How to manage AWS CloudTrail logs events to CloudWatch?
Question
I have set AWS CloudTrail to send log to CloudWatch via trails. How can I control now what type of log is sent from CloudTrail to CloudWatch?
For example what if I only want to get logs related to "EC2 instances" to go from CloudTrail to CloudWatch?
1 answers
solution1
2 2019-08-30 13:15:27
For the CloudTrail to CloudWatch integration, CloudWatch will receive all the logs that are logged by the trail you have setup - there's currently no way to create a trail and then only send a subset of the logs it produces to CloudWatch. However, there are a couple of possible things you can do depending on what you are trying to achieve:
if you only want to see the CloudTrail events related to the EC2 service in CloudWatch, you can use a filter on the log group when viewing it in the CloudWatch console eg { $.eventSource="ec2.amazonaws.com" }
if you want to use Cloudwatch Events to invoke actions when something happens with an EC2 instance, you can use the Event Pattern source to match only API calls related to the EC2 service:
{
"source": [
"aws.ec2"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ec2.amazonaws.com"
]
}
}
In both cases, the CloudWatch logs group will still contain events related to all services - but you won't need to see/act on them
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.