in order to analize and visualize the logs.

The solution you will deploy depends a lot of your use case. So, for example, if you need a complex systems that manage multiple alerts, notifications and complex alerts conditions, I strongly recommend that you use an ELK system. But if you just want to alert when a critical event is triggered, you could use some of the AWS-Blog solutions.

I found another solution that don't require to develop code and use only aws services:

https://github.com/awsdocs/aws-cloudtrail-user-guide/blob/master/doc_source/monitor-cloudtrail-log-files-with-cloudwatch-logs.md

Leandro Mantovani
  • 21
  • 2