AWS学习笔记(五)

阿尔哦覅和

　　默认，AWS用户的操作没有记录日志，可以使用AWS CloudTrail Console或AWS CLI启用CloudTrail来记录。

AWS CloudTrail Console
　　登录到AWS Management Console，然后打开CloudTrail console，点击Get Stared Now按钮，填写表单即可。CloudTail将日志保存在S3中，建议使用新的S3 Buket。Advanced中还有log file prefix,log file validation,Amazon SNS notifications选项。CloudTrail存储多个事件在一个日志文件中，SNS notification每个文件发送一次通知，而不是每个事件。
启用后就可以从CloudTrail console查看日志，可增加、更新、删除、停用trail。

CloudTrail CLI

Create a trail
　　Create a single-region trail：
The specified S3 bucket must already exist and have the appropriate CloudTrail permissions applied.

$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket
　　Create a trail that applies to all regions：

$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket --is-multi-region-trail
Start logging
　　After the create-trail command completes, run the start-logging command to start logging for that trail.When you create a trail with the CloudTrail console or the create-subscription command, logging is turned on automatically.

$ aws cloudtrail start-logging --name my-trail
Stop logging

$ aws cloudtrail stop-logging --name my-trail
Update Trail
　　Converting a multi-region trail to a single-region trail：

$ aws cloudtrail update-trail --name my-trail --no-is-multi-region-trail
　　Enabling log file validation：

$ aws cloudtrail update-trail --name my-trail --enable-log-file-validation
Get trail status

$ aws cloudtrail get-trail-status --name my-trail
Retrieve trail settings

$ aws cloudtrail describe-trails
Delete a trail

$ aws cloudtrail delete-trail --name my-trail
　　删除trail不会删除S3和SNS topic

参考文档
　　Creating and Updating a Trail with the CloudTrail Console
Creating and Updating a Trail with the AWS Command Line Interface