AWS awscloudtrail documentation change
Summary
Added documentation for data event aggregation templates (API Activity, Resource Access, User Actions)
Security assessment
The change introduces documentation for aggregation templates that improve visibility into API usage, resource access, and user actions. While this enhances auditing capabilities (a security best practice), there is no evidence it addresses a specific security vulnerability. It adds documentation for features that support security monitoring.
Diff
diff --git a/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.md b/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.md index bcae52950..237afc4f9 100644 --- a//awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.md +++ b//awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.md @@ -172 +172,13 @@ You can have a maximum of 500 values for all selectors on an event data store. T - 17. To log network activity events, choose **Network activity events**. Network activity events enable VPC endpoint owners to record AWS API calls made using their VPC endpoints from a private VPC to the AWS service. Additional charges apply for logging network activity events. For more information, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/). + 17. To enable aggregation on data events, choose one or more aggregation templates. These templates define how your data events will be summarized. You can choose from the following templates: + + 1. **API Activity** to get 5-minute summaries of your data events based on the API calls made. Use this to understand your API usage patterns, including frequency, callers, and source. + + 2. **Resource Access** to get the activity patterns on your AWS resources. Use this to understand how your AWS resources are being accessed, how many times they are being accessed in the 5-minute window, who is accessing the resource, and what actions are being performed. + + 3. **User Actions** to get activity patterns based on IAM principals making API calls in your account. + +###### Note + +Aggregations apply to all data events collected in your trail. + + 18. To log network activity events, choose **Network activity events**. Network activity events enable VPC endpoint owners to record AWS API calls made using their VPC endpoints from a private VPC to the AWS service. Additional charges apply for logging network activity events. For more information, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/). @@ -200 +212 @@ To log network activity events, do the following: - 18. Choose **Insights events** if you want your trail to log CloudTrail Insights events. + 19. Choose **Insights events** if you want your trail to log CloudTrail Insights events. @@ -208 +220 @@ Insights events are delivered to a different folder named `/CloudTrail-Insight`o - 19. When you are finished choosing event types to log, choose **Next**. + 20. When you are finished choosing event types to log, choose **Next**. @@ -210 +222 @@ Insights events are delivered to a different folder named `/CloudTrail-Insight`o - 20. On the **Review and create** page, review your choices. Choose **Edit** in a section to change the trail settings shown in that section. When you are ready to create the trail, choose **Create trail**. + 21. On the **Review and create** page, review your choices. Choose **Edit** in a section to change the trail settings shown in that section. When you are ready to create the trail, choose **Create trail**. @@ -212 +224 @@ Insights events are delivered to a different folder named `/CloudTrail-Insight`o - 21. The new trail appears on the **Trails** page. In about 5 minutes, CloudTrail publishes log files that show the AWS API calls made in your account. You can see the log files in the S3 bucket that you specified. + 22. The new trail appears on the **Trails** page. In about 5 minutes, CloudTrail publishes log files that show the AWS API calls made in your account. You can see the log files in the S3 bucket that you specified.