AWS CloudTrail

AWS CloudTrail is a service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.

Event history provides a viewable, searchable, downloadable, and immutable record of the past 90 days of management events in an AWS Region

Integration Method: API

Tables: Account Change, Authentication, API Activity

Event Types: API activity (createTrail, createMFA, createAccessKey), Console Login, Assume Role

AWS Configuration

DataBee fetches Event History logs via API. AWS client access key and secret key are required for configuration. Follow the instructions mentioned here to get access and secret key.

Data source can be configured after getting client access key, client secret key. Once we are on data source API ingest config page

DataBee Configuration

1. Log into the DataBee console, navigate to Data and click on Add New Data Source.

2. Search for AWS Cloud Trail and click it

3. Select API Ingest

4. In the configuration dialog box, fill in the following:

• Access key: Paste the AWS client access key

• Secret key: Paste the AWS client secret key

• Session token can be left empty

• AWS region – region

• Service name: “cloudtrail”

• API_URL: Replacethe <aws-region> placeholder with the region