SlideShare une entreprise Scribd logo

(SEC318) AWS CloudTrail Deep Dive

Amazon Web Services
Amazon Web Services

"Ever wondered how can you find out which user made a particular API call, when the call was made, and which resources were acted upon? In this session, you will learn how to turn on AWS CloudTrail for hundreds of AWS accounts in all AWS regions to ensure you have full visibility into API activity in all your AWS accounts. We will demonstrate how to use CloudTrail Lookup in the AWS Management Console to troubleshoot operational and security issues and how to use the AWS CLI or SDKs to integrate your applications with CloudTrail. We will also demonstrate how you can monitor for specific API activity by using Amazon CloudWatch and receive email notifications, when such activity occurs. Using CloudTrail Lookup and CloudWatch Alarms, you can take immediate action to quickly remediate any security or operational issues. We will also share best practices and ready-to-use scripts, and dive deep into new features that help you configure additional layers of security for CloudTrail log files."

Technologie
1  sur  51
Télécharger pour lire hors ligne
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sivakanth Mundru, Product Manager, AWS CloudTrail October 2015 SEC318 AWS CloudTrail Deep Dive
What to Expect from the Session  Introduction to AWS CloudTrail and use cases  Deep dives on use cases  CloudTrail for multiple AWS accounts  Encryption using KMS New and Log file integrity validation New  AWS Partner solutions integrated with CloudTrail
Introduction to AWS CloudTrail Store/ Archive Troubleshoot Monitor & Alarm You are making API calls... On a growing set of AWS services around the world.. CloudTrail is continuously recording API calls
Use cases enabled by CloudTrail  IT and security administrators can perform security analysis  IT administrators and DevOps engineers can track changes to AWS resources  DevOps engineers can troubleshoot operational issues  IT Auditors can use log files as a compliance aid Security at Scale: Logging in AWS White Paper
CloudTrail Availability & Service Coverage
What can you answer using a CloudTrail event?  Who made the API call?  When was the API call made?  What was the API call?  Which resources were acted up on in the API call?  Where was the API call made from and made to?
What does an event look like? { "eventVersion": "1.01", "userIdentity": { "type": "IAMUser", // Who? "principalId": "AIDAJDPLRKLG7UEXAMPLE", "arn": "arn:aws:iam::123456789012:user/Alice", //Who? "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "Alice", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2014-03-18T14:29:23Z" } } }, "eventTime": "2014-03-18T14:30:07Z", //When? "eventSource": "cloudtrail.amazonaws.com", "eventName": "StartLogging", //What? "awsRegion": "us-west-2",//Where to? "sourceIPAddress": "72.21.198.64", // Where from? "userAgent": "AWSConsole, aws-sdk-java/1.4.5 Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx", "requestParameters": { "name": "Default“ // Which resource? }, // more event details }
Getting Started
Turn on CloudTrail
Turn on CloudTrail
Turn on CloudTrail using AWS CLI Step 1: Create a trail $ aws cloudtrail create-trail --region=eu-central-1 --name ITAuditandOpsTrail --s3-bucket mybucket Step 2: Start logging on the trail $ aws cloudtrail start-logging --region=eu-central-1 --name ITAuditandOpsTrail
CloudTrail log files as compliance aid I need CloudTrail logs for entire month of Jan 2015 Lifecycle Policies
Monitor and Receive Notifications
What type of events should I monitor for?  You can monitor any specific event recorded by CloudTrail and receive notification from CloudWatch  Monitor for security or network related events that are likely to have a high blast radius  Popular examples based on customer feedback 1. Creation, deletion and modification of security groups and VPCs 2. Changes to IAM policies or S3 bucket policies 3. Failed AWS Management Console sign-in events 4. API calls that resulted in authorization failures 5. Launching, terminating, stopping, starting and rebooting EC2 instances  Fully defined and pre-built CloudFormation template to get started
Receive email notifications of specific API activity
How to configure CloudWatch Alarms?  Step 1: Configure CloudTrail to deliver logs to CloudWatch Logs $ aws cloudtrail update-trail --name mytrail --cloud-watch-logs-log-group-arn arn:aws:logs:us-west 2:111111111111:log group:CloudTrail/DefaultLogGroup12345:* --cloud-watch-logs-role-arn arn:aws:iam::111111111111:role/CloudTrail_CloudWatchLog s_Role
