In this video, you will be introduced to CloudTrail, a facility within AWS for logging API calls. You will learn that AWS is built on a set of microservices which are presented as APIs, and that you can interact with AWS APIs from a number of programming languages including Java, Microsoft .NET, Ruby, Python, and PHP. You will understand that the AWS Command Line Interface (CLI) and Web Console use these APIs. Finally, you will learn exactly how to turn on CloudTrail within your AWS account, including the creation of an S3 bucket in which to store logs
- View Offline
- [Voiceover] CloudTrail is a service…within AWS that provides comprehensive…API logging capabilities.…Let's explore what CloudTrail is,…what it can do for you,…and how to get it configured.…AWS famously uses application programming interfaces,…or APIs,…as the foundational, internal communication protocol.…APIs provide a consistent way to interact…with AWS services from a variety of different sources.…For instance, suppose you want to…interact programmatically with Elastic Compute Cloud,…or EC2 instances.…
EC2 instances are virtual servers running in AWS.…AWS provides software development kits,…or SDKs,…for a variety of popular programming languages…including Java,…Microsoft .Net,…Ruby,…Python,…and PHP to name a few.…Under the covers,…all of these SDKs use the same back end API…to interact with EC2.…Even better, AWS's user facing tools…including the AWS command line interface,…or CLI,…and the Amazon web services,…Web Console,…both use the same back end API…to communicate with EC2.…
This is where CloudTrail comes in.…Once configured,…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
This course includes trademarks owned by Amazon Web Services. This course has not been prepared, approved, or endorsed by Amazon Web Services.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor