Before you begin
Before configuring AWS CloudTrail, we recommend reviewing Getting started with Blumira's AWS security monitoring.
CloudTrail Configuration
- In the AWS console, navigate to the CloudTrail service. If this is the first time you have configured CloudTrail, select Create a trail from the welcome screen.
Note: If you have already used CloudTrail in your environment, you can skip to Step 3.
- From the “Quick Trail” configuration screen, select Create full trail.
- Open CloudTrail from the AWS console and select Create trail
- Enter the configuration for CloudWatch logs to enable sending CloudTrail logs to CloudWatch, allowing the service to create a service role to enable CloudTrail the permissions to put log data into the CloudWatch log group.
- Click Next.
- Select which types of CloudTrail events to log. Blumira recommends: Management events, Insights events, and Data events including S3, Lambda, and DynamoDB.
- Click Create trail.
S3 Housekeeping Lifecycle Policy
- In the AWS console, go to S3 and select the S3 bucket created for CloudTrail logging.
- Select the management tab and click Create lifecycle rule.
- Enter a name for the lifecycle rule and under Choose a rule scope, select the radio button to apply the rule to all objects in the bucket.
- Set the lifecycle policy to expire current versions of objects and permanently delete any previous version of objects after 1 day.
- Click Create rule.
Now that you’ve configured CloudTrail for Blumira, continue to the next step in configuring AWS for Blumira: configure AWS CloudWatch.