CloudTrail logs for GitHub self-hosted runner
Hi AWS, I have a GitHub self-hosted runner installed (Windows) installed on Amazon EC2. I have noticed that the runner is Offline and when I login into the server I figured out that somebody has deleted the windows service for GitHub runner which is not ideal in a production set up. I know that there is a _diag folder which captures the logs for the runner https://github.com/orgs/community/discussions/25538 but I want to get more details who has deleted the runner. Is there a way that we can figure that out using CloudTrail. Please guide.
- Newest
- Most votes
- Most comments
When activity occurs in your AWS account, that activity is recorded in a CloudTrail event. You can view the past 90 days of recorded API activity (management events) in an AWS Region in the CloudTrail console by going to Event history.
Anything that happens on a Windows Server will not be captured by cloudtrail. You will need to review the operating system logs.
Relevant content
- asked 4 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
@Gary Mclean, so you mean to say we need to track such activities though OS logs or we need to implement some kind of
Alert mechanismto figure out who stopped the runner service and deleted it which brings the self-hosted runner configured on EC2 in Offline state.