The open source version of the AWS CloudTrail User Guide. You can submit feedback & requests for changes by submitting issues in this repo or by making proposed changes & submitting a pull request.
License: Other
This repository is archived, read-only, and no longer updated. For more information, read the announcement on the AWS News Blog.
You can find up-to-date AWS technical documentation on the AWS Documentation website, where you can also submit feedback and suggestions for improvement.
Hi,
I am looking at this page: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html for the "eventtype" attribute.
It has 3 possible values listed:
eventType
Identifies the type of event that generated the event record. This can be the one of the following values:
AwsApiCall– An API was called.AwsServiceEvent– The service generated an event related to your trail. For example, this can occur when another account made a call with a resource that you own.AwsConsoleSignin– A user in your account (root, IAM, federated, SAML, or SwitchRole) signed in to the AWS Management Console.
But when I update the alternate security contact on my AWS account, I see that the cloudtrail event record has a value of "AwsConsoleAction" for this "eventype" attribute. That value along with the definition of the scenarios when that "AwsConsoleAction" value will show up needs to be added as a 4th possible value.
Some CloudTrail recorded events have different names than the IAM privileges or API calls associated with them. For example, usage of the IAM privilege s3:ListAllMyBuckets results in a CloudTrail event record of ListBuckets. It would be helpful to have a list of translations between these as CloudTrail logs are often used to identify what IAM privileges are needed by actors, or what API calls were made.
If you have any ideas about any common troubleshooting issues, problems, or tips and tricks that should be included in the AWS CloudTrail User Guide, please let me know! I'd love to hear about your troubleshooting tips and tricks you've used to find and fix problems, your favorite CloudTrail implementation tip, what you wish you'd known when you were just getting started, or anything else you'd care to share. If you're relatively new to CloudTrail, I'd also love to hear about your experience.
Please submit a pull request as explained here: https://github.com/awsdocs/aws-cloudtrail-user-guide/blob/master/CONTRIBUTING.md
Thanks for helping improve the documentation! I look forward to hearing from you.
The current URL for CloudTrail logging in RDS is outdated can we point it to the new URL.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/logging-using-cloudtrail.html
Is there a way to ship CloudTrail logs and events to ElasticSearch service?
The page: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html contains a paragraph:
As a security best practice, add an aws:SourceArn condition key to the Amazon S3 bucket policy. The IAM global condition key aws:SourceArn helps ensure that CloudTrail writes to the S3 bucket only for a specific trail or trails. The value of aws:SourceArn is always the ARN of the trail (or array of trail ARNs) that is using the bucket to store logs. Be sure to add the aws:SourceArn condition key on S3 bucket policies for existing trails.
Which does not exist in equivalent markdown file: https://github.com/awsdocs/aws-cloudtrail-user-guide/blob/master/doc_source/create-s3-bucket-policy-for-cloudtrail.md
In the documentation for Creating a trail for an organization with the AWS Command Line Interface I created a bucket policy and run the command:
aws cloudtrail create-trail --name ct-name --s3-bucket-name bucketname --is-organization-trail --is-multi-region-trail
I get the following error:
An error occurred (InsufficientS3BucketPolicyException) when calling the CreateTrail operation: Incorrect S3 bucket policy is detected for bucket: bucketname
I've compared the sample policy in the documentation to what I updated and everything seems correct. Not sure what I'm missing.
The docs only list what services are supported in CloudTrail here: https://github.com/awsdocs/aws-cloudtrail-user-guide/blob/master/doc_source/cloudtrail-supported-services.md
You then have to try to figure out what actions of those services are recorded. It would be helpful to know all actions that are actually recorded in CloudTrail.
Can we update the URL to the correct one for ElastiCache in "cloudtrail-aws-service-specific-topics" to reference
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/logging-using-cloudtrail.html
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
