|
Today I am pleased to announce the general availability of network activities for Amazon Virtual Private Cloud (Amazon VPC) in AWS Cloudtrail. This feature will help you record and monitor the API API activity that exceeds VPC endpoints, helping you strengthen your data circuit and implementation detective controls.
Previously, it was difficult to detect attempts at potential exfiltration data and unauthorized access to resources in your network through VPC endpoints. While the VPC end point principles could be configured to avoid access from external accounts, there was no assembly mechanism to record rejected actions or detect when external login data at the VPC end point were used. This often required you to create your own solutions to check and analyze the TLS operation, which could be costly and negate the benefits of encrypted communication.
With this new ability, you can now log in to record all APS ASWs passing through VPC endpoints. Cloudtrail records these events as a new type of event called Network Activity Activity, which captures both action actions for the control plane and the data level passing through the End point of the VPC.
CHECKS ACTIVITIES IN THE CLOUDTRAIL provide several key advantages:
- Comprehensive visibility – Sign in with all API activity passing VPC endpoints, regardless of the AWS account starting.
- External detection of credentials – Determine when the login data from the outside approach your VPC end point.
- Prevention of Exfiltration of Data – Detect and explore potential attempts to move data.
- Improved Security Tracking – Get an insight into all AWS API activities at your End points VPC without having to decipher the operation of TLS.
- Visibility for compliance with regulations – Improve your ability to meet regulatory requirements by monitoring all API activities passing through.
We start with the events of network activities for logging of the VPC end point
In order to enable network activities, I go to the AWS cloud console and choose Trails In the navigation pane. I choose Create a trail create a new one. I enter a name in Trail name Amazon Simple Storage Service (Amazon S3) fields to store event logs. When I create a trail in cloudtrail, I can specify the existing Amazon S3 bucket or create a new bucket to store the event of my path.
If you set up Encryption of SSE-KMS protocol on AllowedYou have two options: Choose New Do you want to create a new key or select AWS Key Management (AWS KMS) Existing Choose an existing KMS key. If you are a thing NewYou have to enter aka AWS KMS aka Field. Cloudtrail encrypts your log files using this KMS key and adds policies for you. Key KMS and Amazon S3 must be in the same AWS area. For this example I use an existing KMS key. I will enter aka into AWS KMS aka Leave the field and the rest as the default for this demo. I choose Other For the next step.
IN Choose a log event Step, I choose The events of network activity under Events. I choose an event source from AWS service list, for example cloudtrail.amazonaws.com,, ec2.amazonaws.com,, kms.amazonaws.com,, s3.amazonaws.comand secretsmanager.amazonaws.com. For this demo I will add two sources of events of network activity. For the first source of select ec2.amazonaws.com choice. For Protocol voter templateI can use templates for common use of gold streams fine -grained filters for specific scenarios. For example, I can choose to record all API activities passing through the end point of the VPC Sign in all events Template. I choose Events rejected by a network activity of a protocol Template for protocol only access to the denied event. Optionally I can enter a name in Voter name Field to identify the protocol selector, for example Include network activity events for Amazon EC2.
I will choose as the second exam Custom Create custom filters on multiple fields, for example Eventname and Vpercotpointide. I can do a specific specific VPC endpoint ID or filter results to include only VPC endpoints that correspond to specific criteria. For Advanced selectors of events, I choose Vpercotpointide from Field Choosing information, select straight As Operatorand enter the VPC end point ID. When I expand the view of Json, I see the selectors of events as a block JSON. I choose Other And after reviewing the selection I choose Create a trail.
After its configuring it, Cloudtrail begins to log up the events of network activities for my VPC endpoints, which will help me analyze and act on this data. If you want to analyze the AWS Cloudtrail Network Activity events, you can use the AWS SDK Loads to load the AWS and AWS SDK command line. You can also use Cloudtrail Lake to capture, store and analyze events of network activity. If you use trails, you can use Amazon Athena to ask and filter these events based on specific criteria. Regular analysis of these events can help you secure the holder, in accordance with the regulations and optimize your network infrastructure in AWS.
Now available
Cloudtrail activity events for VPC endpoints provide you with a powerful tool for increasing your security, potential threat detection, and getting a deeper insight into your VPC network traffic. This feature deals with your critical needs to understand visibility and control over your AWS.
Network activities for VPC endpoints are available in all AWS commercial regions.
You can find the prices on the AWS Cloudtrail price.
If you want to start with Cloudtrail Network Activity events, visit AWS cloudtrail. For more information about Cloudtrail and its functions, Fer to AWS Cloudtrail.
– Esra