Tutorials References Exercises Videos Menu
Paid Courses Website NEW Pro NEW
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP HOW TO W3.CSS JAVA JQUERY C C++ C# R React

AWS CloudTrail and AWS Config

❮ Previous Next ❯

AWS CloudTrail and AWS Config

AWS CloudTrail and AWS Config are two services that can help you watch your serverless apps.

They give you centralized reporting.

They give you the ability to automate responses to possible security risks.

AWS CloudTrail can tell you who changed the status of your resources.

AWS Config can tell you if the changes are compliant with your policies.

Both let you take action automatically if something goes wrong.

When you establish an AWS account, CloudTrail is activated automatically.

AWS CloudTrail and AWS Config Video

W3schools.com collaborates with Amazon Web Services to deliver digital training content to our students.

AWS CloudTrail

CloudTrail keeps track of your account's user API activity.

It also provides you with detailed reports.

Request parameters and the AWS service response parts are all detailed.

CloudTrail tracks an IAM user, IAM role, AWS service actions, AWS SDK, console, CLI, and API actions.

They are all logged.

A trail might, for example, collect API Gateway API changes.

AWS Config

AWS Config allows you to inspect snapshots of your resource configuration.

It also sets rules to enforce compliance.

An AWS Config rule defines configuration settings for single AWS services or an entire AWS account.

If a resource violates a rule, AWS Config tells you through SNS.

AWS Config comes with predefined rules that you may edit.

You may also need AWS Config rules to help developers build Lambda functions.

Another feature of AWS Config is the ability to fix issues automatically.

Cloudtrail Events

Every action in your AWS account generates a CloudTrail event.

You can see recent events in the event history.

The CloudTrail event history allows you to browse, search, and download historical CloudTrail events.

Cloudtrail Trails

A trail is a configuration that enables the delivery of CloudTrail events.

It enables delivery to an Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events.

You can construct your own trail if you need to keep track of more events.

A trail records events on or inside AWS services and publishes them to an S3 bucket you designate.

A trail might capture changes to your API Gateway APIs.

Your account's Lambda functions can optionally add data events to follow S3 object-level API activity.

CloudTrail Insights can help you discover and respond to unexpected writing API activity.

Related reads:

CloudTrail Concepts
Sending CloudTrail Events to CloudWatch Logs
AWS Config Concepts

AWS Serverless Exercises

Test Yourself With Exercises

Exercise:

What is a trail?

A configuration that enables the  of CloudTrail

Start the Exercise

❮ Previous Next ❯