Questions tagged with AWS CloudTrail
AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
I'm trying to find CloudTrail events for `my-s3-bucket` which can show me which account or resource is enabling events or other properties on the bucket. I thought API calls were logged by CloudTrail...
Hi,
Currently I would like to encrypt CloudTrail logs in my Root account via a KMS key managed by me.
This trail exists in all my environments due to the use of Control Tower, through the Root...
We'd like to create a CloudTrail trail for management events that targets only specific type of events, for example, EBS volume creation, modification, and deletion. I do not see any option to achieve...
I am following this tutorial https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-log-api-call.html.
{
"source": ["aws.ec2"],
"detail-type": ["AWS API Call via...
I possess an IAM key for which the "last used" date indicates activity 15 hours ago. Yet, upon scrutinizing the CloudTrail logs filtered by the specific AWS access key for all events, there appears to...
Its an aws config managed rule, but I don't see a clear remediation process. is the only way to set up data events in cloudtrail via the console? I don't see any means in boto or the cli.
An IAM role was created to provide the access to S3 and lake formation as per [Requirements for roles used to register...
I have a use case to trigger a lambda function from SQS queue and get data from cloudtrail lookup events api . But the api is giving Rate exceeded error because the SQS is triggering the lambda...
I have hosted a GitHub server on an instance but I want to capture the logs on the instance with a particular post 8433,How to do that?
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIDA42S2XXXXXXXXXX",
"arn": "arn:aws:iam::8817318XXXXX:user/XXXXXXX",
...
Hi,
I configured this event pattern
```
{
"$or": [{
"detail": {
"eventType": ["AwsApiCall", "AwsConsoleSignIn", "AwsServiceEvent", "AwsConsoleAction", "AwsCloudTrailInsight"],
...
We have an organization-wide CloudTrail which is logging events to an S3 bucket in a different account (part of the organization). By default, with S3 events turned on, this means we are getting the...