Modifying a CloudTrail Trail using the AWS CLI

With the Trail in place, you can now use either the AWS Management Console or the AWS CLI to modify its settings. In this case, we will look at how to perform simple changes to the newly created Trail using the AWS CLI itself. Before proceeding with this section, however, it is important that you have installed and configured the AWS CLI on your desktop/laptop, based on the guides provided at http://docs.aws.amazon.com/cli/latest/userguide/installing.html.

Once the CLI is installed and configured, we can now run some simple commands to verify its validity. To start off, let's first check the status of our newly-created Trail by using the describe-trails command, as shown in the following command:

# aws cloudtrail describe-trails

This will display the essential properties of your CloudTrail Trails, such as the Name, the TrailARN, whether the log file validation is enabled or not, and whether the Trail is a multi-regional Trail or it belongs to a single region. In this case, the IsMultiRegionTrail value is set to false, which means that the Trail will only record events for its current region, that is, us-east-1. Let's go ahead and modify this using the AWS CLI.

To do so, we will be using the update-trail command:

# aws cloudtrail update-trail  
--name useast-prod-CloudTrail-01  
--is-multi-region-trail

The following code will simply change the IsMultiRegionTrail value from false to true. You can verify the same by using the describe-trails command, as performed earlier. Similarly, you can use the update-trail command to change other settings for your CloudTrail Trail, such as enabling the log file validation feature, as described in the following command:

# aws cloudtrail update-trail  
--name useast-prod-CloudTrail-01  
--enable-log-file-validation

Finally, you can even use the AWS CLI to check the current status of your Trail by executing the get-trail-status command, as shown in the following command:

# aws cloudtrail get-trail-status  
--name useast-prod-CloudTrail-01

Apart from these values, the get-trail-status command will additionally show two more fields (LatestNotificationError and LatestDeliveryError) in case an Amazon SNS subscription fails or if a CloudTrail Trail was unsuccessful at writing the events to an S3 bucket.

With this completed, we will now move on to the next section of this chapter, in which we will learn how you can effectively monitor your Trails with the help of CloudWatch Logs.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset