CloudTrail Lake – Logging and Monitoring – SCS-C02 Study Guide

CloudTrail Lake

AWS CloudTrail Lake is a solution that helps you store and analyze AWS CloudTrail data at a much larger scale instead of dealing with a single trail at a time. It uses Amazon S3, Amazon Athena, and AWS Glue to create a data lake that can store CloudTrail logs for an extended period of time.

By leveraging AWS CloudTrail Lake, you can gain deeper insights into your AWS environment, such as identifying potential security threats, troubleshooting issues, and auditing compliance. It provides a central location to store, manage, and analyze CloudTrail data, making it easier to perform ad hoc queries, build custom reports, and gain insight into user activity across multiple AWS accounts.

Rather than storing the events in the JSON format, CloudTrail Lake converts existing events into a row-based Apache ORC format. This is a columnar storage format that is highly efficient for retrieving stored data.

Summary

This chapter covered the different types of logs produced by various AWS services and how they can be stored for later use and consumption or, if needed, for an audit.

You saw how S3 can record access to its objects and folders using S3 access logging. You also explored how to troubleshoot and record network activity using VPC Flow Logs. In reviewing another way to capture network traffic, you saw the capabilities of both ELB logging and WAF logs.

You also learned about the service that records all API calls, CloudTrail. You examined how to turn on a new trail for a specific purpose and how to look up events in that trail. In case using the legacy trail becomes limiting, you looked at how to expand the capabilities of CloudTrail using CloudTrail Lake.

Chapter 8, CloudWatch and CloudWatch Metrics, will discuss the CloudWatch service and how it consumes logs. You will also see how CloudWatch can gather and publish predefined and custom metrics from our services.

Further Reading

For additional information on the AWS Shared Responsibility Model and an underlying foundation of AWS security, please check out the following resources:

• Logging options for Amazon S3: https://packt.link/7pTi5
• Analyze Network Traffic of Amazon Virtual Private Cloud (VPC) by CIDR blocks: https://packt.link/yiNeO
• Well-Architected Framework – Security Pillar, Detection: https://packt.link/ZLCA7

Exam Readiness Drill – Chapter Review Questions

Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That is why working on these skills early on in your learning journey is key.

Chapter review questions are designed to improve your test-taking skills progressively with each chapter you learn and review your understanding of key concepts in the chapter at the same time. You’ll find these at the end of each chapter.

How To Access These Resources

To learn how to access these resources, head over to the chapter titled Chapter 21, Accessing the Online Practice Resources.

To open the Chapter Review Questions for this chapter, perform the following steps:

1. Click the link – https://packt.link/SCSC02E2_CH07

Alternatively, you can scan the following QR code (Figure 7.17):

Figure 7.17: QR code that opens Chapter Review Questions for logged-in users

• Once you log in, you’ll see a page similar to the one shown in Figure 7.18:

Figure 7.18: Chapter Review Questions for Chapter 7

• Once ready, start the following practice drills, re-attempting the quiz multiple times.

Exam Readiness Drill

For the first three attempts, don’t worry about the time limit.

ATTEMPT 1

The first time, aim for at least 40%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix your learning gaps.

ATTEMPT 2

The second time, aim for at least 60%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix any remaining learning gaps.

ATTEMPT 3

The third time, aim for at least 75%. Once you score 75% or more, you start working on your timing.

Tip

You may take more than three attempts to reach 75%. That’s okay. Just review the relevant sections in the chapter till you get there.

Working On Timing

Target: Your aim is to keep the score the same while trying to answer these questions as quickly as possible. Here’s an example of how your next attempts should look like:

Attempt	Score	Time Taken
Attempt 5	77%	21 mins 30 seconds
Attempt 6	78%	18 mins 34 seconds
Attempt 7	76%	14 mins 44 seconds

Table 7.2: Sample timing practice drills on the online platform

Note

The time limits shown in the above table are just examples. Set your own time limits with each attempt based on the time limit of the quiz on the website.

With each new attempt, your score should stay above 75% while your time taken to complete should decrease. Repeat as many attempts as you want till you feel confident dealing with the time pressure.