🚀 AI Generated Incident Summaries Feature is Now Live! See it in action! 🎉
Blog
Monitoring
Getting AWS CloudTrail alerts via SNS Endpoint

Getting AWS CloudTrail alerts via SNS Endpoint

May 31, 2022
Getting AWS CloudTrail alerts via SNS Endpoint
In This Article:
Our Products
On-Call Management
Incident Response
Continuous Learning
Workflow Automation

Logging and auditing have been an essential part of troubleshooting application and infrastructure performance. You can instantly spot areas of risk to ensure quick correction and prevention of issues. In this blog, we will explore the AWS CloudTrail service and discuss how integrating it with Squadcast can help you route alerts to the right users for quick and efficient incident response.

Let's get started.

What is AWS CloudTrail and why is it important?

AWS CloudTrail is an Auditing and Logging service for Amazon Web Services (AWS) accounts. It tells you who performed what actions on your resources and when. It enables governance, compliance, operational auditing, and risk auditing. With this service, you can log, monitor, and retain account activity associated with actions across your AWS infrastructure. It gives you the event history of your AWS account activity, like actions taken through:

  • AWS Management Console
  • AWS SDKs
  • Command-Line and other AWS services

This event history can help you during security analysis, resource change tracking, and troubleshooting. Validated log files are invaluable in ensuring the security of resources that run on the cloud.

It is the single most important logging service in AWS as it lets you log and identify all the important activities in an AWS account like,

  • Who performed the action (Principle type, Source IP/Service, user agent)
  • When it occurred (Date and Time)
  • Where it occurred (Region)
  • What occurred (API actions performed)
  • Resources affected (configuration/parameter info)
  • Results of action (success/error associated with result info)

Here is an example of how the event log looks in AWS,

You can get notifications when CloudTrail publishes new log files. This is possible by configuring CloudTrail to send updated information to an Amazon SNS topic whenever a new log file has been sent. Doing so enables you to respond quickly to critical operational events. Let us quickly take a look at Amazon SNS Service, before we jump to the integration part.

What is Amazon Simple Notification Service (SNS)?

Amazon SNS is a managed service offering message delivery from publishers to subscribers. Publishers use this service to communicate asynchronously with subscribers by sending messages to a 'topic'. A topic is a logical access point and communication channel. To receive published messages, users/consumers can subscribe to an SNS topic, using a supported endpoint type.

This service can fan out alerts to millions of subscribers, and it offers capabilities like,

  • App-to-app messages
  • App-to-person messages
  • Use of FIFO topics
  • Message archiving, filtering, and analytics

Let us now go ahead and see how we can integrate CloudTrail with Squadcast to route alerts via an SNS endpoint.

Setting up CloudTrail-Squadcast Integration

Using AWS CloudTrail Logs via SNS as an Alert Source

Step1: From the navigation bar in Squadcast, on the top left corner pick the applicable Team from the Team-picker and select Services. Next, click on Alert Sources for the applicable Service.

Step2: Search for AWS CloudTrail Logs via SNS from the Alert Source drop-down and copy the Webhook URL, we will be using it in the following steps.

Please Note: For an Alert Source to turn active (indicated by a green dot - Receiving alerts against the name of the Alert Source in the drop-down), you can either generate a test alert or wait for a real-time alert to be generated by the Alert Source.

An Alert Source is active if there is a recorded incident via that Alert Source for the Service in the last 30 days.

Create CloudTrail logs Endpoint in AWS SNS

Now log in to your AWS account and proceed to SNS.

Step1: Click on “Create topic”. Fill in the details as per your requirements and then click on “Create topic”.

Step2: Now inside the topic, click on “Create subscription”. Select the protocol as “HTTPS” and in the endpoint enter the Alert Source Endpoint Webhook URL obtained from the Step 2 of the previous bit. Finally, click on “Create subscription”.

The “Subscription ID” for the subscription should change to “Confirmed” immediately from “Pending Confirmation”. Click on the refresh button to verify the same.

Then you can configure your CloudTrail log alerts and assign this topic as the notification option and you are good to go.

AWS CloudTrail is a highly effective AWS service for cloud logging and auditing. integrating it with Squadcast can help you leverage various incident response and SRE features of Squadcast to keep your systems reliable.

