AWS Cloud Trail
- This helps in enabling
- governance
- compliance
- risk auditing for AWS Accounts
- Once the Cloud Trail is enabled, whenever activity occurs in AWS account, the activity is recored in Cloud trail events.
- We can search, view and download past 90 days of AWS account activity.
- Cloud Trail account types
- That applies to all regions
- That applies to one region
- Three Event Kinds
- Management Events: These events provide information about management operations on resources in AWS. These are known as control plane operations
- Data Events: These events provide information about the resource operations perform on or in resource. They are also known as data plane operations.
- Insight Events: These events capture unusal activity in your AWS accounts.
- Log Format: Refer Here
Amazon Key Management Service
- This service helps you to create, view, edit, enable and disable customer managed keys
- Customer Managed Keys can be created. The Keys are
- Symmetric
- Asymmetric
- The Keys can be used with AWS Services such as s3, lb etc and also with SDK’s
- For pricing related info Refer Here
- As a developer, you can use CMK created in applications Refer Here
- Customer keys can be imported Refer Here