How to configure CloudWatch Alarms?  Step 2: Get started with a pre-built CloudFormation template $ aws cloudformation create-stack myCTCWAlarms --template-url CloudFormation_Template -–parameters ParameterKey=Email, ParameterValue=myemail@mydomain.com ParameterKey=LogGroupName, ParameterValue=CloudTrail/DefaultLogGroup12345
What does an email notification look like?
Troubleshoot operational and security issues
Troubleshooting operational and security issues  Look up CloudTrail events related to creation, deletion and modification of AWS resources  Look up events for the last 7 days  Filter events using one of the six different filters  Time range  User name  Resource name  Resource type  Event name  Event ID
Look up events in the CloudTrail console
Event detail view in the CloudTrail console
Look up events using the AWS CLI  List all events for the last 7 days $ aws cloudtrail lookup-events --output json  List all events where user name is root $ aws cloudtrail lookup-events --lookup-attributes AttributeKey=Username, AttributeValue=root --output=json  List all events where the Resource type is EC2 Instance $ aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceType, AttributeValue=AWS::EC2::Instance --output=json
CloudTrail – Multiple AWS Accounts
Aggregate log files across multiple accounts in one bucket  You have multiple AWS accounts  You need to aggregate log files for all AWS accounts into one S3 bucket  You can configure CloudTrail to deliver log files for all of your AWS accounts to one S3 bucket  Files will be arranged per account and region in the S3 bucket for easier future access  <bucket_name>/optional_prefix_name/AWSLogs/Account_ID/CloudTrail/region/ YYYY/MM/DD/file_name.json.gz
How to aggregate log files across multiple accounts?  Step 1: Configure the S3 bucket policy //Partial S3 bucket policy shown below "Action": "s3:PutObject", "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/myAccountID/*", "Condition": { "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control" } } If you have 3 accounts, add three lines that correspond to those three accounts to the bucket policy "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/111111111111/*", "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/222222222222/*", "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/333333333333/*" Step 2: Turn on CloudTrail for three accounts in all regions
Encrypted CloudTrail log files New
Encrypted CloudTrail log files using SSE-KMS  By default, CloudTrail encrypts log files using S3 server side encryption  Additional layer of security for your log files by encrypting with your KMS key  Application logic for ingesting and processing log files stays the same  S3 will decrypt on your behalf if your credentials have decrypt permissions
Encrypting your log files using SSE KMS Encrypted CloudTrail log files Step 4: S3 GetObject API call Step 5: Decrypted CloudTrail log files Step 1: Create or use an existing KMS Key and apply policy Step 2: Grant decrypt access to log readers Step 3: Specify KMS key to CloudTrail
How to encrypt CloudTrail log files using your KMS Key?  Step 1: Create a KMS key and apply the correct Key Policy $ aws kms create-key $ aws kms put-key-policy --key-id arn:aws:kms:us-west- 2:111111111111:key/example-7ce3-41e9-a4a3- 167example --policy-name default -–policy file://</local/directory>
How to encrypt CloudTrail log files using KMS? Step 2: Grant decrypt access to users, roles or groups that access CloudTrail log files Attach this policy to IAM user Bob or IAM group or role CloudTrail-log-readers { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kms:Decrypt", "Resource": "arn:aws:kms:us-west- 2::111111111111:key/example-7ce3-41e9-a4a3-167example" } ] }
How to encrypt CloudTrail log files using KMS? Step 3: Update your trail to provide the KMS encryption key to CloudTrail $ aws cloudtrail update-trail --region=us-west-2 --name Trail-Name --kms-key-id arn:aws:kms:us-west- 2:111111111111:key/example-7ce3-41e9- a4a3-167example
Encrypt log files for multiple accounts using one KMS key  Step 1: Update the key policy to allow CloudTrail to use the key for multiple accounts //Partial KMS key policy Action": "kms:GenerateDataKey*", "Resource": "*", "Condition": { "StringLike": { "kms:EncryptionContext:aws:cloudtrail:arn": [ "arn:aws:cloudtrail:*:111111111111:trail/*", "arn:aws:cloudtrail:*:222222222222:trail/*“, "arn:aws:cloudtrail:*:333333333333:trail/*" ] } }
Encrypt log files for multiple accounts using one KMS key Step 2: Update trail in accounts 222222222222 and 33333333333 with the key belonging to account 111111111111 $ aws cloudtrail update-trail --region=us-west-2 --name Trail-account222222222222 --kms-key-id arn:aws:kms:us-west-2::111111111111:key/example-7ce3- 41e9-a4a3-167example $ aws cloudtrail update-trail --region=us-west-2 --name Trail-account333333333333 --kms-key-id arn:aws:kms:us-west-2::111111111111:key/example-7ce3- 41e9-a4a3-167example
