AWS Activity Help
Introduction
This user guide can be used as a self-help tool to help troubleshoot any issues users encounter during post-onboarding when configuring activity for AWS cloud accounts.
AWS activity can be tracked through AWS CloudTrail, a cloud service that helps you enable operational and risk auditing, governance, and compliance of your AWS cloud account(s).
AWS Activity - Management Event Logging
The CloudTrails that have Write-only management events need to be configured to ensure that API operations (such as Create, Update, and Delete) that modify AWS resources are captured, while Read-only events (such as Login, Describe or List actions) are excluded. Configuring CloudTrails that have Read-only or any other events will not be supported by CoreStack.
Perform the following steps to configure Write-only management events:
-
On the AWS Management console, go to CloudTrail and then select Trails.
-
Locate the pre-existing trail that you want to configure.
-
Under the Trail Details section, locate the Management Event section and click Edit.
-
In the API activity field, ensure that only the Write option is selected.
-
Click Save changes.
By configuring the trail to log Write-only management events, the CloudTrail logs are focused on significant actions that will impact AWS resources. This configuration also enhances security monitoring by capturing changes made to your environment.
AWS Activity – Enabling an Existing CloudTrail
If you already have an existing CloudTrail selected for an AWS cloud account in the platform, you should be all set to receive activity information. But if CloudTrail is ever in the stop logging state, you may not be able to pull any information.
To overcome this issue, you need to enable logging on the same CloudTrail that was chosen in a particular region during the post-onboarding configuration steps to start receiving activity updates.
To enable logging:
-
In the AWS portal, click CloudTrail > Trails.
-
On the top-right side of the screen, click Start logging.
-
Once the required configurations in the AWS portal are done, you can return to the platform and go to Governance > Account Governance > Cloud Accounts. The Account Governance Dashboard appears.
-
In the AWS tab, under the Actions column, click ellipses and then click Edit or View corresponding to the AWS cloud account for which you want to complete the setup.
-
If you select the View action, then you can directly go to the Cloud Account Governance page.
-
If you select the Edit action, then in the Advanced Settings > Governance Configuration section, click Edit. You will need to click Yes to proceed with editing the governance configurations. This will open the Cloud Account Governance page.
-
-
On the Cloud Account Governance page, go to CloudOps.
-
Expand the Activity section.
-
In the Activity Log Configuration section, click Configure. A dialog box appears.
-
In the Select Region list, select the relevant option(s) and then click Ok.
Next you will have to configure activity logs individually for the selected regions. -
Click Configure corresponding to a region.
-
Select either Create New or Select Existing.
- If you select Create New, then in the CloudTrail Name box, type a name for the new CloudTrail and in the Bucket Name box, type the name of the bucket. You can select Setup multi-region trail checkbox, if required, and then click Continue.
- If you choose Select Existing, then in the CloudTrail list, select an appropriate option and then click Continue.
-
Repeat steps 9 and 10 to configure other regions selected in step 8.
-
If you want to apply default template for activities to monitor your AWS setup, then select the Apply Default Template checkbox.
-
Click Validate.
-
Click Save & Exit.
Note:
If configuration is already made for activities, then you can click View to see the existing configuration or you can click Delete to remove the configuration.
AWS Activity – Creating a New CloudTrail
CloudTrail should be enabled by default for the resources running in your AWS account.
However, if there is a quota limit issue with CloudTrail in your AWS account, then you might prefer to choose another existing Trail for your onboarded AWS cloud accounts, or to delete one of your existing Trails in AWS and create a new one through the platform or the AWS portal.
To create a new CloudTrail:
- Depending on your need, login to your AWS portal and navigate to the CloudTrail section. Here you can either:
a. Identify another existing CloudTrail to use for your onboarded cloud account and take note of its details.
b. Delete and/or create a new CloudTrail to use for your onboarded cloud account (instructions for creating a new CloudTrail can be found here). - Alternatively, you can refer to the topic “AWS Activity – Enabling an Existing CloudTrail” and perform steps 3 to 14.
Updated 14 days ago