CloudTrail
Ship logs from CloudTrail to Logstash
Install Integration
Confirm S3 Bucket
Ensure your logs are being sent to an S3 bucket. The following guide from Amazon will help you achieve this if you are not doing this already:
Cloudtrail to S3 (opens in a new tab).
Ensure Adequate Bucket Permissions
The following permissions applied to the AWS IAM Policy being used:
s3:ListBucketto check if the S3 bucket exists and list objects in it.s3:GetObjectto check object metadata and download objects from S3 buckets.
Below is how your permissions should appear:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SidID",
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:ListBucket"],
"Resource": ["arn:aws:s3:::your-bucket/*"]
}
]
}Configure Logstash for Amazon Cloudtrail
To start sending logs and metrics from AWS to your Stack you need to configure an AWS Input on your Logit.io Stack.
Go to DashboardLogit.io will verify your input before it is applied, we will contact you to confirm when this has been completed.
Check Logit.io for your logs
Data should now have been sent to your Stack.
View My DataIf you don't see take a look at How to diagnose no data in Stack below for how to diagnose common issues.
Cloudtrail Logging Overview
Sending data to Logit.io from CloudTrail is an efficient process that ensures your AWS infrastructure remains secure and your logs are easily accessible for analysis. By configuring CloudTrail to forward logs to Logit.io, you can gain deeper insights into your AWS environment, troubleshoot issues, and proactively detect and respond to security incidents.
This approach complements the use of AWS Elastic Kubernetes Service (EKS) for container orchestration, as well as the efficient utilization of AWS Lambda for comprehensive log management.
As part of Logit.io's service for AWS logging (opens in a new tab), these integrations all work together in tandem.