Quick Links

Integrating with AWS CloudTrail

Before you begin

Before configuring AWS CloudTrail, we recommend reviewing Getting started with AWS security monitoring.

Configuring CloudTrail

  1. In the AWS console, navigate to the CloudTrail service.
  2. If this is the first time you have configured CloudTrail, select Create a trail from the welcome screen, then, in the text under Trail details, click Create trail.

    cloudtrail-1-1024x581.png

    cloudtrail-2.png

  3. In the Trail name box, type a display name for the trail.
  4. In the AWS KMS Alias box, type a name to use as the alias.

    cloudtrail-3.png
  5. In the CloudWatch Logs section, complete the following steps:
    1. Under CloudWatch Logs, select the Enabled check box.
    2. In the Role name box, type a role name.
      cloudtrail-4.png
  6. Use defaults for all other configuration items.
  7. Click Next.
  8. In the Choose log events section, click the check boxes next to Management events, Data events, and Insight events.
    cloudtrail-5.png
  9. In the Data events section, add a data event type for each service your organization uses.
  10. In the Insights events section, select the check boxes next to api call rate and api error rate.
    Screenshot 2023-09-25 at 10.21.51 AM.png
  11. Click Next then click Create trail.

S3 Housekeeping Lifecycle Policy

  1. In the AWS console, go to S3 and select the S3 bucket created for CloudTrail logging.
  2. Click Management, then click Create lifecycle rule.

    cloudtrail-6-1024x292.png

  3. In the Lifecycle rule name box, type a name for the rule.
  4. In Lifecycle rule configuration, under Choose a rule scope, select Apply to all objects in the bucket, then click the check box next to I acknowledge that this rule will apply to all objects in the bucket.
    Screenshot 2023-09-25 at 10.26.07 AM.png
  5. Under Lifecycle rule actions, click the check boxes next to Expire current versions of objects and Permanently delete noncurrent versions of objects.
  6. Set the rule to expire current versions of objects 1 day after object creation.
  7. Set the rule to permanently delete noncurrent versions of objects 1 day after objects become noncurrent.
    Screenshot 2023-09-25 at 10.29.39 AM.png
  8. Click Create rule.

Now that you’ve configured CloudTrail for Blumira, continue to the next step in configuring AWS for Blumira: configure AWS CloudWatch.