Besides Cloud Watch, the Amazon platform also offers the Cloud trail to track the records of the API activity in the AWS Account. So today in this block we will discuss Cloud trail in detail and how it differs from cloud watch.
What is Cloud Trail?
AWS Cloud Trail is an AWS service that helps to enable, governance, compliance and risk auditing in your AWS Account.
Amazon platform treats every action as events. These events include user actions, user roles (or) the AWS services. They also consider the events in the AWS Management Console, AWS Command Line Interface (CLI), AWS SDK as well as AWS API. Hence whenever you enable the Cloud trail in your AWS Account, the activity will be recorded in AWS in a cloud Trail event. With AWS Cloud Trail, you can view, search, download, analyze and responds to the account activity across the AWS infrastructure. Besides, you can also get the information like who was logged in to the account and the activity happening in the account and so on. Moreover, this platform also allows you to integrate the cloud trail into applications using API and automate the trail creation for your organization.
Also, check to know the key relationship between KPI and devops So let us see how to create a Cloud Trail practically
step - 1:
Log in to the AWS account and search for Cloud Trail. Then you can observe the screen as follows:
step - 2:
Navigate to trails and click on Create Trail.
step - 3:
step -3a:
Provide any name to the trail
step - 3b:
Select the bucket where you want to store the logs (or) create a new bucket ( Here I'm creating the new bucket to store logs)
step - 3c:
Click on Advanced and check the preference for the following. (Here I'm leaving as default. And you can try with the multiple options).
step - 3d:
provide any tag name and click on create
step - 4:
Once you click on create, you can see the screen as shown below
step - 5:
If you observe the above screenshot since you can observe the status as ticketed (green color). So we have successfully created the bucket to see the logs. And in order to observe the logs in your bucket, you need to perform an activity like creating the instance in your account. And once you created the instance, you can observe the logs
step - 6:
So create an instance in your account
step -7:
Once you created an Instance, Navigate back to Cloud trail that you have created before and click on it.
step - 8:
Navigate to the storage location and click on your bucket name.
step -9:
Click on the region that you have created the bucket( You can check the region in your instance).
Step - 10:
click on 2019
step - 11:
Click 11
step - 12:
Click on 06
step - 13:
Then you can see the Cloud trail as follows:
step - 14:
Click on any one of the Cloud trails. and make it as public
step - 15:
Click on the object link
Then you can observe the logs as follows:
So like this, we can observe the Cloud Trail logs. So let us discuss the differences between the cloud watch and cloud logs
Cloud Watch | Cloud Trail |
| It is the monitoring service for AWS resources and applications | It is the web service that records the API activity |
| With Cloud watch, you can collect and track metrics, collect and monitor log files as well as set alarms. | Cloud trail logs the information to the request made, services used, the action performed. And these logs were stored in an S3 bucket. |
| It logs reports on the application logs | Cloud trail logs provide the specific information of various activities occurred in an account |
| It is a near-real-time stream of system events that describe the change to your AWS resources | Cloud Trail focus more on API call that you made in your account |
| Cloud watch delivers metric data for 5 minutes periods for basic monitoring and 1 minute for detailed monitoring. By default, the Cloud Watch logs agent will send log data every five seconds. | Cloud trail delivers an event within 15 minutes of API Call |