Review CloudTrail

CloudTrail is a web service which effectively records AWS API calls for an account, as well as delivers log files directly to you when needed. AWS CloudTrail records the identity and IP address of the API caller, the time of the API call, the request parameters, and the response elements returned by the AWS Service.

Before you are able to review your CloudTrail logs, first you must turn on AWS as well as activate our portal under Account Management. To learn more, go to:

How to add or manage AWS Account

To review you CloudTrail log from the Main Menu, select CloudTrail.

On the CloudTrail page is information from the current day, including:

A visual map representation of the origin of the API calls, total calls per event, as well as 5 most active users.

On the bottom table are the details of CloudTrail calls.

To search CloudTrail log for specific information, use the filters on the top panel.

Simply specify you filter criteria and click Filter.

Most of the filter options are self-explanatory, however the first three require additional attention

Event By – This defines whether data is filtered by event name (Name) or by groups (Group)

When Name is selected, the Event Name drop-down list activates. From that list, choose the event name you are looking for or leave Any to search across all events.

When Group is selected, the Group drop-down list activates. Groups are lists of actions grouped into one event. There are three predefined groups:

Additionally, customized groups of actions can be created. To create a new group, click Edit Group.

To add new group, click Add New Group, enter group name, check the action to include in this group, and click Save.

To edit or delete existing group in the top table, click Edit or Delete respectively.