How to control actions on the S3 bucket and Alerts with CloudWatch and CloudTrail

awsmine

Revathi Joshi

Posted on August 7, 2023

How to control actions on the S3 bucket and Alerts with CloudWatch and CloudTrail

In this article, I am going to show how to create a CloudTrail trail that tracks the activity of an S3 bucket. We will then create a CloudWatch log group to search through the activity logs that describe the API actions on that S3 bucket. Additionally, we will create a CloudWatch metric filter and CloudWatch alarm to notify us whenever there are uploads or downloads of an S3 object on that bucket.

Please visit my GitHub Repository for S3 articles on various topics being updated on constant basis.

Let’s get started!

Objectives:

1. Create S3 bucket and Upload Objects

2. Create a CloudTrail Trail

3. Create and Configure a CloudWatch Log Group with Your CloudTrail Trail

4. Create and Configure a CloudWatch Alarm with Your CloudTrail Trail

Pre-requisites:

  • AWS user account with admin access, not a root account.

Resources Used:

What is Amazon CloudWatch?

What Is AWS CloudTrail?

What is Amazon SNS?

Steps for implementation to this project:

1. Create S3 bucket and Upload Objects

  • Create a simple s3 bucket - mybucket-123456
  • Upload a file - 000-employee-1

Image description

2. Create a CloudTrail Trail

  • Create a CloudTrail Trail - s3-bucket-123456-trail for the Data Events in S3 bucket

Image description

Image description

Image description

Image description

3. Create and Configure a CloudWatch Log Group with Your CloudTrail Trail

  • setup CloudWatch Logs Image description

Image description

  • Configure a CloudWatch Log Group with Your CloudTrail Trail

1. upload a new file into s3 bucket

Image description

2. view Cloudwatch log events

Image description

3. Create filter

Image description

4. Test Pattern Results

  • Found 6 matches out of 11 event(s) in the sample log.

Image description

  • Next

5. Assign Filter

Image description

Image description

  • Next

  • Summary

Image description

  • Create metric filter

4. Create and Configure a CloudWatch Alarm with Your CloudTrail Trail

  • Create Alarm

Image description

Image description

Image description

Image description

  • confirm your email

Image description

  • Confirm Subscription

Image description

  • Next

Image description

  • Click Next
  • Click Create Alarm

Cleanup

  • Delete S3 bucket
  • Delete CloudTrail
  • Delete Cloudwatch

What we have done so far

  • we have created and configured a CloudTrail trail and a CloudWatch Logs log stream in order to set up monitoring and access alerts for an S3 bucket.
  • Specifically, we have created the trail for monitoring access to the S3 bucket, the CloudWatch Logs log stream to allow searching and filtering of the logs, and then a CloudWatch metric filter and alarm on that metric filter to generate an alert whenever there is any access to an S3 bucket.
💖 💪 🙅 🚩
awsmine
Revathi Joshi

Posted on August 7, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related