Chapter 11: AWS CloudTrail (Tail? Tale?)
Cloud tail? (A cloud with a tail), Cloud Tale (a story about a cloud, I guess this whole blog is a AWS Tale), Tail Cloud? Yes, there is actually such a thing: And they are dangerous: http://namesofclouds.com/types-of-clouds/tail-clouds.html
"Cloud watching is really important if you reside in an area where tornadoes frequently occurs. A number of cloud formations indicate tornado development; one of which is tail clouds."
I'm enjoying Chapter 11 as it has lots of sections on different services, and they are all short :-)
Next one is on CloudTrail (so, none of the above).
Again this is a sort of obvious service. If you own all the APIs, and everything is HTTP/S then you can in theory track all calls and other meta data (who, what, when, how, why?)
What events does it collect? From the docs:
An event contains information about the associated API call: the identity of the caller, the time of the call, the source IP address, the request parameters, and the response elements returned by the AWS service. For more details, see the CloudTrail Event Reference section of the user guide.
It's not exactly real-time: CloudTrail typically delivers log files within 15 minutes of an API call.
I also wonder how it relates to other monitoring/management AWSs? Is there a complete list of related services? Also, how does it relate to X-Ray? Is X-Ray built on top of it maybe?
Here's an interesting article on hooking it up with other AWSs to actually do something useful.
A webinar
PS
I was struggling to see how CloudTrail. is useful. All it is doing is recording API calls for future analysis. This seems to be a bit "primitive" at some level. Recently I've done some experiments with using our APM+performance modelling tool for security. The idea is to build a model from a baseline of APM data assuming that there are no security or intrusion incidents. For APM and performance modelling it's critical to have visibility into transactional level dependencies. For security I suspect that the same it true. Networks are critical to everything. The idea is to compare new production transactions with the model, and if there is sufficient "difference" (in terms of path through the s/w components and times and anything else you can record (e.g. workload context, classes, apis, methods, even data), and times, then it may be an anomalous transaction. I am suspicious that you infer sufficient information from essential a "flat" API call view of the world. I would prefer to see a network view (which sure you can build from CloudTrail, but you still have to do it).
"Cloud watching is really important if you reside in an area where tornadoes frequently occurs. A number of cloud formations indicate tornado development; one of which is tail clouds."
A Tornado with a "Tail Cloud"
I'm enjoying Chapter 11 as it has lots of sections on different services, and they are all short :-)
Next one is on CloudTrail (so, none of the above).
Again this is a sort of obvious service. If you own all the APIs, and everything is HTTP/S then you can in theory track all calls and other meta data (who, what, when, how, why?)
What events does it collect? From the docs:
An event contains information about the associated API call: the identity of the caller, the time of the call, the source IP address, the request parameters, and the response elements returned by the AWS service. For more details, see the CloudTrail Event Reference section of the user guide.
It's not exactly real-time: CloudTrail typically delivers log files within 15 minutes of an API call.
I also wonder how it relates to other monitoring/management AWSs? Is there a complete list of related services? Also, how does it relate to X-Ray? Is X-Ray built on top of it maybe?
Here's an interesting article on hooking it up with other AWSs to actually do something useful.
A webinar
PS
I was struggling to see how CloudTrail. is useful. All it is doing is recording API calls for future analysis. This seems to be a bit "primitive" at some level. Recently I've done some experiments with using our APM+performance modelling tool for security. The idea is to build a model from a baseline of APM data assuming that there are no security or intrusion incidents. For APM and performance modelling it's critical to have visibility into transactional level dependencies. For security I suspect that the same it true. Networks are critical to everything. The idea is to compare new production transactions with the model, and if there is sufficient "difference" (in terms of path through the s/w components and times and anything else you can record (e.g. workload context, classes, apis, methods, even data), and times, then it may be an anomalous transaction. I am suspicious that you infer sufficient information from essential a "flat" API call view of the world. I would prefer to see a network view (which sure you can build from CloudTrail, but you still have to do it).
Great presentation of Aws form of blog and Aws tutorial. Very helpful for beginners like us to understand Aws course. if you're interested to have an insight on Aws training do watch this amazing tutorial.https://www.youtube.com/watch?v=Y4Y8yWVrqo8
ReplyDeleteChapter 11: Aws Cloudtrail (Tail? Tale?) >>>>> Download Now
Delete>>>>> Download Full
Chapter 11: Aws Cloudtrail (Tail? Tale?) >>>>> Download LINK
>>>>> Download Now
Chapter 11: Aws Cloudtrail (Tail? Tale?) >>>>> Download Full
>>>>> Download LINK n1
Good Blog
ReplyDeleteExcellent and Very Usefull Blog
aws trainings in viayawada
I loved your post.Much thanks again. Fantastic.
ReplyDeleteaws training
Want to change your career in Selenium? Red Prism Group is one of the best training coaching for Selenium in Noida. Now start your career for Selenium Automation with Red Prism Group. Join training institute for selenium in noida.
ReplyDeleteChapter 11: Aws Cloudtrail (Tail? Tale?) >>>>> Download Now
ReplyDelete>>>>> Download Full
Chapter 11: Aws Cloudtrail (Tail? Tale?) >>>>> Download LINK
>>>>> Download Now
Chapter 11: Aws Cloudtrail (Tail? Tale?) >>>>> Download Full
>>>>> Download LINK 9R