Validate the integrity of log files New
CloudTrail log file integrity validation  Validate that a log file has not been changed since CloudTrail delivered the log file to your S3 bucket  Detect whether a log file was deleted or modified or unchanged  Use the tool as an aid in your IT security, audit and compliance processes
CloudTrail log file integrity validation  Enable digest file delivery on your trail aws cloudtrail update-trail --region=us-west-2 --name trail-name --enable-log-file-validation CloudTrail will start delivering digest files on an hourly basis  Digest files contain hash values of log files delivered and are signed by CloudTrail  CloudTrail delivers the log files to the same S3 bucket, but a different folder structure or S3 key map  CloudTrail log files: /AWSLogs/111111111111/CloudTrail/  CloudTrail digest files: /AWSLogs/111111111111/CloudTrail-Digest/
How do I validate the integrity of the log files?  Download the latest AWS CLI or build your own tool  Ensure that you have access to CloudTrail log files stored in S3  If your log files are encrypted, you need decrypt permissions $ aws cloudtrail validate-logs --trail-arn arn:aws:cloudtrail:us-west-2:111111111111:trail/Trailname --start-time 2015-09-24T00:00:00Z --region=us-west-2
Example 1:Log files are unchanged since CloudTrail delivered $ aws cloudtrail validate-logs --trail-arn arn:aws:cloudtrail:us-west-2:111111111111:trail/Trailname --start-time 2015-09-24T00:00:00Z --region=us-west-2 Validating log files for trail arn:aws:cloudtrail:us-west- 2:111111111111:trail/Trailname between 2015-09-24T00:00:00Z and 2015-09- 25T18:56:41Z Results requested for 2015-09-24T00:00:00Z to 2015-09-25T18:56:41Z Results found for 2015-09-24T00:30:26Z to 2015-09-25T18:56:41Z: 43/43 digest files valid 31/31 log files valid
Example 2:Log file(s) are deleted since CloudTrail delivered $ aws cloudtrail validate-logs --trail-arn arn:aws:cloudtrail:us-west-2:111111111111:trail/Trailname --start-time 2015-09-24T00:00:00Z --region=us-west-2 Log file s3://mybucket-CTlogs/AWSLogs/111111111111/CloudTrail/us-west- 2/2015/09/22/111111111111_CloudTrail_us-west- 2_20150922T1720Z_Jy4SwZotr3eTI2FM.json.gz INVALID: not found Results requested for 2015-09-22T00:00:00Z to 2015-09-25T18:42:03Z Results found for 2015-09-22T00:30:26Z to 2015-09-25T18:42:03Z: 43/43 digest files valid 30/31 log files valid, 1/31 log files INVALID
Example 3:Log file(s) are modified since CloudTrail delivered $ aws cloudtrail validate-logs --trail-arn arn:aws:cloudtrail:us-west-2:111111111111:trail/Trailname --start-time 2015-09-24T00:00:00Z --region=us-west-2 Log file s3://mybucket-CTlogs/AWSLogs/111111111111/CloudTrail/us-west- 2/2015/09/25/111111111111_CloudTrail_us-west- 2_20150925T1845Z_lU58MiCsXyI1U3R1.json.gz INVALID: hash value doesn't match Results requested for 2015-09-24T00:00:00Z to 2015-09-25T21:44:50Z Results found for 2015-09-24T00:30:26Z to 2015-09-25T21:44:50Z: 45/45 digest files valid 35/36 log files valid, 1/36 log files INVALID
Partner Solutions integrated with CloudTrail
AWS Technology Partner solutions integrated with CloudTrail New
AWS Consulting Partner solutions integrated with CloudTrail
Updated Splunk integration for AWS CloudTrail
AWS CloudTrail Key Launches In 2015 Launch Date Feature Description 10/01/2015 Support for SSE KMS encryption & Log file integrity validation 09/01/2015 Support for S3 bucket level API activity 05/29/2015 Support for DynamoDB Table level API activity 05/19/2015 Support for CloudTrail integration with CloudWatch Logs in Northern California 04/09/2015 Support for Lambda, WorkSpaces, and EC2 Container Service 03/12/2015 Support for Lookup Events 03/05/2015 Support for CloudTrail integration with CloudWatch Logs in Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and EU (Frankfurt)
Related Sessions  SEC314 – AWS Config/Config Rules: Use Config Rules to Improve Governance over Configuration Changes to Your Resources  5:30 PM Thursday Palazzo K  11:30 AM Friday Marcello 4506  DVO 303: Scaling Infrastructure Operations with Service Catalog, CloudTrail and Config  9 00 AM Friday Lido 3001B  SEC403 - Timely Security Alerts and Analytics: Diving into AWS CloudTrail Events by Using Apache Spark on Amazon EMR  10 15 AM Friday Marcello 4506
I would love to see you  Turn on CloudTrail for your accounts  Monitor and alarm for API activity with high blast radius  Use Lookup Events to troubleshoot your operational issues  Provide us feedback on what we should do next
Remember to complete your evaluations!
Thank you!
Questions

