< ciso
brief />
Tag Banner

All news with #aws cloudtrail tag

39 articles · page 2 of 2

Getting Started with Security Response Automation on AWS

🛡️ AWS outlines core concepts and a hands-on walkthrough for implementing security response automation to detect and remediate threats across AWS environments. The post maps automation to the NIST Cybersecurity Framework and demonstrates a CloudFormation deployment using EventBridge, Lambda, GuardDuty, and Security Hub to automatically restart CloudTrail and notify operators. It also highlights the Automated Security Response library, testing guidance, and cost and cleanup considerations.
read more →

AWS Transfer Family Terraform Module Enables Web Apps

🔧 The AWS Transfer Family Terraform module now supports provisioning Transfer Family web apps, offering a branded, managed web portal for users to browse, upload, and download data in Amazon S3. The module centralizes deployment with federated authentication via AWS IAM Identity Center and fine-grained permissions using S3 Access Grants. An included end-to-end example covers Identity Center user and group assignment, Access Grants setup, web app configuration, and CloudTrail auditing.
read more →

Implementing Data Governance on AWS: Automation & Tags

🔒 This post outlines a practical technical approach to implementing data governance on AWS, focusing on monitoring, preventive controls, automated remediation, and advanced features such as data sovereignty and lifecycle management. It recommends an event-driven model using CloudTrail, EventBridge, Lambda, and AWS Config to validate and enforce tagging and security controls. The guidance covers organization-wide tag policies, ABAC with IAM conditions, multi-account strategies, and integration with on-premises governance via Service Catalog and compliant CloudFormation products.
read more →

Simplified import of CloudTrail Lake data into CloudWatch

📥 AWS today introduces a simplified workflow to import historical CloudTrail Lake event data directly into Amazon CloudWatch. You specify the CloudTrail Lake event data store (EDS) and a date range to initiate imports; the capability is supported via the AWS console, CLI, and SDK. The change lets teams consolidate operational, security, and compliance telemetry in one place. There’s no separate import charge, but standard CloudWatch custom logs pricing applies.
read more →

CloudWatch: Org-wide Auto-Telemetry for Six Services

🔔 Amazon CloudWatch now supports organization-wide automatic telemetry configuration for six critical AWS services: AWS CloudTrail Management Events, AWS CloudTrail Data Events, Amazon Route 53 Resource Query Logs, Amazon EKS Control Plane logs, Network Load Balancer access logs, and AWS WAF WebACL logs. Administrators can create enablement rules that automatically apply logging for both existing and new resources using AWS Config service-linked recorders. This simplifies enforcement of consistent monitoring and audit practices at scale while adhering to CloudWatch and AWS Config billing models.
read more →

AWS simplifies CloudTrail events ingestion into CloudWatch

🔔 AWS now enables centralized collection of CloudTrail events in Amazon CloudWatch, allowing organizations to consolidate telemetry alongside VPC Flow Logs and EKS Control Plane Logs. The integration leverages service-linked channels (SLCs) to receive events without requiring trails and adds safety checks plus termination protection. Customers will incur CloudTrail event delivery charges and CloudWatch Logs ingestion fees based on custom logs pricing; consult the CloudWatch documentation for supported regions and enablement steps.
read more →

AWS CloudTrail Insights Adds Data-Event Anomaly Detection

🔍 AWS CloudTrail Insights now analyzes data events as well as management events, automatically detecting anomalies in data access patterns such as unexpected surges in S3 delete calls or increased Lambda error rates. When unusual activity is found, CloudTrail generates an Insights event that includes the relevant data events and can trigger alerts for rapid investigation. The capability is available in all regions where CloudTrail is offered; additional charges apply for data-event Insights.
read more →

AWS CloudTrail Data Event Aggregation for Monitoring

🔍 AWS announced aggregated CloudTrail data events to help teams monitor high-volume API activity without processing every individual event. Aggregations consolidate data events into 5-minute summaries that surface trends such as access frequency, error rates, and top actions while preserving access to detailed events when required. You can enable aggregation via the console or CLI and choose from pre-built templates for API activity, resource access, and user activity. Aggregations are billed based on the number of data events analyzed and are available in all commercial Regions.
read more →

OpenSearch Serverless: CloudTrail data-plane audit logging

🔒 Amazon has added detailed audit logging for OpenSearch Serverless data-plane requests through AWS CloudTrail. Customers can now record and retain user actions on collections — including authorization attempts, index changes, and search queries — to support compliance and incident investigations. Logs can be filtered with read-only or write-only options or captured using advanced event selectors for granular control. Data events are delivered to Amazon S3 and can be forwarded to Amazon CloudWatch Events for real-time monitoring and response.
read more →

Amazon S3 Generates CloudTrail Events for Table Maintenance

🔔Amazon S3 now emits AWS CloudTrail events for S3 Tables maintenance operations so you can track compaction and snapshot expiration. Maintenance activities are recorded as management events in CloudTrail, enabling auditing and monitoring of automatic optimization tasks. To monitor these events, create a trail and filter for eventType='AwsServiceEvents' and eventName='TablesMaintenanceEvent'. Events are available in all Regions where S3 Tables are offered.
read more →