Written By:
May 31, 2022
Vishal Padghan
Vishal Padghan
May 31, 2022
Monitoring
Incident Response
Cloud Computing
Share this blog:
In This Article:
Get reliability insights delivered straight to your inbox.
Get ready for the good stuff! No spam, no data sale and no promotion. Just the awesome content you signed up for.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
If you wish to unsubscribe, we won't hold it against you. Privacy policy.
Get reliability insights delivered straight to your inbox.
Get ready for the good stuff! No spam, no data sale and no promotion. Just the awesome content you signed up for.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
If you wish to unsubscribe, we won't hold it against you. Privacy policy.
Get the latest scoop on Reliability insights. Delivered straight to your inbox.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
If you wish to unsubscribe, we won't hold it against you. Privacy policy.
Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2 Users love Squadcast on G2
Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2
Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2
Users love Squadcast on G2
Copyright © Squadcast Inc. 2017-2024

Getting AWS CloudTrail alerts via SNS Endpoint

May 31, 2022
Last Updated:
May 2, 2024
Share this post:
Getting AWS CloudTrail alerts via SNS Endpoint
Table of Contents:

    Logging and auditing have been an essential part of troubleshooting application and infrastructure performance. You can instantly spot areas of risk to ensure quick correction and prevention of issues. In this blog, we will explore the AWS CloudTrail service and discuss how integrating it with Squadcast can help you route alerts to the right users for quick and efficient incident response.

    Let's get started.

    What is AWS CloudTrail and why is it important?

    AWS CloudTrail is an Auditing and Logging service for Amazon Web Services (AWS) accounts. It tells you who performed what actions on your resources and when. It enables governance, compliance, operational auditing, and risk auditing. With this service, you can log, monitor, and retain account activity associated with actions across your AWS infrastructure. It gives you the event history of your AWS account activity, like actions taken through:

    • AWS Management Console
    • AWS SDKs
    • Command-Line and other AWS services

    This event history can help you during security analysis, resource change tracking, and troubleshooting. Validated log files are invaluable in ensuring the security of resources that run on the cloud.

    It is the single most important logging service in AWS as it lets you log and identify all the important activities in an AWS account like,

    • Who performed the action (Principle type, Source IP/Service, user agent)
    • When it occurred (Date and Time)
    • Where it occurred (Region)
    • What occurred (API actions performed)
    • Resources affected (configuration/parameter info)
    • Results of action (success/error associated with result info)

    Here is an example of how the event log looks in AWS,

    You can get notifications when CloudTrail publishes new log files. This is possible by configuring CloudTrail to send updated information to an Amazon SNS topic whenever a new log file has been sent. Doing so enables you to respond quickly to critical operational events. Let us quickly take a look at Amazon SNS Service, before we jump to the integration part.

    What is Amazon Simple Notification Service (SNS)?

    Amazon SNS is a managed service offering message delivery from publishers to subscribers. Publishers use this service to communicate asynchronously with subscribers by sending messages to a 'topic'. A topic is a logical access point and communication channel. To receive published messages, users/consumers can subscribe to an SNS topic, using a supported endpoint type.

    This service can fan out alerts to millions of subscribers, and it offers capabilities like,

    • App-to-app messages
    • App-to-person messages
    • Use of FIFO topics
    • Message archiving, filtering, and analytics

    Let us now go ahead and see how we can integrate CloudTrail with Squadcast to route alerts via an SNS endpoint.

    Setting up CloudTrail-Squadcast Integration

    Using AWS CloudTrail Logs via SNS as an Alert Source

    Step1: From the navigation bar in Squadcast, on the top left corner pick the applicable Team from the Team-picker and select Services. Next, click on Alert Sources for the applicable Service.

    Step2: Search for AWS CloudTrail Logs via SNS from the Alert Source drop-down and copy the Webhook URL, we will be using it in the following steps.

    Please Note: For an Alert Source to turn active (indicated by a green dot - Receiving alerts against the name of the Alert Source in the drop-down), you can either generate a test alert or wait for a real-time alert to be generated by the Alert Source.

    An Alert Source is active if there is a recorded incident via that Alert Source for the Service in the last 30 days.

    Create CloudTrail logs Endpoint in AWS SNS

    Now log in to your AWS account and proceed to SNS.

    Step1: Click on “Create topic”. Fill in the details as per your requirements and then click on “Create topic”.