Recommandé

AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
zekeLabs Technologies
 
AWS S3 and GLACIER
AWS S3 and GLACIERAWS S3 and GLACIER
AWS S3 and GLACIER
Mahesh Raj
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud Watch
zekeLabs Technologies
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
AWS Storage - S3 Fundamentals
AWS Storage - S3 FundamentalsAWS Storage - S3 Fundamentals
AWS Storage - S3 Fundamentals
Piyush Agrawal
 
AWS Elastic Load Balancing for AWS Architect & SysOps Certification
AWS Elastic Load Balancing for AWS Architect & SysOps CertificationAWS Elastic Load Balancing for AWS Architect & SysOps Certification
AWS Elastic Load Balancing for AWS Architect & SysOps Certification
Sanjay Sharma
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 

Recommandé

AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
zekeLabs Technologies
 
AWS S3 and GLACIER
AWS S3 and GLACIERAWS S3 and GLACIER
AWS S3 and GLACIER
Mahesh Raj
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud Watch
zekeLabs Technologies
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
AWS Storage - S3 Fundamentals
AWS Storage - S3 FundamentalsAWS Storage - S3 Fundamentals
AWS Storage - S3 Fundamentals
Piyush Agrawal
 
AWS Elastic Load Balancing for AWS Architect & SysOps Certification
AWS Elastic Load Balancing for AWS Architect & SysOps CertificationAWS Elastic Load Balancing for AWS Architect & SysOps Certification
AWS Elastic Load Balancing for AWS Architect & SysOps Certification
Sanjay Sharma
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 
Introduction to Amazon S3
Introduction to Amazon S3Introduction to Amazon S3
Introduction to Amazon S3
Ashay Shirwadkar
 
ABCs of AWS: S3
ABCs of AWS: S3ABCs of AWS: S3
ABCs of AWS: S3
Mark Cohen
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
Simplilearn
 
BDA311 Introduction to AWS Glue
BDA311 Introduction to AWS GlueBDA311 Introduction to AWS Glue
BDA311 Introduction to AWS Glue
Amazon Web Services
 
Introduction to AWS Glue
Introduction to AWS GlueIntroduction to AWS Glue
Introduction to AWS Glue
Amazon Web Services
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watch
Mahesh Raj
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
Amazon Web Services
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Amazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2)
zekeLabs Technologies
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems Manager
Amazon Web Services
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
Simplilearn
 
DEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLIDEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLI
Amazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
Amazon Web Services
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
Amazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
Amazon Web Services
 

Contenu connexe

Tendances

Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
Simplilearn
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2)
zekeLabs Technologies
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems Manager
Amazon Web Services
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
Simplilearn
 

Tendances (20)

Introduction to Amazon S3
Introduction to Amazon S3Introduction to Amazon S3
Introduction to Amazon S3
 
ABCs of AWS: S3
ABCs of AWS: S3ABCs of AWS: S3
ABCs of AWS: S3
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
 
BDA311 Introduction to AWS Glue
BDA311 Introduction to AWS GlueBDA311 Introduction to AWS Glue
BDA311 Introduction to AWS Glue
 
Introduction to AWS Glue
Introduction to AWS GlueIntroduction to AWS Glue
Introduction to AWS Glue
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watch
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2)
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems Manager
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
 
DEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLIDEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLI
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 

En vedette

AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
Amazon Web Services
 
AWS re:Invent 2016: Scaling Your Web Applications with AWS Elastic Beanstalk ...
AWS re:Invent 2016: Scaling Your Web Applications with AWS Elastic Beanstalk ...AWS re:Invent 2016: Scaling Your Web Applications with AWS Elastic Beanstalk ...
AWS re:Invent 2016: Scaling Your Web Applications with AWS Elastic Beanstalk ...
Amazon Web Services
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
Amazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
Amazon Web Services
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Web Services
 
