Investigating CloudTrail Logs
Not once raised the issue of security in the AWS in a particular context. Bad guys hate logs. Bad guys delete logs. So first of all protect your logs for at least of necessary:
1. Enable CloudTrail Log File Integrity.
2. Minimizing access to the S3 bucket
3. Minimizing access to the API CloudTrail.
4. Pull the logs in a central repository
Cloudtrail logs keep a record of all calls API AWS and will help you answer the key questions of safety and regulatory compliance. Analysis of the log can and should be automated.
It is obvious, yet important topic. Account is divided into regions, and if the IAM-users, for example, the entire account, you have instances and politicians – no. The same CloudTrail can be configured not to include all regions. This point should be remembered and control.