search
LoginStart for Free

AWS Cloudtrail Integration

Use ilert to receive alerts based on AWS CloudTrail activity like IAM changes or unauthorized API calls, ensuring fast response from on-call teams.

AWS CloudTrailarrow-up-right is a service that records and monitors all actions taken within an AWS account, providing detailed logs of API calls and activity across resources. When connected to ilert, CloudTrail enhances incident response by triggering real-time alerts for critical changes or suspicious activity, such as unauthorized access attempts or modifications to security settings.

hashtag
How this integration works

AWS CloudTrail logs and monitors account activity across your AWS infrastructure. Activity logs are published to specific Amazon Simple Notification Service (SNS) topics; the events are sent to ilert.

hashtag
Architecture

hashtag
In ilert: Create an Amazon SNS alert source

  1. Go to Alert sources -> Alert sources and click on Create new alert source

  2. Search for Amazon SNS in the search field, click on the Amazon SNS tile, and click on Next.

  3. Give your alert source a name, optionally assign teams, and click Next.

  4. Select an escalation policy by creating a new one or assigning an existing one.

  5. Select your Alert groupingarrow-up-right preference and click Continue setup. You may click Do not group alerts for now and change it later.

  6. The next page shows additional settings, such as customer alert templates or notification priority. Click on Finish setup for now.

  7. On the final page, an API key and / or webhook URL will be generated, which you will need later in this guide.

hashtag
In AWS Simple Notification Service(SNS): Create a new topic

  1. On the sidebar, click on Topics -> Create topic.

  1. Choose Standard and enter a topic Name.

  2. Save the topic.

  1. Now click on Create subscription.

  1. Select 'HTTPS' as Protocol and enter the alert source URL previously generated in ilert into the Endpoint field.

hashtag
In AWS Cloudtrail: Enable a SNS Notification

  1. Choose a desired trail by clicking on the name.

  1. In the General details tab, click on Edit.

  1. Under Additional settings, enable SNS notification delivery.

  2. Choose Existing and search for the newly created topic from before.

hashtag
FAQ

Will alerts in ilert be resolved automatically?

No, but you can use the eventType custom attribute to resolve an incident in specified incidentKey.

PreviousAWS Budgets IntegrationNextAWS DevOps Guru Integration

Last updated

Was this helpful?