Thursday, June 5, 2025

Cloud Trail

Cloud Trail

Class 39th AWS Cloud Trail June 5th

in our origination track the all users action details  

Root user 

AWS>Cloud trail 

See below how created the users ,track the details 


Step1: i have created one dummy IAM user ccitdeveloper access permission to S3full access 

and created one bucket "ccitdevelopecreatedjune525", need check cloud trail action was tracked or not 

I have login console ccitdeveloper , another admin create the bucket another action tracked


Charges 

Cloud Trail : It will show services accessed by user 

By default It stores last 90 days of activities.

$2.00 per 1,00,000 management events delivered.

$0.10 per 1,00,000 network activity events delivered(for vpc)

By default cloud trail will record all events 

But i want on specific events(s3,Ec2) we need to create cloud trail 

Practical for Specific event  Trail

Step1: Cloud trail > create  trail, give name, the trail log events are stored in S3 bucket

click next 


Select the events 

Management event and data events 

Data event: S3 only

click Crete trail ,Successfully created trail , Events are captured in s3 bucket


in IAM admin user i have uploaded S3 bucket s3://ccitdevelopecreatedjune5251, two files (objects)

Could trail s3 bucket action are tracked , the log format is showing Json format

for the Json format ,you can use convert online ,copy to covert more unstand .
https://jsonformatter.org/json-to-yaml

See here log , below bucket two file uploaded 1.png ,2.png actions are tracked 

   resources:
      - accountId: '216989104632'
        type: 'AWS::S3::Bucket'
        ARN: 'arn:aws:s3:::ccitdevelopecreatedjune5251'
      - type: 'AWS::S3::Object'
        ARN: 'arn:aws:s3:::ccitdevelopecreatedjune5251/1.png'
  resources:
      - accountId: '216989104632'
        type: 'AWS::S3::Bucket'
        ARN: 'arn:aws:s3:::ccitdevelopecreatedjune5251'
      - type: 'AWS::S3::Object'
        ARN: 'arn:aws:s3:::ccitdevelopecreatedjune5251/2.png'

Sample Questions:
Q1) How do you track user activites in aws?
       Cloud trail
Q2) One of the user delete on sever in AWS account how do you find them ?
Cloud trail
Q3)By Default how many days event should be stored ?
 90 days
Q4)Can we filter events separately for a resource ?
   Yes 
We can not able delete the event trail 

--Thanks 

                                           Content delivery network(CDN)
  It will help to Steaming the browser live events 
  • Used to deliver app from edge location 
  • It gives fast response
ex: cricket matches ,e-commerce sales..etc 

User -->Edge Location -->App server 
Edge location Application information exist in the edge location also 
Origin -->Original server  for ex:-S3,ELB,API GATEWAY

Here below flow chart  
First time user give the request it will go through cloud front fetch image from the s3 bucket
we get response from S3 bucket origin send to cloud front and then send to response user .
Second time user 


  • Users request images through a web or mobile application.
  • The application constructs URLs pointing to CloudFront distributions associated with the S3 buckets.
  • CloudFront serves the cached images from the nearest edge location, reducing latency and improving performance.
  • If the requested image or transformation is not cached, CloudFront fetches it from S3. If the fetch from S3 results in a 404 error (image not found), Lambda@Edge will be triggered to serve a default image. Alternatively you can set up CloudFront with origin failover (fallback to another S3 bucket or a web server) for scenarios that require high availability.

Advantages:
 1.Reduce Latency 
 2.Cut cost 
 3.Customize Delivery 
 4.Security 
Free Tier :
1 TB of data transfer not 
10,000,000 (10 million) Http or Https request 
2,00,0000 Cloud front  function invocations 
Each month , always free

Load Balancer (Between two servers control the traffic, we used load balancer)
Create load balancer >Application load balancer 
Load balancer name:Amazon

Server1 Server2), usually need two server for load balancer 

General we can access the server using IP, but load balancer we can access though DNS 
Came to Active Below screen shot 


So far we can access application use public ip 
http://54.198.190.185/
now we able access the server using Dns name also using below url, shown screen shot 
http://amazon-542509.us-east-1.elb.amazonaws.com/



Step1:Create 2 servers and deploy amazon app --done (as of now one server exist)
Step2:Create load balancer --Done
Step3:Cloud front -->Original domain ELB(select your LB) -->Protocal :HTTP only (original Protocol)
-->Enable Origin Shield (cache will store): us-east-1b -->Protocol: HTTPS(Cloud front protocol) -->
Select WAF  --> IPv6: OFF -->CREATE 

AWS console type >cloud front 
Create a CloudFront distribution

Distribution options

 .Single website or app

 Select the region where your application server exist 

So far your HTTP, once protocol enabled Shield, our application will load to https also

Finally WAF(Web application firewall)enabled , Treads will control for this 

Click Create distribution, it will take 2 mint  enabled and last modified deployed to update the date.

Now Last modified change date and time , now Copy the distribution domain name, try to access website.
  

See now ,Application access https for reference , i have copied the domain name in search box .

http://54.198.190.185/  (website url)
http://amazon-542509.us-east-1.elb.amazonaws.com/  (Load balancer )
https://d36y6xvhps2lzh.cloudfront.net/  (Cloud front ) ,compared above Url CDN is more faster than above , our live Steaming will work like that way 

We able Restrict the website in CDN CloudFront geographic restrictions  edit select geographic location block  India ,Hungary click Save
Hungary
India

Now see we can not able to access the application 


After completion for you tasks need to delete the CDN, first need disabled and then delete 


--Thanks 


by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)