Before you begin
Before configuring AWS CloudTrail, we recommend reviewing Getting started with AWS security monitoring.
Configuring CloudTrail
- In the AWS console, navigate to the CloudTrail service.
- If this is the first time you have configured CloudTrail, select Create a trail from the welcome screen, then, in the text under Trail details, click Create trail.
- In the Trail name box, type a display name for the trail.
- In the AWS KMS Alias box, type a name to use as the alias.
- In the CloudWatch Logs section, complete the following steps:
- Under CloudWatch Logs, select the Enabled check box.
- In the Role name box, type a role name.
- Use defaults for all other configuration items.
- Click Next.
- In the Choose log events section, click the check boxes next to Management events, Data events, and Insight events.
- In the Data events section, add a data event type for each service your organization uses.
- In the Insights events section, select the check boxes next to api call rate and api error rate.
- Click Next then click Create trail.
S3 Housekeeping Lifecycle Policy
- In the AWS console, go to S3 and select the S3 bucket created for CloudTrail logging.
- Click Management, then click Create lifecycle rule.
- In the Lifecycle rule name box, type a name for the rule.
- In Lifecycle rule configuration, under Choose a rule scope, select Apply to all objects in the bucket, then click the check box next to I acknowledge that this rule will apply to all objects in the bucket.
- Under Lifecycle rule actions, click the check boxes next to Expire current versions of objects and Permanently delete noncurrent versions of objects.
- Set the rule to expire current versions of objects 1 day after object creation.
- Set the rule to permanently delete noncurrent versions of objects 1 day after objects become noncurrent.
- Click Create rule.
Now that you’ve configured CloudTrail for Blumira, continue to the next step in configuring AWS for Blumira: configure AWS CloudWatch.