CloudTrail is created to provides API (application programming interfaces) login capabilities. AWS uses APIs as the internal communication protocol. APIs give the consistent way to communicate with AWS services from different sources. For instance, suppose you want to interact programmatically with Elastic Compute Cloud or EC2 instances.
The ec2 instance is a virtual server running on AWS. AWS provides software development kits (SDK) for various modern programming languages. All of these software development kits use the same back-end API to communicate with EC2. AWS command line interface (CLI) and the AWS’s web Console, both use the same back-end API to interact with EC2.
Once configured, CloudTrail records API activities and saves those activities in an S3 bucket on your account. This contains the caller’s identity, source IP and the time of API call. CloudTrail serves a crucial collaborator when it comes to record activity in your AWS account.
How to configure CloudTrail
After logged into the main AWS web console you can find CloudTrail under management tools. Clicking on that link leads you to the CloudTrail wizard. After clicking “Get Started Now” specify the name of the trail.
If you want this trail to apply to all AWS regions, leave the radio button by default set to yes. If you want, you can initiate a new S3 bucket. You can also specify the same name as your trail name. In this case, since the name is the same, just highlight the trail name and copy, select the S3 bucket name and paste.
If you interested in advanced options, click on the advanced blue link from options. The first choice is for enabling log file validation. Selecting log file validation guarantee that you can identify if a log file was changed after CloudTrail delivered it. This is a good idea to enable it. The second option about configures a notification when a record is provided. If you are not impressed, just leave the radio button set to no.
If everything looks good, turn on the CloudTrail by clicking the blue “Turn On” button. CloudTrail is now successfully activated. You will see a running history of API activity if you open the CloudTrail in the web console next time.
This is what gets stored in the S3 bucket after configured for CloudTrail. As you may be can understand now, CloudTrail is an important security collaborator. It is so important to get CloudTrail set-up when setting an AWS account for the first time.