CloudTrail with CloudWatch Logs

  • You can configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when specific activity occurs:

    1. Configure your trail to send log events to CloudWatch Logs.

    2. Define CloudWatch Logs metric filters to evaluate log events for matches in terms, phrases, or values. For example, you can monitor for ConsoleLogin events.

    3. Assign CloudWatch metrics to the metric filters.

    4. Create CloudWatch alarms that are triggered according to thresholds and time periods that you specify. You can configure alarms to send notifications when alarms are triggered, so that you can take action.

    5. You can also configure CloudWatch to automatically perform an action in response to an alarm.

PreviousMacieNextSecurity Groups

Last updated