AWS re:Invent 2016: From Monolithic to Microservices: Evolving Architecture P...
AWS re:Invent 2016: From Monolithic to Microservices: Evolving Architecture P...AWS re:Invent 2016: From Monolithic to Microservices: Evolving Architecture P...
AWS re:Invent 2016: From Monolithic to Microservices: Evolving Architecture P...
Amazon Web Services
 

En vedette (20)

AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Transparency and Control with AWS CloudTrail and AWS Config
Transparency and Control with AWS CloudTrail and AWS ConfigTransparency and Control with AWS CloudTrail and AWS Config
Transparency and Control with AWS CloudTrail and AWS Config
 
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
Revolutionising Cloud Operations with AWS Config, AWS CloudTrail and AWS Clou...
 
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
 
Monitoring and Alerting
Monitoring and AlertingMonitoring and Alerting
Monitoring and Alerting
 
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
 
Deployment and Management on AWS:
 A Deep Dive on Options and Tools
Deployment and Management on AWS:
 A Deep Dive on Options and ToolsDeployment and Management on AWS:
 A Deep Dive on Options and Tools
Deployment and Management on AWS:
 A Deep Dive on Options and Tools
 
AWS re:Invent 2016: Scaling Your Web Applications with AWS Elastic Beanstalk ...
AWS re:Invent 2016: Scaling Your Web Applications with AWS Elastic Beanstalk ...AWS re:Invent 2016: Scaling Your Web Applications with AWS Elastic Beanstalk ...
AWS re:Invent 2016: Scaling Your Web Applications with AWS Elastic Beanstalk ...
 
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302)
 
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
AWS re:Invent 2016: Introduction to Amazon CloudFront (CTD205)
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
 
Deep Dive: Amazon DynamoDB
Deep Dive: Amazon DynamoDBDeep Dive: Amazon DynamoDB
Deep Dive: Amazon DynamoDB
 
(DAT407) Amazon ElastiCache: Deep Dive
(DAT407) Amazon ElastiCache: Deep Dive(DAT407) Amazon ElastiCache: Deep Dive
(DAT407) Amazon ElastiCache: Deep Dive
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015
 
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
 
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
 
AWS re:Invent 2016: From Monolithic to Microservices: Evolving Architecture P...
AWS re:Invent 2016: From Monolithic to Microservices: Evolving Architecture P...AWS re:Invent 2016: From Monolithic to Microservices: Evolving Architecture P...
AWS re:Invent 2016: From Monolithic to Microservices: Evolving Architecture P...
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
 

Similaire à (SEC318) AWS CloudTrail Deep Dive

AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...
AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...
AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...
Amazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
Amazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
Amazon Web Services
 
Monitoring Containers at Scale - September Webinar Series
Monitoring Containers at Scale - September Webinar SeriesMonitoring Containers at Scale - September Webinar Series
Monitoring Containers at Scale - September Webinar Series
Amazon Web Services
 

Similaire à (SEC318) AWS CloudTrail Deep Dive (20)

AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...
AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...
AWS July Webinar Series - Troubleshooting Operational and Security Issues in ...
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
AWS Cloudtrail JSP.pptx
AWS Cloudtrail JSP.pptxAWS Cloudtrail JSP.pptx
AWS Cloudtrail JSP.pptx
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 
Easily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesEasily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS Resources
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
AWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoTAWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoT
 
Monitoring Containers at Scale - September Webinar Series
Monitoring Containers at Scale - September Webinar SeriesMonitoring Containers at Scale - September Webinar Series
Monitoring Containers at Scale - September Webinar Series
 
Using CloudTrail to Enhance Compliance and Governance of S3 - AWS Online Tech...
Using CloudTrail to Enhance Compliance and Governance of S3 - AWS Online Tech...Using CloudTrail to Enhance Compliance and Governance of S3 - AWS Online Tech...
Using CloudTrail to Enhance Compliance and Governance of S3 - AWS Online Tech...
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman Shakeel
 
Sec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) ScaleSec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) Scale
 
Aws certified security specialty practice tests 2022
Aws certified security specialty practice tests 2022Aws certified security specialty practice tests 2022
Aws certified security specialty practice tests 2022
 
AWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfAWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdf
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Dernier (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

