”;
AWS CloudTrail is a service available with Amazon, which helps to logs all the activities done inside AWS console. It logs all the API calls and stores the history, which can be used later for debugging purpose. Note that we cannot trigger Lambda from CloudTrail. Instead, CloudTrail stores all the history in the form of logs in S3 bucket and we can trigger AWS Lambda from S3. Once any logs are to be processed, AWS Lambda will get triggered whenever any logs are added to S3 bucket.
Requisites
Before you start to work with AWS CloudTrail, S3 and AWS Lambda, you need to perform the following −
- Create S3 bucket to store CloudTrail logs
- Create SNS service
- Create a trail in CloudTrail and assign the S3 bucket and SNS service
- Create IAM role with permission.
- Create aws lambda function
- AWS Lambda configuration
Example
Let s consider an example which shows the working of AWS CloudTrail, S3 and AWS Lambda. Here, we will create a bucket in S3 which will store all the logs for any interaction done in AWS console. Let us create SNS topic and publish it. For this action, the logs will be entered as a file in S3. AWS lambda will get triggered which will send mail using Amazon SES service.
The block diagram for explaining this process is as shown below −
Create S3 Bucket to Store CloudTrail logs
Go to AWS console and click S3 service. Click Create bucket and enter the name of the bucket you want to store cloudtrail logs as shown −
Observe that here we have created a S3 bucket cloudtraillogsaws for storing the logs.
Create SNS Service
Go to AWS console and click Simple notification Service. Select topics from left side and click Create new topic button.
We have created topic called displaytrail to publish a topic. Its details will get stored in S3bucket that is created above.
Create a Trail in Cloudtrail and Assign the S3 bucket and SNS service
Go to AWS console and click CloudTrail service from Management tools as shown −
Click Trails from the left side as shown below −
Click Create Trail button. Enter the Trail name, Apply trail to all regions and choose Yes. Then So the logs will be applied for all the region.
For Read/Write events, choose All. Add the S3 bucket and SNS topic details as shown below. You can create a new one here or add an existing one.
Note that there are options available to encrypt log files, enable log file validation, send sns notification for every log file delivery etc. I have used the default values here. You can allow file encryption and it will ask for encryption key. Click on Create Trail button once the details are added.
Create IAM Role with Permission
Go to AWS console and select IAM. Create a role with permission for S3, Lambda, CloudTrail and SES for sending email. The role created is as shown below −
Create AWS Lambda Function
Go to AWS service and click Lambda service. Add the function name, select runtime as nodejs, and select the role created for the lambda function. Following is the lambda function created.
AWS Lambda Configuration
Next, we need to add S3 as the trigger for AWS lambda created.
Add the S3 bucket details to add the trigger and add the following AWS Lambda code −
const aws = require("aws-sdk"); const sns = new aws.SNS({ region:''us-east-1'' }); var ses = new aws.SES({ region: ''us-east-1'' }); exports.handler = function(event, context, callback) { console.log("AWS lambda and SNS trigger "); console.log(event); const s3message = "Bucket Name:"+event.Records[0].s3.bucket.name+"nLog details:"+event.Records[0].s3.object.key; console.log(s3message); var eParams = { Destination: { ToAddresses: ["[email protected]"] }, Message: { Body: { Text: { Data:s3message } }, Subject: { Data: "cloudtrail logs" } }, Source: "[email protected]" }; var email = ses.sendEmail(eParams, function(err, data) { if (err) console.log(err); else { console.log("===EMAIL SENT==="); console.log("EMAIL CODE END"); console.log(''EMAIL: '', email); context.succeed(event); callback(null, "email is send"); } }); };
Note that we are taking the S3 bucket and log details from the event and sending mail using SES service as shown above.
Whenever any activity takes place in AWS console, the logs will be sent to S3 bucket and at the same time, AWS lambda will get triggered and the mail will be send to the email id mentioned in the code.
Note that you can process the logs as per your needs in AWS Lambda.
”;