AWS CloudTrail Console

登錄到AWS Management Console，然後打開CloudTrail console，點擊Get Stared Now按鈕，填充表單即可。CloudTail將日誌保存在S3中，建議使用新的S3 Buket。Advanced中還有log file prefix,log file validation,Amazon SNS notifications選項。CloudTrail存儲多個事件在一個日誌文件中，SNS notification每個文件發送一次通知，而不是每個事件。

AWS CLI

Create a trail

# Create a single-region trail
# The specified S3 bucket must already exist and have the appropriate CloudTrail permissions applied.

$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket

# Create a trail that applies to all regions

$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket --is-multi-region-trail

Start logging

After the create-trail command completes, run the start-logging command to start logging for that trail.When you create a trail with the CloudTrail console or the create-subscription command, logging is turned on automatically.

$ aws cloudtrail start-logging --name my-trail

Stop logging

$ aws cloudtrail stop-logging --name my-trail

Update Trail

# Converting a multi-region trail to a single-region trail

$ aws cloudtrail update-trail --name my-trail --no-is-multi-region-trail

# Enabling log file validation

$ aws cloudtrail update-trail --name my-trail --enable-log-file-validation

Get trail status

$ aws cloudtrail get-trail-status --name my-trail

Retrieve trail settings

$ aws cloudtrail describe-trails

Delete a trail

$ aws cloudtrail delete-trail --name my-trail

刪除trail不會刪除S3和SNS topic

Creating and Updating a Trail with the CloudTrail Console
Creating and Updating a Trail with the AWS Command Line Interface

AWS學習筆記(五)--啟用CloudTrail記錄AWS 賬戶操作日誌