All news with #aws cloudtrail tag

🔒 The AWS Customer Incident Response Team describes a tactic where attackers use credentials with the organizations:LeaveOrganization permission to remove a member account from an AWS Organization, bypassing inherited safeguards such as Service Control Policies and centralized management. After removal, the account is disentangled from consolidated billing, organization-wide CloudTrail trails, and delegated GuardDuty findings, reducing visibility. The post urges deploying the DenyLeaveOrganizationSCP, enforcing least privilege, securing root users with MFA and centralized root management, and updating detection and response workflows to monitor related CloudTrail events.

🏷 CloudWatch Logs Insights now supports querying log groups by tags, allowing searches across all log groups that share key-value tags without listing them explicitly. Tags such as Environment:Production, Application:PaymentService, or Owner:TeamName let teams scope queries by environment, application, or ownership. As log group tags are added or removed, queries automatically reflect the matching log groups, reducing operational overhead as environments scale. This capability is available today in all commercial AWS Regions.

🔒 Amazon EventBridge now supports logging data plane APIs to AWS CloudTrail, giving customers greater visibility into event bus activity. The update adds capture of the PutEvents API and records requester identity, IP address, timestamps, and request details. You can opt in per event bus via the CloudTrail console or APIs; the capability is available in commercial, GovCloud (US), and AWS China regions.

📊 Amazon SageMaker Training Plans now publishes Amazon CloudWatch metrics to track utilization of capacity reservations tied to purchased Flexible Training Plans. Administrators gain both historical and real‑time views of instance usage at the individual plan level and across an account, enabling informed decisions about capacity allocation and cost optimization. This observability helps teams align compute consumption with AI budgets and timelines while reducing wasted reserved capacity.

🔒 Amazon Connect now records agent activity status changes made through analytics dashboards in CloudTrail, capturing the supervisor identity, timestamp, and the specific status transition. This enhancement provides contact centers with clearer audit trails and operational visibility for actions such as switching an agent from "Available" to "Break." The capability is available in all AWS commercial and AWS GovCloud (US-West) regions where Amazon Connect is offered; ensure CloudTrail logging is enabled to see the events automatically.

📡 Amazon CloudWatch now lets customers audit and enable telemetry from AWS services such as Amazon EC2, Amazon VPC, and AWS CloudTrail across multiple Regions from a single region. Administrators can create organization-wide enablement rules scoped to specific regions or all supported regions, and rules targeting all regions automatically expand to include newly launched regions. The feature is available in all AWS commercial regions and standard CloudWatch ingestion pricing applies.

📈 Amazon CloudWatch now supports native OpenTelemetry metrics in public preview, allowing customers to send metrics directly via OTLP without custom conversion logic or additional tooling. You can combine custom OTel metrics with AWS-vended metrics from over 70 services and query them using PromQL across EKS and on-premises environments with no additional agents or code changes. CloudWatch anomaly detection and a new Query Studio console enable unified dashboards and alarms that span application and infrastructure telemetry.

🔔 AWS announced that AWS Private Certificate Authority (AWS Private CA) now publishes CA utilization metrics to Amazon CloudWatch, providing visibility into certificate issuance counts and the number of CAs per Region. The metrics track certificates issued by each CA and total CAs in a Region, enabling CloudWatch alarms and automation to replace or transition CAs approaching quota limits. This capability helps prevent quota-related service disruptions for services such as Amazon EKS, Amazon ECS Service Connect, and Amazon WorkSpaces.

🛡️ AWS outlines core concepts and a hands-on walkthrough for implementing security response automation to detect and remediate threats across AWS environments. The post maps automation to the NIST Cybersecurity Framework and demonstrates a CloudFormation deployment using EventBridge, Lambda, GuardDuty, and Security Hub to automatically restart CloudTrail and notify operators. It also highlights the Automated Security Response library, testing guidance, and cost and cleanup considerations.

🔧 The AWS Transfer Family Terraform module now supports provisioning Transfer Family web apps, offering a branded, managed web portal for users to browse, upload, and download data in Amazon S3. The module centralizes deployment with federated authentication via AWS IAM Identity Center and fine-grained permissions using S3 Access Grants. An included end-to-end example covers Identity Center user and group assignment, Access Grants setup, web app configuration, and CloudTrail auditing.

