AWS Access control alerts with CloudWatch and CloudTrail

Lab Details

  1. This lab walks you through the steps to create a Cloudtrail and CloudWatch log group , while also creating a metric filter to receive an alarm from CloudWatch via SNS topic.

  2. Duration: 1 hour

  3. AWS Region: US East (N. Virginia) us-east-1

Introduction

Cloudwatch

  1. AWS Cloudwatch is the service that is used to monitor and collect the metrics from services periodically. This helps provide a clear picture for the users to understand how the resources are performing.

  2. It collects data in the form of logs, events and metrics and provides you with an organized view of AWS resources, services and applications that run on AWS.

  3. You can use CloudWatch to detect anomalous behavior in your environments and to set alarms, You can visualize data from the logs and take actions to troubleshoot the issue.

  4. You can monitor AWS resources such as Amazon EC2, Amazon RDS, Amazon DynamoDB tables, and many others using CloudWatch.

  5. You can monitor resource utilization in your account by setting up rules and events tto stop or terminate underutilized resources, reducing unnecessary cost.

  6. In Autoscaling, servers are stopped or launched based on the events we create in CloudWatch.

  7. CloudWatch also offers a feature to store logs for the services running in our account. For example, the logs for lambda functions will be stored within log groups in CloudWatch. Here we can get a detailed error log from any specific function.

CloudTrail

  1. AWS CloudTrail is a service that helps us monitor, survey, and audit our AWS Account. 

  2. With the help of AWS CloudTrail, the user will be able to log, monitor, and retain account activity associated with actions across the AWS infrastructure. 

  3. CloudTrail provides complete account activity of the Amazon Web Services. CloudTrail also manages the functions performed with the help of the AWS Management Console, program line tools, AWS SDKs, and various other AWS services.

  4. This event history simplifies security analysis, resource amendment trailing, and troubleshooting.

Architecture Diagram

     

Task Details

  1. Launching Lab Environment

  2. Creating a CloudTrail 

  3. Creating Metric Filters for Log Groups in Cloudwatch

  4. Creating an Alarm.

  5. Creating an EC2 instance to Trigger our alarm.

  6. Validation of the lab