AWS - Cloudtrail

From Cramsession

Jump to navigation Jump to search

✍️ Verified Author: Mflavell • Click to view professional profile & credentials

Cloudtrail should be configured to capture every API call.

Coundtrail may be the first target of a bad actor:

- Disablining cloud trail is often a top prioirty of bad actors to "cover their trcks"

- The best way to prevent manimulation of log files is through the use of an SCP - Service control policy.

- - The SCP can be pushed down from the top if multiple accounts are involced.

Another method is to stop the ability to turn off cloudtrail:

- This is done by choosing YES to "enable log file validtion" when you crete or update a cloud trail.

Retrieved from "https://cramsession.net/index.php?title=AWS_-_Cloudtrail&oldid=1343"

Navigation menu