Monitor API Calls Made to an AWS Account with CloudTrail
In this lab, you’ll practice configuring AWS CloudTrail to monitor API calls made to your AWS Account. When you’re finished with this lab, you’ll have real world experience configuring AWS CloudTrail to help you safeguard your AWS Accounts.
Terms and conditions apply.
Challenge
Create and Monitor a CloudTrail Trail Using Read and Write Events
You’ll learn how to set up CloudTrail to monitor API calls made to your AWS Account. The trail will be set up to monitor for read/write events. You’ll verify the trail by performing an action against your account and see the event in the console.
Challenge
Edit and Monitor a CloudTrail Trail Configured to Capture Data Events
You’ll learn how to edit an existing CloudTrail to monitor for data events executed against S3 buckets. You’ll verify the trail by performing an action against your account and see the event in the console.
Challenge
Edit a CloudTrail Trail to Send Output to CloudWatch
You’ll learn how to edit an existing CloudTrail to allow its monitoring results to be viewed in CloudWatch. You’ll make an API call to your AWS Account and confirm the event information can be found and viewed within CloudWatch.
Challenge
Validate CloudTrail Log File Integrity
You’ll learn how to validate the integrity of your CloudTrail log file. You will verify that the Log File Validation setting is enabled, and make a CLI call to verify that your log file is valid.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- AWS CLI
- AWS S3
- AWS IAM