cloudtrail - cirelledo-csa/herd GitHub Wiki

Cloudtrail

Clodutrail records api events. useful for auditing, debugging, situational awareness, etc.

Best model is to use an organizational cloudtrail that ships to a centralized bucket in a dedicated logging/audit account.

finding stuff in cloudtrail

Event Name

you can get a list of all event name by looking at the api, eg for transit gateway

You can then filter on event name and one of the listed Operations List:

AcceptTransitGatewayVpcAttachment
AssociateTransitGatewayRouteTable
CreateTransitGateway
CreateTransitGatewayRoute
CreateTransitGatewayRouteTable
CreateTransitGatewayVpcAttachment
DeleteTransitGateway
DeleteTransitGatewayRoute
DeleteTransitGatewayRouteTable
DeleteTransitGatewayVpcAttachment
DisableTransitGatewayRouteTablePropagation
DisassociateTransitGatewayRouteTable
EnableTransitGatewayRouteTablePropagation
ExportTransitGatewayRoutes
ModifyTransitGatewayVpcAttachment
RejectTransitGatewayVpcAttachment
ReplaceTransitGatewayRoute
SearchTransitGatewayRoutes
AcceptTransitGatewayPeeringAttachment
CreateTransitGatewayPeeringAttachment
DeleteTransitGatewayPeeringAttachment
RejectTransitGatewayPeeringAttachment