AWS CloudTrail
Hands-On
Demo
In this demo, we will:
- Create an S3 bucket for CloudTrail logs
- Set up a CloudTrail trail
- Configure CloudWatch Logs integration
- Generate sample API activity
- Analyze CloudTrail logs
- Test the setup
- Clean up resources
Agenda
Demo Overview
my-cloudtrail-logs-456444Create S3 bucket
Create CloudTrail trail
my-first-trail
my-aws-kms-key
Choose log events
Management events
Review and create
Create trail
Edit CloudWatch Logs
Test
Create test bucket
test-bucket-987928
Create Test User
test-user
Create user
CloudTrail Event history
Open S3 Log
Search
test-user
Check CloudWatch Logs
{$.userIdentity.userName = "test-user"}Search for the Test User
Clean Up
Delete trail
Delete Test Bucket
Empty CloudTrail Bucket
permanently delete
Delete CloudTrail Bucket
Empty CloudWatch Bucket
permanently delete
Delete the Bucket
Delete CloudWatch Log Group
Delete Test User
test-user
Delete IAM Role
CloudTrail_CloudWatchLogs_Role
Delete KMS Key
7
