Amazon today unveiled CloudTrail, a new user visibility and resource-tracking API as part of its Amazon Web Services. This service, it seems, will complement Amazon CloudWatch, which provides monitoring services for AWS cloud resources for governance and compliance.
With CloudTrail, developers get an event feed for all of their resources on AWS, including calls made to the AWS APIs from their own applications and third-party software. This means they can immediately detect state changes like security group changes and similar information using CloudTrail and its API. While some of this information was previously available, it didn’t provide developers with any context. CloudTrail, however, can tell developers exactly who or what terminated an EC2 instance and they can then take action based on this.
The service, Amazon says, can help with compliance, but also resource life cycle tracking, operational troubleshooting and security analysis.
The new API logs calls from Elastic Compute Cloud (EC2), Elastic Block Store (EBS), Virtual Private Cloud (VPC), Relational Database Service (RDS), Identity and Access Management (IAM),
Security Token Service (STS), Redshift and CloudTrail itself.
Just like other AWS features, CloudTrail can be enabled from the AWS Management console and the log files are saved on Amazon’s S3 cloud storage service (or – for long-term storage – on Glacier).
Among the first partners to integrate CloudTrail is Sumo Logic. The company told us that it has integrated this service to use its analytics and visualization capabilities to create security and operations forensics for AWS customers. Using CloudTrail data, Sumo Logic can identify patterns and uncover anomalies related to user activity, configuration changes, resource usage and network anomalies. Sumo Logic is making this service available at no additional cost to its existing customers.
Another partner who has already integrated CloudTrail is AWS monitoring service Stackdriver, which has already integrated CloudTrail into its monitoring solution.
Other launch customers include Splunk, 2nd Watch, AlertLogic and Loggly.
Security in the cloud is still in its infancy, though. For example, Hadoop has become widely popular but it is still not secure enough for corporate customers. There are also gaps in user management, the real source of most attacks that result from people getting hacked and their passwords and server keys stolen.
Image via AWS