(SEC318) AWS CloudTrail Deep Dive

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sivakanth Mundru, Product Manager, AWS CloudTrail October 2015 SEC318 AWS CloudTrail Deep Dive
  • 2. What to Expect from the Session  Introduction to AWS CloudTrail and use cases  Deep dives on use cases  CloudTrail for multiple AWS accounts  Encryption using KMS New and Log file integrity validation New  AWS Partner solutions integrated with CloudTrail
  • 3. Introduction to AWS CloudTrail Store/ Archive Troubleshoot Monitor & Alarm You are making API calls... On a growing set of AWS services around the world.. CloudTrail is continuously recording API calls
  • 4. Use cases enabled by CloudTrail  IT and security administrators can perform security analysis  IT administrators and DevOps engineers can track changes to AWS resources  DevOps engineers can troubleshoot operational issues  IT Auditors can use log files as a compliance aid Security at Scale: Logging in AWS White Paper
  • 5. CloudTrail Availability & Service Coverage
  • 6. What can you answer using a CloudTrail event?  Who made the API call?  When was the API call made?  What was the API call?  Which resources were acted up on in the API call?  Where was the API call made from and made to?
  • 7. What does an event look like? { "eventVersion": "1.01", "userIdentity": { "type": "IAMUser", // Who? "principalId": "AIDAJDPLRKLG7UEXAMPLE", "arn": "arn:aws:iam::123456789012:user/Alice", //Who? "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "Alice", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2014-03-18T14:29:23Z" } } }, "eventTime": "2014-03-18T14:30:07Z", //When? "eventSource": "cloudtrail.amazonaws.com", "eventName": "StartLogging", //What? "awsRegion": "us-west-2",//Where to? "sourceIPAddress": "72.21.198.64", // Where from? "userAgent": "AWSConsole, aws-sdk-java/1.4.5 Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx", "requestParameters": { "name": "Default“ // Which resource? }, // more event details }
  • 11. Turn on CloudTrail using AWS CLI Step 1: Create a trail $ aws cloudtrail create-trail --region=eu-central-1 --name ITAuditandOpsTrail --s3-bucket mybucket Step 2: Start logging on the trail $ aws cloudtrail start-logging --region=eu-central-1 --name ITAuditandOpsTrail
  • 12. CloudTrail log files as compliance aid I need CloudTrail logs for entire month of Jan 2015 Lifecycle Policies
  • 13. Monitor and Receive Notifications
  • 14. What type of events should I monitor for?  You can monitor any specific event recorded by CloudTrail and receive notification from CloudWatch  Monitor for security or network related events that are likely to have a high blast radius  Popular examples based on customer feedback 1. Creation, deletion and modification of security groups and VPCs 2. Changes to IAM policies or S3 bucket policies 3. Failed AWS Management Console sign-in events 4. API calls that resulted in authorization failures 5. Launching, terminating, stopping, starting and rebooting EC2 instances  Fully defined and pre-built CloudFormation template to get started
  • 15. Receive email notifications of specific API activity
  • 16. How to configure CloudWatch Alarms?  Step 1: Configure CloudTrail to deliver logs to CloudWatch Logs $ aws cloudtrail update-trail --name mytrail --cloud-watch-logs-log-group-arn arn:aws:logs:us-west 2:111111111111:log group:CloudTrail/DefaultLogGroup12345:* --cloud-watch-logs-role-arn arn:aws:iam::111111111111:role/CloudTrail_CloudWatchLog s_Role
  • 17. How to configure CloudWatch Alarms?  Step 2: Get started with a pre-built CloudFormation template $ aws cloudformation create-stack myCTCWAlarms --template-url CloudFormation_Template -–parameters ParameterKey=Email, ParameterValue=myemail@mydomain.com ParameterKey=LogGroupName, ParameterValue=CloudTrail/DefaultLogGroup12345
  • 18. What does an email notification look like?
  • 20. Troubleshooting operational and security issues  Look up CloudTrail events related to creation, deletion and modification of AWS resources  Look up events for the last 7 days  Filter events using one of the six different filters  Time range  User name  Resource name  Resource type  Event name  Event ID
  • 21. Look up events in the CloudTrail console
  • 22. Event detail view in the CloudTrail console
