As a sequence diagram. Using aws-cloudtrail-processing-library to read CloudTrail logs.
Pretty boring example of CodePipeline polling CodeCommit to see if anything has changed. Perhaps implies KMS envelope encryption is used for each commit.
Follow the AWS instructions to enable CloudTrail to forward logs CloudWatch Logs. You can use the watch-cloudtrail.template cloudformation template to create the log group and role. The use to update the trail (created manually).
aws cloudtrail update-trail --name $trail_name --cloud-watch-logs-log-group-arn $log_group_arn --cloud-watch-logs-role-arn $role_arn
If you prefer to do enable cloudtrail to cloudwatch using terraform, threatstack have a post showing how.
Run main() in CloudWatchRead.kt. From intellij or whatever.
Should look like:
bucket_name=<name of bucket cloudtrail is writing logs to>
key_prefix=Eg: AWSLogs/123456789012/CloudTrail/us-west-2/2017/02/01/
exclusion_regex=Eg: SomeService|10\\.0\\.0\\.42
Following serverless deploy:
aws s3 mb s3://bucket-name --region region
aws cloudformation package \
--template-file sam.yaml \
--output-template-file serverless-output.yaml \
--s3-bucket s3-bucket-name
aws cloudformation deploy \
--template-file serverless-output.yaml \
--stack-name new-stack-name \
--capabilities CAPABILITY_IAM
- Tail -f (follow mode)
- Show errorMessage text for failed requests (below line, as note?)
- Add auth for deployment with api gateway. Eg IAM auth with api gateway
- Handle api gateway max response size 10mb limits. Need 302 redirection to s3 object?
- Scroll from navigation arrow on each participant line should be smooth/animated