AWS CloudTrail Configuration

IAM User Permission

2. In the dashboard you can either choose to use an existing trail or create a new trail.

2A. If choosing to create a new trail click on Create Trail button

a) Enter a Trail Name

b) Choose to create a new s3 bucket or save to an existing s3 bucket

c) Disable Log file SSE-KMS encryption

d) Enable CloudWatch logs.

e) Create a new Log group name and note it down

f) Create a New IAM Role called CloudtrailRoleforCloudwatchLogs_{trail-name}

g) Under events choose Management events, API activity - Read and Write

h) Review and finally Create Trail

2B ) If using an existing trail, click on it and check if CloudWatch logs is configured for the trail.

If yes, then note down the Cloudwatch Log Group name and use it for configuration.

If not, then Cloudwatch Logs > Edit

a) Enable CloudWatch logs.

b) Create a new Log group name and note it down

c) Create a New IAM Role called CloudtrailRoleforCloudwatchLogs_{trail-name}

d) Save changes and proceed.

Open the Seceon OTM UI. Go into a Tenant. Settings > Provisioning > Cloud Devices > AWS Configuration
Open Configure CloudTrail services
Click on Add…
AWS Access Key ID: Enter Access Key ID
AWS Secret Access Key: Input Secret Access Key
AWS Region: Choose Log Group AWS Region
AWS Log Group Name: Enter Log Group Name
AWS Log Stream Name: This is optional and can be ignored
Route53 Service: Choose Yes or No based on requirements
Route53 Region: (Only active is yes chosen above) Enter region
Route53 Log Group Name: (Only active is yes chosen above) Enter log group name
Route53 Log Stream Name: (Only active is yes chosen above) Enter log stream Name
CCE IP: Enter CCE IP
Click on Save to save all the details.