Cloud Computing - AWS Lambda

Back to Course

Lesson Description

Lession - #1466 AWS Lambda with CloudTrails

We can enable CloudTrail in our AWS account to get logs of API calls and related events history in our account. CloudTrail records all of the API access events as objects in our Amazon S3 bucket that we specify at the time we enable CloudTrail.

Because CloudTrail provides a record of our AWS API calls we can use this data to gain visibility into user activity, troubleshoot operational and security incidents.

We can take advantage of Amazon S3's bucket notification feature and direct Amazon S3 to publish object- created events to AWS Lambda.

Whenever CloudTrail writes logs to our S3 bucket, Amazon S3 can also invoke our Lambda function by passing the Amazon S3 object- created event as a parameter. The S3 event provides information, including the bucket name and key name of the log object that CloudTrail created.

Our Lambda function code can read the log object and process the access records logged by CloudTrail.

For illustration, we might write Lambda function code to notify us if specific API call was made in our account. In our sample, we enable CloudTrail so it can write access logs to our S3 bucket we configured. As for Lambda, S3 is the event source, and it publishes events( similar as object- created event>
to AWS Lambda and invokes our Lambda function.

When S3 invokes our Lambda function, it passes an S3 event identifying, among other things, the bucket name and key name of the object that CloudTrail created. The Lambda function can read the log object, and it knows the API calls that were reported in the log.

Each object CloudTrail creates in our S3 bucket is a JSON object, with one or further event records. Each record, among other things, provides eventSource and eventName.

We need turne on AWS CloudTrail for our AWS account to maintain records( logs>
of AWS API calls made on our account.

Note that only a reagion where it's created is turned on!