If Amazon's CloudTrail service has been previously enabled, you will now be able to create a governance policy to download CloudTrail files by assigning the policy to specific Cloud Accounts. Once configured the system will automatically start polling, downloading, and parsing CloudTrail log files to render in the CloudTrail User Interface.
Navigate to Cloud Manager -> Governance
Select from the drop down CloudTrail as shown below.
General Configuration Details
- Check "Is Active"
- Provide your new governance policy a name
- Click Create.
Select the assign button
Assign the Cloud Accounts you want this policy to be associated with. If a Cloud account is not selected, no CloudTrail events will be imported from that specific Cloud Account (Amazon Account).
CloudTrail records will start importing data view-able in Audit -> CloudTrail. Initial data set can take a couple hours to populate.
Navigate to Audit -> CloudTrail
The filterable interface allows you to query by Cloud Account, Region, Date, Event Type, Event Source and optionally to Filter out all list/read only api calls.
Navigate to Cloud Manager -> Servers then click on a single resource from the grid to see the detailed tabbed instance show up below.
The CloudTrail integration into the "Servers" UI has pre filtered queries based on the individual EC2 and RDS instances once clicked upon. Additionally the date picker can be used to expand your search on the individual resource.
NOTE: The CloudTrail tabbed interface can be empty if:
- No records existed on the resource in the time frame queried
- The CloudTrail governance policy is not enabled
- The CloudTrail records have not been imported yet.
- Records will only start importing from the day the governance policy is enabled. It will not historically import old data before the governance policy was enabled.