Bootstrap FreeKB - Amazon Web Services (AWS) - Getting Started with CloudTrail
Amazon Web Services (AWS) - Getting Started with CloudTrail
Updated:   |  Amazon Web Services (AWS) articles

CloudTrail is an Amazon Web Services (AWS) service that can be used to:

  • view API requests
  • view AWS console activity
  • view AWS CLI activity

For example, let's say you use the aws s3api list-buckets command to list your S3 Buckets.

~]$ aws s3api list-buckets --profile johndoe
{
    "Buckets": [
        {
            "Name": "my-bucket-abcdefg",
            "CreationDate": "2023-06-02T02:22:19+00:00"
        }
    ],
    "Owner": {
        "DisplayName": "john.doe",
        "ID": "ab0e0a41234567893a77c82240d5abcdc41ff11c123456789c777a5123443743"
    }
}

 

Using johndoe profile.

~]$ cat /home/ec2-user/.aws/credentials
[johndoe]
aws_secret_access_key = abcdefg123456789abcdegf123456789abcdefg1
aws_access_key_id = ABCDEFG123456789ABCD

 

In the AWS CloudTrail console, there should be an event for the ListBuckets request. Here are a few examples of how to filter the results.

  • AWS access key = John Doe's access key
  • User name = john.doe
  • Event source = s3.amazonaws.com

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 240100 in the box below so that we can be sure you are a human.