Reputation: 440
We are operating a large amount of instances and ELB on AWS. Recently we experienced strange behaviors. We don't know whether our boto scripts are responsible or AWS has malfunction. It might also be a human mistake.
We are not able to know who did what on EC2 instances, that's an issue.
This implies :
Is there a way to start logging EC2 operations in AWS ?
Alternatively, are EC2 events sent on SQS or SNS ? So that we can listen to events rather than reading logs ?
Upvotes: 1
Views: 490
Reputation: 20015
CloudTrail is the ticket, but once you've got millions of events, it's not practical to view results on the CloudTrail UI.
In that case you can pipe the output to something like Kibana/Logstash, or sync and grep it.
Upvotes: 0
Reputation: 340
Yes, As @Thomas said, you can use the cloudTrail to log all the events happening on the AWS account. Basically CloudTrail logs all the AWS API calls in JSON format whether it's your application or user doing it using console. It list the ARN as well so will be able to track who particularly run the command. The logs can be viewed in console or using API as well. For console, AWS has just launched some filters as well. The only thing needs to be done is enable the CloudTrail for the region you want to monitor. Though it's recommended to have the good IAM policies to avoid such disaster.
Can set up cloudwatch logs on the cloudtrail to take action if particular event happens.
Below are the links that might help you. http://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_started_top_level.html http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cw_send_ct_events.html
Upvotes: 0
Reputation: 54668
The CloudTrail service is the place to start. Here is a link to documentation: Logging Amazon EC2 API Calls Using AWS CloudTrail
Upvotes: 4