How To Create A New Trail In AWS CloudTrail

How To Create A New Trail In AWS CloudTrail

How To Create A New Trail In AWS CloudTrail

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed how to filter CloudTrail events using API.

https://cloudaffaire.com/how-to-get-aws-cloudtrail-events-using-api/

In today’s blog post, we will discuss how to create a new trail in AWS CloudTrail using AWS CLI. You might be wondering why we need to create a new trail when we know that CloudTrail is enabled by default and captures all API activity. Well, creating a new trail has some benefits like you can record events beyond 90 days or send logs to CloudWatch logs for later analysis.

You can create a new trail with below scopes:

  • Regional CloudTrail: When you create a trail that applies to one region, CloudTrail records the events in that region only. It then delivers the CloudTrail event log files to an Amazon S3 bucket that you specify.
  • Global CloudTrail: When you create a trail that applies to all regions, CloudTrail records events in each region and delivers the CloudTrail event log files to an S3 bucket that you specify.
  • Organizational CloudTrail: If you have created an organization in AWS Organizations, you can also create a trail that will log all events for all AWS accounts in that organization. This is referred to as an organization trail. Organization trails can apply to all AWS Regions or one Region.

How To Create A New Trail In AWS CloudTrail:

Prerequisites:

  • AWS CLI installed and configured with proper access.

You can use below link to install and configure AWS CLI.

https://cloudaffaire.com/how-to-install-aws-cli/

https://cloudaffaire.com/how-to-configure-aws-cli/

How To Create A New Single Region Trail In AWS CloudTrail Using AWS CLI

Observe, Logging for the new trail that we just created is in disabled state. Next, we are going to enable logging for this new trails.

How To Start Logging Of Trail In AWS CloudTrail Using AWS CLI:

Next, we are going to update the Trail and make it Global (For all region)

How To Update Trail In AWS CloudTrail From Single Region To Multi-Region Using AWS CLI

Observe, as the logs are generated, you get a separate directory for each region in the path <se_bucket>/AWSLogs/<account_id>/CloudTrail/

Next, we are going to enable log file validation for our trail. Log file validation is used to determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it.

How To Enable Log File Validation For CloudTrail In AWS Using AWS CLI

How To Stop Logging For CloudTrail Using AWS CLI

How To Convery Multi-Region Trail To Single-Region Trail Using AWS CLI

How To Delete Trail Using AWS CLI

Hope you have enjoyed this article. To know more about AWS CloudTrail, please refer below official documentation

https://docs.aws.amazon.com/cloudtrail/index.html

Leave a Reply

Close Menu