Exploring AWS CloudTrail | Scribe

    Exploring AWS CloudTrail

    • Hafeez Baig |
    • 24 steps |
    • 2 minutes
    information ordinal icon

    Refer to the following guide to learn how to use IAM in the cloud\ <https://scribehow.com/shared/Creating_an_IAM_User_and_User_Group_in_AWS_Management_Console__hWNiiXlcRJKFqYZZEJD-cg>

    1

    Sign in to **AWS Management Console** as an **IAM User** **Pre-requisite** - Ensure you have selected the AWS region closest to your location\ For this guide, we will be using us-east-2 (Ohio) as a preferred choice

    2

    Type **CloudTrail** in the search bar and click on **CloudTrail** to view the CloudTrail Dashboard

    information ordinal icon

    **What is CloudTrail in AWS?** It is a service provided by Amazon Web Services (AWS) that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It records all API calls made on your account and delivers the log files to your Amazon S3 bucket.

    3

    On the **CloudTrail** dashboard click on the **Trails** from the left bar

    4

    **Trails** wizard will open, click on the **Create trail** button on the right side

    5

    **Choose trail attributes** wizard will open, give **Trail name** as "**cloudtrail-management-events**" and select the option **Create new S3 bucket** for **Storage location**

    6

    Scroll to the **Trail log bucket and folder section,** type "**aws-cloudtrail-management-events-in28minutes**" in the text input field and tick the checkbox **Enabled** for **Log file SSE-KMS encryption**

    information ordinal icon

    **What is Log file SSE-KMS encryption?** Log file SSE-KMS encryption refers to encrypting log files using the AWS Key Management Service (KMS) when using Server-Side Encryption (SSE) for Amazon Simple Storage Service (S3).

    7

    Scroll to the **Customer managed AWS KMS key** section and select the **New** radio button and type "**cloudtrail-kms-key"** in the text input field

    8

    Scroll the page and click on the **Next** button

    9

    **Choose log events** wizard will open, scroll to the **Management events** section and tick the checkbox **Write** for **API activity** then click on the **Next** button

    10

    **Review and create** wizard will open, review the settings and click on **Create trial** button

    11

    Trail successfully created

    information ordinal icon

    Congratulations, the CloudTrail trail has been successfully created!

    12

    On the **Trails** dashboard, click on the **aws-cloudtrial-management-events-in28minutes** link from the **S3 bucket**

    13

    **Amazon S3** dashboard will open, scroll the page and click on the **CloudTrail/** folder link

    14

    **CloudTrail/** wizard will open, click on the Folder Name **us-east-2/**

    15

    **us-east-2/** wizard will open, click on the Folder Name **2024/**

    16

    **2024/** wizard will open, click on the Folder Name **03/**