🔒 This post outlines a practical technical approach to implementing data governance on AWS, focusing on monitoring, preventive controls, automated remediation, and advanced features such as data sovereignty and lifecycle management. It recommends an event-driven model using CloudTrail, EventBridge, Lambda, and AWS Config to validate and enforce tagging and security controls. The guidance covers organization-wide tag policies, ABAC with IAM conditions, multi-account strategies, and integration with on-premises governance via Service Catalog and compliant CloudFormation products.

📥 AWS today introduces a simplified workflow to import historical CloudTrail Lake event data directly into Amazon CloudWatch. You specify the CloudTrail Lake event data store (EDS) and a date range to initiate imports; the capability is supported via the AWS console, CLI, and SDK. The change lets teams consolidate operational, security, and compliance telemetry in one place. There’s no separate import charge, but standard CloudWatch custom logs pricing applies.

🔔 Amazon CloudWatch now supports organization-wide automatic telemetry configuration for six critical AWS services: AWS CloudTrail Management Events, AWS CloudTrail Data Events, Amazon Route 53 Resource Query Logs, Amazon EKS Control Plane logs, Network Load Balancer access logs, and AWS WAF WebACL logs. Administrators can create enablement rules that automatically apply logging for both existing and new resources using AWS Config service-linked recorders. This simplifies enforcement of consistent monitoring and audit practices at scale while adhering to CloudWatch and AWS Config billing models.

🔔 AWS now enables centralized collection of CloudTrail events in Amazon CloudWatch, allowing organizations to consolidate telemetry alongside VPC Flow Logs and EKS Control Plane Logs. The integration leverages service-linked channels (SLCs) to receive events without requiring trails and adds safety checks plus termination protection. Customers will incur CloudTrail event delivery charges and CloudWatch Logs ingestion fees based on custom logs pricing; consult the CloudWatch documentation for supported regions and enablement steps.

🔍 AWS CloudTrail Insights now analyzes data events as well as management events, automatically detecting anomalies in data access patterns such as unexpected surges in S3 delete calls or increased Lambda error rates. When unusual activity is found, CloudTrail generates an Insights event that includes the relevant data events and can trigger alerts for rapid investigation. The capability is available in all regions where CloudTrail is offered; additional charges apply for data-event Insights.

🔍 AWS announced aggregated CloudTrail data events to help teams monitor high-volume API activity without processing every individual event. Aggregations consolidate data events into 5-minute summaries that surface trends such as access frequency, error rates, and top actions while preserving access to detailed events when required. You can enable aggregation via the console or CLI and choose from pre-built templates for API activity, resource access, and user activity. Aggregations are billed based on the number of data events analyzed and are available in all commercial Regions.

🔒 Amazon has added detailed audit logging for OpenSearch Serverless data-plane requests through AWS CloudTrail. Customers can now record and retain user actions on collections — including authorization attempts, index changes, and search queries — to support compliance and incident investigations. Logs can be filtered with read-only or write-only options or captured using advanced event selectors for granular control. Data events are delivered to Amazon S3 and can be forwarded to Amazon CloudWatch Events for real-time monitoring and response.

🔔Amazon S3 now emits AWS CloudTrail events for S3 Tables maintenance operations so you can track compaction and snapshot expiration. Maintenance activities are recorded as management events in CloudTrail, enabling auditing and monitoring of automatic optimization tasks. To monitor these events, create a trail and filter for eventType='AwsServiceEvents' and eventName='TablesMaintenanceEvent'. Events are available in all Regions where S3 Tables are offered.

🔍 Amazon ECS now emits AWS CloudTrail data events for ECS Agent API activities, giving teams detailed visibility into container instance operations. Customers can opt in to the new data event resource type AWS::ECS::ContainerInstance to capture actions such as ecs:Poll, ecs:StartTelemetrySession, and ecs:PutSystemLogEvents. The capability is available for ECS on EC2 across all AWS Regions and for ECS Managed Instances in select regions. Standard CloudTrail data event charges apply.

📣 AWS Config now supports three additional resource types—AWS::ApiGatewayV2::Integration, AWS::CloudTrail::EventDataStore, and AWS::Config::StoredQuery—providing broader visibility across AWS environments. If you have recording enabled for all resource types, AWS Config will automatically begin tracking these new types. They are available for use in Config rules and Config aggregators in all Regions where the resources exist. This expansion enhances your ability to discover, assess, audit, and remediate a wider range of resources.