Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

AWS CloudTrail Configuration

IAM User Permission

 

  • CloudWatchLogsReadOnlyAccess

  • AmazonS3ReadOnlyAccess

 

AWS Side Configuration

  1. Log into the AWS Console and in the search type 'cloudtrail'

2. In the dashboard you can either choose to use an existing trail or create a new trail.

2A. If choosing to create a new trail click on Create Trail button

a) Enter a Trail Name

b) Choose to create a new s3 bucket or save to an existing s3 bucket

c) Disable Log file SSE-KMS encryption

d) Enable CloudWatch logs.

e) Create a new Log group name and note it down

f) Create a New IAM Role called CloudtrailRoleforCloudwatchLogs_{trail-name}

g) Under events choose Management events, API activity - Read and Write

h) Review and finally Create Trail

 

 

2B ) If using an existing trail, click on it and check if CloudWatch logs is configured for the trail.

If yes, then note down the Cloudwatch Log Group name and use it for configuration.

If not, then Cloudwatch Logs > Edit

a) Enable CloudWatch logs.

b) Create a new Log group name and note it down

c) Create a New IAM Role called CloudtrailRoleforCloudwatchLogs_{trail-name}

d) Save changes and proceed.

 


Seceon OTM Configuration

  1. Open the Seceon OTM UI. Go into a Tenant. Settings > Provisioning > Cloud Devices > AWS Configuration

  2. Open Configure CloudTrail services

  3. Click on Add

  4. AWS Access Key ID: Enter Access Key ID

  5. AWS Secret Access Key: Input Secret Access Key

  6. AWS Region: Choose Log Group AWS Region

  7. AWS Log Group Name: Enter Log Group Name

  8. AWS Log Stream Name: This is optional and can be ignored

  9. Route53 Service: Choose Yes or No based on requirements

  10. Route53 Region: (Only active is yes chosen above) Enter region

  11. Route53 Log Group Name: (Only active is yes chosen above) Enter log group name

  12. Route53 Log Stream Name: (Only active is yes chosen above) Enter log stream Name

  13. CCE IP: Enter CCE IP

  14. Click on Save to save all the details.

 

Seceon Inc. All rights reserved. https://www.seceon.com