Amazon ECS Adds CloudTrail Data Events for Agent API

🔍 Amazon ECS now emits AWS CloudTrail data events for ECS Agent API activities, giving teams detailed visibility into container instance operations. Customers can opt in to the new data event resource type AWS::ECS::ContainerInstance to capture actions such as ecs:Poll, ecs:StartTelemetrySession, and ecs:PutSystemLogEvents. The capability is available for ECS on EC2 across all AWS Regions and for ECS Managed Instances in select regions. Standard CloudTrail data event charges apply.
read more →

AWS Config Adds Support for Three New Resource Types

📣 AWS Config now supports three additional resource types—AWS::ApiGatewayV2::Integration, AWS::CloudTrail::EventDataStore, and AWS::Config::StoredQuery—providing broader visibility across AWS environments. If you have recording enabled for all resource types, AWS Config will automatically begin tracking these new types. They are available for use in Config rules and Config aggregators in all Regions where the resources exist. This expansion enhances your ability to discover, assess, audit, and remediate a wider range of resources.
read more →

AWS Step Functions Gains Integration with Service Quotas

📣 AWS announces general availability of AWS Service Quotas integration with AWS Step Functions, allowing customers to view account-level quota values in the Service Quotas console and monitor utilization with Amazon CloudWatch metrics. Users can request quota increases directly from the console, and eligible changes are applied automatically to reduce manual intervention. The feature is available in all commercial and AWS GovCloud (US) Regions where Step Functions is provided and can be accessed via the console or CLI.
read more →

Amazon Route 53 Resolver Query Logging Now in NZ Region

🛰️ Amazon Route 53 Resolver Query Logging is now available in Asia Pacific (New Zealand). You can log DNS queries originating in VPCs to capture queried domain names, the AWS resources that issued the queries (including source IP and instance ID), and the responses received. Logs can be delivered to Amazon S3, CloudWatch Logs, or Amazon Data Firehose, and query logging configurations may be shared across accounts via AWS RAM. There is no additional Route 53 charge for enabling query logging, though storage and ingestion on the chosen destination may incur costs.
read more →

AWS IAM Identity Center Adds Customer-Managed KMS Keys

🔐 IAM Identity Center now supports customer-managed AWS KMS keys to encrypt workforce identity data, including user and group attributes. While AWS-owned keys remain the default, a customer-managed key (CMK) lets organizations control key lifecycle, policies, and usage permissions for stronger security and compliance. CMKs can be set when enabling a new organization instance or added to existing ones, and their usage is auditable via AWS CloudTrail. Support is available for access to accounts and select AWS applications across all IAM Identity Center regions; standard KMS charges apply.
read more →

AWS CloudTrail MCP Server Adds Natural-Language Security

🔒 AWS Labs published a Model Context Protocol (MCP) server for CloudTrail that enables AI assistants to perform security and compliance analysis via natural‑language queries. The server provides direct access to CloudTrail events and CloudTrail Lake, allowing searches of 90‑day management event histories and Trino SQL queries on Lake data spanning up to 10 years. By exposing these capabilities through a conversational interface, the MCP server removes the need for bespoke API integrations and streamlines investigation and compliance workflows. The component is available in regions that support CloudTrail LookupEvents or CloudTrail Lake and is available with code and documentation in the AWS Labs repository.
read more →

CloudWatch Metrics Insights: Query Metrics Up to Two Weeks

🕒 Amazon Web Services now enables customers to query CloudWatch metrics up to two weeks in the past using the Metrics Insights query source. Metrics Insights delivers fast, SQL-based metric queries and this enhancement expands the prior ~3-hour visualization window to 14 days for dashboards, alarms, and investigations. The capability is available now in commercial AWS regions and is automatically enabled at no additional charge, though standard pricing still applies for alarms, dashboards, and API usage.
read more →

Amazon CloudWatch: Single Alarm for Multiple Metrics

🔔 Amazon CloudWatch now supports creating a single alarm that evaluates and acts on multiple individual metrics dynamically. By authoring a Metrics Insights (SQL) query with GROUP BY and ORDER BY clauses, the alarm automatically includes matching metrics as resources are created or removed, eliminating manual per-resource alarm management. You can configure these alarms via the CloudWatch console, AWS CLI, CloudFormation, or CDK; the capability is available in all commercial AWS regions, AWS GovCloud (US) Regions, and China Regions, and Metrics Insights query alarm pricing applies.
read more →

Amazon CloudWatch RUM GA Now in US GovCloud Regions

📣 Amazon has made CloudWatch RUM generally available in AWS GovCloud (US-East) and AWS GovCloud (US-West). The service collects client-side performance and error telemetry in real time and provides curated dashboards showing page load steps, core web vitals, JavaScript and HTTP errors across geolocations, browsers, and devices. It integrates with CloudWatch Application Signals to correlate front-end telemetry with backend metrics, and usage is billed per collected RUM event.
read more →