Skip to content

This project shows how to use Grafana as live AWS CloudTrail monitoring dashboard to monitor the activities from AWS environment and generate the alerts

Notifications You must be signed in to change notification settings

ganeshcpote/aws-cloudtrail-grafana-dashboard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 

Repository files navigation

AWS Cloud Trail dashboard for live compliance, risk and audit monitoring

Architecture Overview

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

GrafanaPostImport

AWS Cloudtrail Grafana Dashboard

GrafanaPostImport

Installation and Usage instructions

For those familiar with AWS. Lambda code is in /lambda-code/ and you'll need to setup an event trigger on your CloudTrail bucket to call the Lambda function. Then visit the Grafana interface and import the /dashboard/grafana-dashboard-export.json file which imports the dashboard and all the required searches/virtualizations

Part 1: Deploying

  1. Git clone the repo or download the whole thing from the release page

  2. Create Lambda function using /lambda-code/index.js file with following environment variables

    • elasticsearchurl => http or https URL of Elasticsearch server which is accessible within VPC
    • snsTopicArn => SNS topic created for send emails
  3. Go to S3 cloudtrail bucket where all the events are generated by cloudtrail

    • Browse to your bucket and select Properties and events S3config

    • Create a new event filter on put operations and select your lambda function from the drop down! S3config

  4. Now cloudtrail logs written to S3 events should be starting to be processed by the cloudtrail lambda function and will start pushing those into elasticsearch. You can check by looking at the ElasticSearch index's. You should see an index titled logstash-YYYY-MM-DD

Part 2: Setting up the dashboard

  1. Now you can visit your Grafana URL

  2. Click import and select the /dashboard/grafana-dashboard-export.json file. kibanaImport

  3. If all goes successfully you should see the following saved objects post the import. You can now go and view your dashboard by going to Dashboard selecting open and selecting Cloudtrail-Event-Dashboard GrafanaPostImport

GrafanaPostImport

About

This project shows how to use Grafana as live AWS CloudTrail monitoring dashboard to monitor the activities from AWS environment and generate the alerts

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published