Guibod
Guibod

Reputation: 440

How to log EC2 operations on AWS?

We are operating a large amount of instances and ELB on AWS. Recently we experienced strange behaviors. We don't know whether our boto scripts are responsible or AWS has malfunction. It might also be a human mistake.

We are not able to know who did what on EC2 instances, that's an issue.

This implies :

Is there a way to start logging EC2 operations in AWS ?

Alternatively, are EC2 events sent on SQS or SNS ? So that we can listen to events rather than reading logs ?

Upvotes: 1

Views: 490

Answers (3)

Joseph Lust
Joseph Lust

Reputation: 20015

CloudTrail is the ticket, but once you've got millions of events, it's not practical to view results on the CloudTrail UI.

In that case you can pipe the output to something like Kibana/Logstash, or sync and grep it.

Upvotes: 0

Nikunj Shukla
Nikunj Shukla

Reputation: 340

Yes, As @Thomas said, you can use the cloudTrail to log all the events happening on the AWS account. Basically CloudTrail logs all the AWS API calls in JSON format whether it's your application or user doing it using console. It list the ARN as well so will be able to track who particularly run the command. The logs can be viewed in console or using API as well. For console, AWS has just launched some filters as well. The only thing needs to be done is enable the CloudTrail for the region you want to monitor. Though it's recommended to have the good IAM policies to avoid such disaster.

Can set up cloudwatch logs on the cloudtrail to take action if particular event happens.

Below are the links that might help you. http://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_started_top_level.html http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cw_send_ct_events.html

Upvotes: 0

Thomas Dickey
Thomas Dickey

Reputation: 54668

The CloudTrail service is the place to start. Here is a link to documentation: Logging Amazon EC2 API Calls Using AWS CloudTrail

Upvotes: 4

Related Questions