AWS Access control alerts with CloudWatch and CloudTrail

Lab Details

  1. This lab walks you through the steps to create a Cloudtrail and CloudWatch log group , while also creating a metric filter to receive an alarm from CloudWatch via SNS topic.

  2. Duration: 1 hour

  3. AWS Region: US East (N. Virginia)



  1. AWS Cloudwatch is the service that is used to monitor and collect the metrics from services periodically. This helps provide a clear picture for the users to understand how the resources are performing.

  2. It collects data in the form of logs, events and metrics and provides you with an organized view of AWS resources, services and applications that run on AWS.

  3. You can use CloudWatch to detect anomalous behavior in your environments and to set alarms, You can visualize data from the logs and take actions to troubleshoot the issue.

  4. You can monitor AWS resources such as Amazon EC2, Amazon RDS, Amazon DynamoDB tables, and many others using CloudWatch.

  5. You can monitor resource utilization in your account by setting up rules and events tto stop or terminate underutilized resources, reducing unnecessary cost.

  6. In Autoscaling, servers are stopped or launched based on the events we create in CloudWatch.

  7. CloudWatch also offers a feature to store logs for the services running in our account. For example, the logs for lambda functions will be stored within log groups in CloudWatch. Here we can get a detailed error log from any specific function.


  1. AWS CloudTrail is a service that helps us monitor, survey, and audit our AWS Account. 

  2. With the help of AWS CloudTrail, the user will be able to log, monitor, and retain account activity associated with actions across the AWS infrastructure. 

  3. CloudTrail provides complete account activity of the Amazon Web Services. CloudTrail also manages the functions performed with the help of the AWS Management Console, program line tools, AWS SDKs, and various other AWS services.

  4. This event history simplifies security analysis, resource amendment trailing, and troubleshooting.


  1. Creating a CloudTrail instance and collect the logs in an S3 bucket

  2. Creating Log groups to collect the CloudTrail metrics 

  3. Creating metric filters to filter on a pattern in the logs

  4. Creating SNS topics to be notified when a filter metric triggers an alarm.

  5. Testing the above steps by creating an EC2 instance and stopping the instance a couple of times to trigger an alarm.

Architecture Diagram