Notice: Trying to get property 'post_excerpt' of non-object in /home/n3svtp4r09fz/technet.vn/wp-content/themes/darknews/single.php on line 43
Lab Details
- This lab walks you through the steps to configure CloudTrail to be able to access your log files.
- You will practice using AWS CloudTrail, Amazon S3 and Amazon EC2.
- Duration: 45 minutes
- AWS Region: US East (N. Virginia) us-east-1
Tasks
- Create an AWS CloudTrail.
- Create an S3 Bucket .
- Launch an EC2 Instance and connect to it via browser.
- Access log files in S3 created for the events.
Architecture Diagram
Lab Steps
Task 1: Launching Lab Environment
- Launch lab environment by clicking on
. This will create an AWS environment with the resources required for this lab. - Once your lab environment is created successfully,
will be active. Click on , this will open your AWS Console Account for this lab in a new tab. If you are asked to logout in AWS Management Console page, click on the here link and then click on again. - If you have logged into other aws accounts in the same browser, after clicking on the , you will be redirected to a page asking you to logout from the other aws account.
| Note : If you have completed one lab, make sure to sign out of the AWS account before starting a new lab. If you face any issues, please go through FAQs and Troubleshooting for Labs. |
Task 2: Configuring CloudTrail and an S3 Bucket
- Make sure to choose the US East (N. Virginia) us-east-1 region in the AWS Management console dashboard (present in the top right corner).
- Navigate and click on CloudTrail, which will be available under the
section of 
. - Click on
- Under Create Trail, enter these details:
- Trail name : Enter My_First_Trail
- Storage Location : Create a new S3 Bucket
- Trail log bucket and folder : Leave it as default
- Log file SSE-KMS encryption : Uncheck
- Additional Settings:
- Log file validation : Uncheck
- SNS notification delivery : Leave it as default
- CloudWatch Logs : Leave it as default
- Tags: Click Add Tags
- Key: Enter Name
- Value: Enter my_logs
- Click on Next.
- Choose Log Events:
- Leave everything as default and click on Next.
- Review and click on
.
- A CloudTrail instance that delivers logs to an S3 bucket has now been created.
Task 3: Checking the S3 Bucket
- Navigate to Services. Under Storage, click and open S3 in a new tab.
- Under S3 Buckets, you can see the bucket which was created by CloudTrail.
Task 4: Viewing the Logs in the S3 Bucket
- AWS CloudTrail captures AWS API calls and related events made by or on behalf of an AWS account and delivers log files to a specified S3 bucket. CloudTrail typically delivers log files within 15 minutes of an API call and publishes new log files multiple times an hour, usually about every 5 minutes.
- Wait for a few minutes until the first log is created.
- Keep refreshing the page and then open the bucket once logs appear.
- Click and open the folders inside the bucket.
| Bucket Name AWSLogs ***(Account No) CloudTrail Us-east-1 2020 02 01 |
- You can see the logs are being created inside the bucket.
- Click on the file and choose Open.
- You will see a JSON file. To format the file, we will use a JSON formatter.
- Click JSONFormatter and paste the file. Click on Format/Beautify to format the JSON blob..
- You will see the Username, EventTime, EventSource, EventName, etc. You can see all the details about the particular event that happened.
Task 5: Launching an EC2 Instance
- Navigate to the
menu at the top, then click on EC2 in the Compute section. - Switch off the New EC2 experience. Edit the feedback message and select yes for the experience. Click on
. This will allow us to use the old console.
- Click on
- Search and Choose Amazon Linux 2 AMI:
- Choose an Instance Type: Select
and click on the 
- Review and Launch : Review all settings and click on
. - Key Pair: We do not need a key pair for this Lab. Choose Proceed without a Key and click on
.
- Launch Status: Your instance is now launching, Click on the instance ID and wait for complete initialization of instance (until the status changes to running).
- Note the creation time of your instance.
Task 6: Checking Log files created by the EC2 Instance
- Navigate back to S3 and go to Logs (as mentioned above).
- Wait for 5-10 minutes if the log has not been created yet.
- Click on the log and format it with JSONFormatter.
- You will see the eventName of all the resources created like Securitygroups, VPC, etc. while launching the EC2 Instances.
(Note: Be patient as CloudTrail delivers log files to your S3 bucket approximately every 10-15 minutes. CloudTrail does not deliver log files if no API calls are made on your account.)
Task 7: Connecting to the EC2 Instance
- Navigate to EC2.
- Select your EC2 Instance and click on Connect.
- Select EC2 Instance Connect (browser-based SSH connection) and click on Connect.
- Since this is for demo purposes, we can close the window after verifying a connection to the instance.
Task 8: Checking for a log file after connecting to the EC2 Instance
- Navigate back to S3 and go to Logs (as mentioned above).
- Click on the log created and open it.
- Copy the file to the JSON Formatter and format the JSON blob.
- You can see the eventTime, eventSource, eventName, and the rest of the fields in the JSON blob.
Task 9: Validation Test
- Once the lab steps are completed, please click on the
button on the right side panel. - This will validate the resources in the AWS account and displays whether you have completed this lab successfully or not.
- Sample output :
Completion and Conclusion
- You have successfully used the AWS management console to create an AWS CloudTrail.
- You have successfully created an Amazon S3 Bucket.
- You have formatted the new Log file and confirmed the events inside the JSON blob.
- You have launched an EC2 Instance and connected to it via browser.
- You have tested the log file from the. EC2 creation and the log file from connecting to the instance via SSH.