  • 23. Look up events using the AWS CLI  List all events for the last 7 days $ aws cloudtrail lookup-events --output json  List all events where user name is root $ aws cloudtrail lookup-events --lookup-attributes AttributeKey=Username, AttributeValue=root --output=json  List all events where the Resource type is EC2 Instance $ aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceType, AttributeValue=AWS::EC2::Instance --output=json
  • 24. CloudTrail – Multiple AWS Accounts
  • 25. Aggregate log files across multiple accounts in one bucket  You have multiple AWS accounts  You need to aggregate log files for all AWS accounts into one S3 bucket  You can configure CloudTrail to deliver log files for all of your AWS accounts to one S3 bucket  Files will be arranged per account and region in the S3 bucket for easier future access  <bucket_name>/optional_prefix_name/AWSLogs/Account_ID/CloudTrail/region/ YYYY/MM/DD/file_name.json.gz
  • 26. How to aggregate log files across multiple accounts?  Step 1: Configure the S3 bucket policy //Partial S3 bucket policy shown below "Action": "s3:PutObject", "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/myAccountID/*", "Condition": { "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control" } } If you have 3 accounts, add three lines that correspond to those three accounts to the bucket policy "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/111111111111/*", "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/222222222222/*", "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/333333333333/*" Step 2: Turn on CloudTrail for three accounts in all regions
  • 28. Encrypted CloudTrail log files using SSE-KMS  By default, CloudTrail encrypts log files using S3 server side encryption  Additional layer of security for your log files by encrypting with your KMS key  Application logic for ingesting and processing log files stays the same  S3 will decrypt on your behalf if your credentials have decrypt permissions
  • 29. Encrypting your log files using SSE KMS Encrypted CloudTrail log files Step 4: S3 GetObject API call Step 5: Decrypted CloudTrail log files Step 1: Create or use an existing KMS Key and apply policy Step 2: Grant decrypt access to log readers Step 3: Specify KMS key to CloudTrail
  • 30. How to encrypt CloudTrail log files using your KMS Key?  Step 1: Create a KMS key and apply the correct Key Policy $ aws kms create-key $ aws kms put-key-policy --key-id arn:aws:kms:us-west- 2:111111111111:key/example-7ce3-41e9-a4a3- 167example --policy-name default -–policy file://</local/directory>
  • 31. How to encrypt CloudTrail log files using KMS? Step 2: Grant decrypt access to users, roles or groups that access CloudTrail log files Attach this policy to IAM user Bob or IAM group or role CloudTrail-log-readers { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kms:Decrypt", "Resource": "arn:aws:kms:us-west- 2::111111111111:key/example-7ce3-41e9-a4a3-167example" } ] }
  • 32. How to encrypt CloudTrail log files using KMS? Step 3: Update your trail to provide the KMS encryption key to CloudTrail $ aws cloudtrail update-trail --region=us-west-2 --name Trail-Name --kms-key-id arn:aws:kms:us-west- 2:111111111111:key/example-7ce3-41e9- a4a3-167example
  • 33. Encrypt log files for multiple accounts using one KMS key  Step 1: Update the key policy to allow CloudTrail to use the key for multiple accounts //Partial KMS key policy Action": "kms:GenerateDataKey*", "Resource": "*", "Condition": { "StringLike": { "kms:EncryptionContext:aws:cloudtrail:arn": [ "arn:aws:cloudtrail:*:111111111111:trail/*", "arn:aws:cloudtrail:*:222222222222:trail/*“, "arn:aws:cloudtrail:*:333333333333:trail/*" ] } }
  • 34. Encrypt log files for multiple accounts using one KMS key Step 2: Update trail in accounts 222222222222 and 33333333333 with the key belonging to account 111111111111 $ aws cloudtrail update-trail --region=us-west-2 --name Trail-account222222222222 --kms-key-id arn:aws:kms:us-west-2::111111111111:key/example-7ce3- 41e9-a4a3-167example $ aws cloudtrail update-trail --region=us-west-2 --name Trail-account333333333333 --kms-key-id arn:aws:kms:us-west-2::111111111111:key/example-7ce3- 41e9-a4a3-167example
  • 35. Validate the integrity of log files New
  • 36. CloudTrail log file integrity validation  Validate that a log file has not been changed since CloudTrail delivered the log file to your S3 bucket  Detect whether a log file was deleted or modified or unchanged  Use the tool as an aid in your IT security, audit and compliance processes
  • 37. CloudTrail log file integrity validation  Enable digest file delivery on your trail aws cloudtrail update-trail --region=us-west-2 --name trail-name --enable-log-file-validation CloudTrail will start delivering digest files on an hourly basis  Digest files contain hash values of log files delivered and are signed by CloudTrail  CloudTrail delivers the log files to the same S3 bucket, but a different folder structure or S3 key map  CloudTrail log files: /AWSLogs/111111111111/CloudTrail/  CloudTrail digest files: /AWSLogs/111111111111/CloudTrail-Digest/
  • 38. How do I validate the integrity of the log files?  Download the latest AWS CLI or build your own tool  Ensure that you have access to CloudTrail log files stored in S3  If your log files are encrypted, you need decrypt permissions $ aws cloudtrail validate-logs --trail-arn arn:aws:cloudtrail:us-west-2:111111111111:trail/Trailname --start-time 2015-09-24T00:00:00Z --region=us-west-2
  • 39. Example 1:Log files are unchanged since CloudTrail delivered $ aws cloudtrail validate-logs --trail-arn arn:aws:cloudtrail:us-west-2:111111111111:trail/Trailname --start-time 2015-09-24T00:00:00Z --region=us-west-2 Validating log files for trail arn:aws:cloudtrail:us-west- 2:111111111111:trail/Trailname between 2015-09-24T00:00:00Z and 2015-09- 25T18:56:41Z Results requested for 2015-09-24T00:00:00Z to 2015-09-25T18:56:41Z Results found for 2015-09-24T00:30:26Z to 2015-09-25T18:56:41Z: 43/43 digest files valid 31/31 log files valid
  • 40. Example 2:Log file(s) are deleted since CloudTrail delivered $ aws cloudtrail validate-logs --trail-arn arn:aws:cloudtrail:us-west-2:111111111111:trail/Trailname --start-time 2015-09-24T00:00:00Z --region=us-west-2 Log file s3://mybucket-CTlogs/AWSLogs/111111111111/CloudTrail/us-west- 2/2015/09/22/111111111111_CloudTrail_us-west- 2_20150922T1720Z_Jy4SwZotr3eTI2FM.json.gz INVALID: not found Results requested for 2015-09-22T00:00:00Z to 2015-09-25T18:42:03Z Results found for 2015-09-22T00:30:26Z to 2015-09-25T18:42:03Z: 43/43 digest files valid 30/31 log files valid, 1/31 log files INVALID
  • 41. Example 3:Log file(s) are modified since CloudTrail delivered $ aws cloudtrail validate-logs --trail-arn arn:aws:cloudtrail:us-west-2:111111111111:trail/Trailname --start-time 2015-09-24T00:00:00Z --region=us-west-2 Log file s3://mybucket-CTlogs/AWSLogs/111111111111/CloudTrail/us-west- 2/2015/09/25/111111111111_CloudTrail_us-west- 2_20150925T1845Z_lU58MiCsXyI1U3R1.json.gz INVALID: hash value doesn't match Results requested for 2015-09-24T00:00:00Z to 2015-09-25T21:44:50Z Results found for 2015-09-24T00:30:26Z to 2015-09-25T21:44:50Z: 45/45 digest files valid 35/36 log files valid, 1/36 log files INVALID
  • 42. Partner Solutions integrated with CloudTrail
  • 43. AWS Technology Partner solutions integrated with CloudTrail New
  • 44. AWS Consulting Partner solutions integrated with CloudTrail
  • 45. Updated Splunk integration for AWS CloudTrail
  • 46. AWS CloudTrail Key Launches In 2015 Launch Date Feature Description 10/01/2015 Support for SSE KMS encryption & Log file integrity validation 09/01/2015 Support for S3 bucket level API activity 05/29/2015 Support for DynamoDB Table level API activity 05/19/2015 Support for CloudTrail integration with CloudWatch Logs in Northern California 04/09/2015 Support for Lambda, WorkSpaces, and EC2 Container Service 03/12/2015 Support for Lookup Events 03/05/2015 Support for CloudTrail integration with CloudWatch Logs in Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and EU (Frankfurt)
  • 47. Related Sessions  SEC314 – AWS Config/Config Rules: Use Config Rules to Improve Governance over Configuration Changes to Your Resources  5:30 PM Thursday Palazzo K  11:30 AM Friday Marcello 4506  DVO 303: Scaling Infrastructure Operations with Service Catalog, CloudTrail and Config  9 00 AM Friday Lido 3001B  SEC403 - Timely Security Alerts and Analytics: Diving into AWS CloudTrail Events by Using Apache Spark on Amazon EMR  10 15 AM Friday Marcello 4506
  • 48. I would love to see you  Turn on CloudTrail for your accounts  Monitor and alarm for API activity with high blast radius  Use Lookup Events to troubleshoot your operational issues  Provide us feedback on what we should do next