How to control actions on the S3 bucket and Alerts with CloudWatch and CloudTrail

In this article, I am going to show how to create a CloudTrail trail that tracks the activity of an S3 bucket. We will then create a CloudWatch log group to search through the activity logs that describe the API actions on that S3 bucket. Additionally, we will create a CloudWatch metric filter and CloudWatch alarm to notify us whenever there are uploads or downloads of an S3 object on that bucket.

Please visit my GitHub Repository for S3 articles on various topics being updated on constant basis.

Let’s get started!

Objectives:

1. Create S3 bucket and Upload Objects

2. Create a CloudTrail Trail

3. Create and Configure a CloudWatch Log Group with Your CloudTrail Trail

4. Create and Configure a CloudWatch Alarm with Your CloudTrail Trail

Pre-requisites:

• AWS user account with admin access, not a root account.

Resources Used:

What is Amazon CloudWatch?

What Is AWS CloudTrail?

What is Amazon SNS?

Steps for implementation to this project:

1. Create S3 bucket and Upload Objects

• Create a simple s3 bucket - mybucket-123456
• Upload a file - 000-employee-1

2. Create a CloudTrail Trail

• Create a CloudTrail Trail - s3-bucket-123456-trail for the Data Events in S3 bucket

3. Create and Configure a CloudWatch Log Group with Your CloudTrail Trail

• setup CloudWatch Logs

• Configure a CloudWatch Log Group with Your CloudTrail Trail

1. upload a new file into s3 bucket

2. view Cloudwatch log events

3. Create filter

4. Test Pattern Results

• Found 6 matches out of 11 event(s) in the sample log.

• Next

5. Assign Filter

• Next

• Summary

• Create metric filter

4. Create and Configure a CloudWatch Alarm with Your CloudTrail Trail

• Create Alarm

• confirm your email

• Confirm Subscription

• Next

• Click Next
• Click Create Alarm

Cleanup

• Delete S3 bucket
• Delete CloudTrail
• Delete Cloudwatch

What we have done so far

• we have created and configured a CloudTrail trail and a CloudWatch Logs log stream in order to set up monitoring and access alerts for an S3 bucket.
• Specifically, we have created the trail for monitoring access to the S3 bucket, the CloudWatch Logs log stream to allow searching and filtering of the logs, and then a CloudWatch metric filter and alarm on that metric filter to generate an alert whenever there is any access to an S3 bucket.