Questions tagged with AWS CloudTrail

AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.

Content language: English

Select up to 5 tags to filter
Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

I'm trying to find CloudTrail events for `my-s3-bucket` which can show me which account or resource is enabling events or other properties on the bucket. I thought API calls were logged by CloudTrail...
1
answers
0
votes
433
views
Thomas
asked 6 months ago
Hi, Currently I would like to encrypt CloudTrail logs in my Root account via a KMS key managed by me. This trail exists in all my environments due to the use of Control Tower, through the Root...
1
answers
0
votes
1310
views
asked 7 months ago
We'd like to create a CloudTrail trail for management events that targets only specific type of events, for example, EBS volume creation, modification, and deletion. I do not see any option to achieve...
2
answers
1
votes
457
views
Ori
asked 7 months ago
I am following this tutorial https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-log-api-call.html. { "source": ["aws.ec2"], "detail-type": ["AWS API Call via...
1
answers
1
votes
408
views
Ori
asked 7 months ago
I possess an IAM key for which the "last used" date indicates activity 15 hours ago. Yet, upon scrutinizing the CloudTrail logs filtered by the specific AWS access key for all events, there appears to...
1
answers
0
votes
438
views
asked 7 months ago
Its an aws config managed rule, but I don't see a clear remediation process. is the only way to set up data events in cloudtrail via the console? I don't see any means in boto or the cli.
1
answers
0
votes
414
views
asked 7 months ago
1
answers
0
votes
439
views
asked 7 months ago
I have a use case to trigger a lambda function from SQS queue and get data from cloudtrail lookup events api . But the api is giving Rate exceeded error because the SQS is triggering the lambda...
2
answers
0
votes
730
views
asked 7 months ago
I have hosted a GitHub server on an instance but I want to capture the logs on the instance with a particular post 8433,How to do that?
2
answers
0
votes
484
views
flash
asked 7 months ago
``` { "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "AIDA42S2XXXXXXXXXX", "arn": "arn:aws:iam::8817318XXXXX:user/XXXXXXX", ...
1
answers
0
votes
211
views
asked 7 months ago
Hi, I configured this event pattern ``` { "$or": [{ "detail": { "eventType": ["AwsApiCall", "AwsConsoleSignIn", "AwsServiceEvent", "AwsConsoleAction", "AwsCloudTrailInsight"], ...
0
answers
1
votes
431
views
asked 7 months ago
We have an organization-wide CloudTrail which is logging events to an S3 bucket in a different account (part of the organization). By default, with S3 events turned on, this means we are getting the...
1
answers
0
votes
1164
views
JK
asked 8 months ago