Audit | CloudTrail

Overview

AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.

AWS CloudTrail overview

This service will be configured to enable auditing of all AWS services in all accounts. Once enabled, as shown in the below presented figure, CloudTrail will deliver all events from all accounts to the Security account in order to have a centralized way to audit operations on AWS resources. Audit events will be available from CloudTrail for 90 days but a longer retention time will be available through a centralized S3 bucket.

Figure: AWS CloudTrail components architecture diagram (just as reference). (Source: binbash Leverage diagrams, accessed July 6^th 2022).

IaC Terraform Codebase <>

• binbash-management account | Audit: Cloudtrail
  • Code: management/us-east-1/security-audit
• binbash-security account | Audit: Cloudtrail & S3 Bucket
  • Code: security/us-east-1/security-audit
• binbash-shared account | Audit: Cloudtrail
  • Code: shared/us-east-1/security-audit
• binbash-apps-devstg account | Audit: Cloudtrail
  • Code: apps-devstg/us-east-1/security-audit
• binbash-apps-prd account | Audit: Cloudtrail
  • Code: apps-prd/us-east-1/security-audit
• binbash-network account | Audit: Cloudtrail
  • Code: network/us-east-1/security-audit

Read more

AWS reference links

Consider the following AWS official links as reference:

• AWS Cloudtrail Overview