DEV Community

Cover image for Log API Calls using AWS CloudTrail
Sulaiman Olubiyi
Sulaiman Olubiyi

Posted on

2

Log API Calls using AWS CloudTrail

Enhanced governance, compliance, operational and risk auditing of your AWS account can be achieved with the aid of AWS CloudTrail.
A user, role, or AWS service's actions are referred to as events in CloudTrail. AWS Management Console, AWS CLI, and AWS SDKs and APIs are sources where events can occur.

CloudTrail stores API calls and activities on the accounts, which include;

  • Management events: include activities on the control plane such as creating IAM, EC2 instance, and interacting with AWS services on the management level

  • Data events: include data events such as Lambda invocation, SNS and SQS, and interaction between AWS services.

Detailed steps in creating CloudTrail for your AWS account:

  1. Hover to the search bar on the AWS Console, type CloudTrail then click on the **create a trail **as shown below;

Cloudtrail Figure 1

  1. Input the relevant parameters, including the trail name and storage bucket

Cloudtrail Figure 2

  1. The JSON Policy for IAMRole for the CloudTrail to access CloudWatch logs
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "AWSCloudTrailCreateLogStream2014110",
    "Effect": "Allow",
    "Action": [
    "logs:CreateLogStream"
    ],
    "Resource": [
    "arn:aws:logs:us-east-1:014285054687:log-group:CloudTrailRoleForCloudWatchLogs-Douxtech:log-stream:014285054687_CloudTrail_us-east-1*",
    "arn:aws:logs:us-east-1:014285054687:log-group:CloudTrailRoleForCloudWatchLogs-Douxtech:log-stream:o-je4worq6xn_*"
    ]
    },
    {
    "Sid": "AWSCloudTrailPutLogEvents20141101",
    "Effect": "Allow",
    "Action": [
    "logs:PutLogEvents"
    ],
    "Resource": [
    "arn:aws:logs:us-east-1:014285054687:log-group:CloudTrailRoleForCloudWatchLogs-Douxtech:log-stream:014285054687_CloudTrail_us-east-1*",
    "arn:aws:logs:us-east-1:014285054687:log-group:CloudTrailRoleForCloudWatchLogs-Douxtech:log-stream:o-je4worq6xn_*"
    ]
    }
    ]
    }

  2. Choose the respective events desired for the cloud trail, either management or data events with the corresponding aws service.

Cloudtrail Figure 3

Cloudtrail Figure 4

  1. The Cloudtrail has been successfully deployed, and the relevant logs streams are shown below.

Cloudtrail Figure 5

Cloudtrail Figure 6

Voilaaa !!!, I hope you find it insightful and am waiting for your feedback.

AWS GenAI LIVE image

How is generative AI increasing efficiency?

Join AWS GenAI LIVE! to find out how gen AI is reshaping productivity, streamlining processes, and driving innovation.

Learn more

Top comments (0)

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay