I am writing an application to monitor my resources in AWS. If any changes happen to my resources in Cloud either manually or due to some other changes in Cloud, I need to monitor my application and pull the latest changes.
Want to know, All resources in AWS support Cloud Trail and Cloud watch meaning, If I do changes in AWS resources, Does it notify me?
Any way to find the resources supports or tracks via Cloud trial / Cloud Watch?
With AWS Cloudtrail, you can log
Management Events: • Operations that are performed on resources in your AWS account • Examples: • Configuring security (IAM AttachRolePolicy) • Configuring rules for routing data (Amazon EC2 CreateSubnet) • Setting up logging (AWS CloudTrail CreateTrail) • By default, trails are configured to log management events. • Can separate Read Events (that don’t modify resources) from Write Events (that may modify resources)
Data Events: • By default, data events are not logged (because of high-volume operations) • Amazon S3 object-level activity (ex: GetObject, DeleteObject, PutObject): can separate Read and Write Events • AWS Lambda function execution activity (the Invoke API)
Now the type of trail you are creating is based on your requirement, you can log all of these data to s3, publish to cloudwatch log groups, and create some alarms on your event on a specific event. Publishing to cloudwatch or s3 happens every 5 minutes from Cloudtrail. You can log all of the region resource management events from one Cloudtrail trail.
Watch this video on AWS Cloudtrail https://youtu.be/8yXnQhZd7yg
AWS Config would give you a timeline of all of the resource changes, mostly used for compliance purposes, and would be the costly approach to do so. Cloudtrail is going to be way cheaper with far greater control.
