AWS CloudTrail tracks all API calls for the relevant AWS Account, providing a total repository of all activity within the account. Not enabling CloudTrail means that all data older than 90 days is lost as well as making the data harder to traverse with third party tools
AWS CloudTrail logs all API calls made within your AWS environment. While CloudTrail offers logging and auditing capabilities by default, the data is only stored temporarily. Without setting up dedicated storage, there is no long-term retention of AWS API activity. In the event of a security incident, or for basic auditing and compliance reviews, it’s often necessary to access logs that go beyond the short retention period provided for free.
Additionally, the CloudTrail console lacks advanced features for rapid and detailed analysis. It’s common to need external tools for parsing and reviewing CloudTrail logs effectively. By configuring CloudTrail to store logs in an S3 bucket, you gain more robust and long-term accessibility. Storing logs in S3 also makes it easier to analyze and review them as needed over extended periods.
Though storing logs in S3 incurs costs, S3 provides lifecycle management options, allowing you to control how long logs are retained. This way, instead of being limited to the three months of retention offered by default, you can keep logs for one year, two years, five years, or longer based on your business needs. This flexibility gives you more control over your data and helps you comply with regulatory or operational requirements for log retention.
SkySiege’s AWS Vulnerability Scan automatically detects this vulnerability across all AWS Regions with the report delivered the same day.
Simply activate a CloudTrail Trail by navigating to the CloudTrail Console, selecting Trails in the side console and clicking the Create Trail option. Configure the options in the Trail Configuration Wizard to choose your storage across AWS S3 and optionally Cloudwatch Logs.
CloudTrail is the logging of all AWS API calls in relation to your AWS Account. Cloudwatch Logs is a general logging service that can be used for any manner of logs including CloudTrail’s logs. CloudTrail is not set up to store AWS API logs into Cloudwatch Logs by default, requiring instead that you specifically configure this functionality as part of a CloudTrail Trail.
CloudTrail logs are a critical resource in forensic analysis, providing a thorough history of all activity in the cloud. CloudTrail Logs are so important that we have customised tools supporting the service to better search and extract key information from the stored logs. If you have data that you wish to extract from CloudTrail then we may be able to provide the answers you’re seeking, get in touch for our Architectural Support: