Is a secure cloud service platform that offers compute power, database storage. content delivery, network, and other functionality to help businesses scale and grow. It is one of the first cloud vendors to start services in the year 2006. It offers all the 3 service models namely IAAS, PAAS, and SAAS. Some of the notable domains in AWS are Compute, Migration, Storage, Network and Content Delivery, Management Tools, Database, Messaging, Security and Identity Compliance, and many more.
Simple and popular AWS Service for storage. Replicates data by default across multiple facilities. It charges per usage. It is deeply integrated with AWS Services. Buckets are logical storage units. Objects are data added in the bucket. S3 has a storage class on object level which can save money by moving less frequently accessed objects to colder storage class.
It is an AWS service that enables governance, compliance, operational auditing, and risk auditing of AWS account. It can log, continuously monitor, and retain account activity related to actions across AWS Infrastructure.
A serverless solution, which has an effective data-processing tool. It has high availability by default and doesn't store data. It gives the ability to do SQL queries on top of files stored in S3.
Click on trail
Making below changes, keep others as default and click next
Choosing Event Types Management Events: Capture management operations such as start instance, delete an instance, create a bucket, delete the bucket, and many similar events.
Data Events: logs existing resources, like someone deletes a bucket, changes configurations of resource, and many similar events.
Insights Events: It identifies unusual activity. Events related to your account are unusual in different parts of the file bucket.
Clicking Data Event Source Cloudtrail store's the events in the above AWS Service
Review and Create Trail
Creating IAM User
Configuring IAM User
Assign Permissions and click next
Review and Create User
Login as the User Created Turn off Servers
Log out of the user-created and log back as admin user
Go to S3 cloudtrail Go to your region and date to check your file, clicking on one of file's It is very difficult to understand from the above file, hence we use Athena below to simplify below.
The easiest way to work with the Athena table is through Cloudtrail
Go to event history of cloudtrail and click Athena table
Click the above created S3Cloudtrail bucket
An Athena Table is created with the above cloudtrail
Now going to Athena The circled shows the Cloudtrail table was successfully created.
Configure Athena to store the results for that select the setting's tab and then click on the S3 bucket Copy Instance ID which you want to know who shut it down Now the Athena Query to know which user turned down the EC2 instance or server Now you can see the user who turned down the EC2 Instance