All news with #cloudtrail tag

AWS simplifies CloudTrail events ingestion into CloudWatch

🔔 AWS now enables centralized collection of CloudTrail events in Amazon CloudWatch, allowing organizations to consolidate telemetry alongside VPC Flow Logs and EKS Control Plane Logs. The integration leverages service-linked channels (SLCs) to receive events without requiring trails and adds safety checks plus termination protection. Customers will incur CloudTrail event delivery charges and CloudWatch Logs ingestion fees based on custom logs pricing; consult the CloudWatch documentation for supported regions and enablement steps.

AWS previews MCP Server for AI agents across AWS ecosystem

🔧 The AWS MCP Server is now in preview and offers a managed remote Model Context Protocol (MCP) interface that consolidates the prior AWS API MCP and AWS Knowledge servers into a single endpoint. It enables AI agents and AI-native IDEs to access AWS documentation, generate and execute calls to over 15,000 APIs, and follow pre-built Agent SOPs to perform multi-step tasks. Authentication and authorization use AWS IAM, and audit logging is provided via CloudTrail; the service is available at no additional cost in US East (N. Virginia), with customers paying only for resources and data transfer.

Amazon EMR and AWS Glue Add Audit Context for Lake Formation

🔒 Amazon EMR and AWS Glue now include comprehensive audit context support for AWS Lake Formation credential vending APIs and AWS Glue Data Catalog GetTable and GetTables calls. Enabled by default, the feature logs platform type and identifiers (Cluster ID, Step ID, Job Run ID, Virtual Cluster ID) to AWS CloudTrail for enhanced security auditing and troubleshooting. It supports EMR 7.12+ and AWS Glue 5.1+ across all Regions that offer EMR, AWS Glue, and Lake Formation.

OpenSearch Serverless: CloudTrail data-plane audit logging

🔒 Amazon has added detailed audit logging for OpenSearch Serverless data-plane requests through AWS CloudTrail. Customers can now record and retain user actions on collections — including authorization attempts, index changes, and search queries — to support compliance and incident investigations. Logs can be filtered with read-only or write-only options or captured using advanced event selectors for granular control. Data events are delivered to Amazon S3 and can be forwarded to Amazon CloudWatch Events for real-time monitoring and response.

Securing Amazon Bedrock API Keys: Best Practices Guidance

🔐 AWS details practical guidance for implementing and managing Amazon Bedrock API keys, the service-specific credentials that provide bearer-token access to Bedrock. It recommends STS temporary credentials when possible and defines two API key types: short-term (client-generated, auto-expiring) and long-term (IAM-user associated). Protection advice includes using SCPs, iam and bedrock condition keys, and storing long-term keys in secure vaults. Detection and monitoring use CloudTrail, EventBridge rules, and an AWS Config rule, and response steps show CLI commands to deactivate and delete compromised keys.

AWS CloudTrail MCP Server Adds Natural-Language Security

🔒 AWS Labs published a Model Context Protocol (MCP) server for CloudTrail that enables AI assistants to perform security and compliance analysis via natural‑language queries. The server provides direct access to CloudTrail events and CloudTrail Lake, allowing searches of 90‑day management event histories and Trino SQL queries on Lake data spanning up to 10 years. By exposing these capabilities through a conversational interface, the MCP server removes the need for bespoke API integrations and streamlines investigation and compliance workflows. The component is available in regions that support CloudTrail LookupEvents or CloudTrail Lake and is available with code and documentation in the AWS Labs repository.