    Step2: Now inside the topic, click on “Create subscription”. Select the protocol as “HTTPS” and in the endpoint enter the Alert Source Endpoint Webhook URL obtained from the Step 2 of the previous bit. Finally, click on “Create subscription”.

    The “Subscription ID” for the subscription should change to “Confirmed” immediately from “Pending Confirmation”. Click on the refresh button to verify the same.

    Then you can configure your CloudTrail log alerts and assign this topic as the notification option and you are good to go.

    AWS CloudTrail is a highly effective AWS service for cloud logging and auditing. integrating it with Squadcast can help you leverage various incident response and SRE features of Squadcast to keep your systems reliable.

    What you should do now
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    What you should do now?
    Here are 3 ways you can continue your journey to learn more about Unified Incident Management
    Discover the platform's capabilities through our Interactive Demo.
    See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    Share the article
    Share this blog post on Facebook, Twitter, Reddit or LinkedIn.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare our plans and find the perfect fit for your business.
    See Redis' Journey to Efficient Incident Management through alert noise reduction With Squadcast.
    Discover the platform's capabilities through our Interactive Demo.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare Squadcast & PagerDuty / Opsgenie
    Compare and see if Squadcast is the right fit for your needs.
    Compare our plans and find the perfect fit for your business.
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    Discover the platform's capabilities through our Interactive Demo.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Discover the platform's capabilities through our Interactive Demo.
    Enjoyed the article? Explore further insights on the best SRE practices.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Enjoyed the article? Explore further insights on the best SRE practices.
    Written By:
    May 31, 2022
    May 31, 2022
    Share this post:
    Subscribe to our LinkedIn Newsletter to receive more educational content
    Subscribe now
    ant-design-linkedIN

    Subscribe to our latest updates

    Enter your Email Id
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    FAQs
    More from
    Vishal Padghan
    How AI is Revolutionizing SaaS and Cloud Software: Key Trends for 2025
    How AI is Revolutionizing SaaS and Cloud Software: Key Trends for 2025
    September 26, 2024
    Trusting AI for Incident Response: The Role of AI in Modern Incident Management
    Trusting AI for Incident Response: The Role of AI in Modern Incident Management
    September 20, 2024
    The Future of SLOs in DevOps: Navigating Common Pitfalls in SLO Management
    The Future of SLOs in DevOps: Navigating Common Pitfalls in SLO Management
    September 13, 2024
    Learn how organizations are using Squadcast
    to maintain and improve upon their Reliability metrics
    Learn how organizations are using Squadcast to maintain and improve upon their Reliability metrics
    mapgears
    "Mapgears simplified their complex On-call Alerting process with Squadcast.
    Squadcast has helped us aggregate alerts coming in from hundreds...
    bibam
    "Bibam found their best PagerDuty alternative in Squadcast.
    By moving to Squadcast from Pagerduty, we have seen a serious reduction in alert fatigue, allowing us to focus...
    tanner
    "Squadcast helped Tanner gain system insights and boost team productivity.
    Squadcast has integrated seamlessly into our DevOps and on-call team's workflows. Thanks to their reliability...
    Alexandre Lessard
    System Analyst
    Martin do Santos
    Platform and Architecture Tech Lead
    Sandro Franchi
    CTO
    Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2022 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Mid-Market Asia Pacific Incident Management on G2 Users love Squadcast on G2
    Squadcast awarded as "Best Software" in the IT Management category by G2 🎉 Read full report here.
    What our
    customers
    have to say
    mapgears
    "Mapgears simplified their complex On-call Alerting process with Squadcast.
    Squadcast has helped us aggregate alerts coming in from hundreds of services into one single platform. We no longer have hundreds of...
    Alexandre Lessard
    System Analyst
    bibam
    "Bibam found their best PagerDuty alternative in Squadcast.
    By moving to Squadcast from Pagerduty, we have seen a serious reduction in alert fatigue, allowing us to focus...
    Martin do Santos
    Platform and Architecture Tech Lead
    tanner
    "Squadcast helped Tanner gain system insights and boost team productivity.
    Squadcast has integrated seamlessly into our DevOps and on-call team's workflows. Thanks to their reliability metrics we have...
    Sandro Franchi
    CTO
    Revamp your Incident Response.
    Peak Reliability
    Easier, Faster, More Automated with SRE.