📢 Webinar Alert! Live Call Routing with Squadcast: Helping Teams Achieve Faster Resolutions | Register here

Getting AWS CloudTrail alerts via SNS Endpoint

May 31, 2022
Last Updated:
May 2, 2024
Share this post:
Getting AWS CloudTrail alerts via SNS Endpoint
Table of Contents:

    Logging and auditing have been an essential part of troubleshooting application and infrastructure performance. You can instantly spot areas of risk to ensure quick correction and prevention of issues. In this blog, we will explore the AWS CloudTrail service and discuss how integrating it with Squadcast can help you route alerts to the right users for quick and efficient incident response.

    Let's get started.

    What is AWS CloudTrail and why is it important?

    AWS CloudTrail is an Auditing and Logging service for Amazon Web Services (AWS) accounts. It tells you who performed what actions on your resources and when. It enables governance, compliance, operational auditing, and risk auditing. With this service, you can log, monitor, and retain account activity associated with actions across your AWS infrastructure. It gives you the event history of your AWS account activity, like actions taken through:

    • AWS Management Console
    • AWS SDKs
    • Command-Line and other AWS services

    This event history can help you during security analysis, resource change tracking, and troubleshooting. Validated log files are invaluable in ensuring the security of resources that run on the cloud.

    It is the single most important logging service in AWS as it lets you log and identify all the important activities in an AWS account like,

    • Who performed the action (Principle type, Source IP/Service, user agent)
    • When it occurred (Date and Time)
    • Where it occurred (Region)
    • What occurred (API actions performed)
    • Resources affected (configuration/parameter info)
    • Results of action (success/error associated with result info)

    Here is an example of how the event log looks in AWS,

    You can get notifications when CloudTrail publishes new log files. This is possible by configuring CloudTrail to send updated information to an Amazon SNS topic whenever a new log file has been sent. Doing so enables you to respond quickly to critical operational events. Let us quickly take a look at Amazon SNS Service, before we jump to the integration part.

    What is Amazon Simple Notification Service (SNS)?

    Amazon SNS is a managed service offering message delivery from publishers to subscribers. Publishers use this service to communicate asynchronously with subscribers by sending messages to a 'topic'. A topic is a logical access point and communication channel. To receive published messages, users/consumers can subscribe to an SNS topic, using a supported endpoint type.

    This service can fan out alerts to millions of subscribers, and it offers capabilities like,

    • App-to-app messages
    • App-to-person messages
    • Use of FIFO topics
    • Message archiving, filtering, and analytics

    Let us now go ahead and see how we can integrate CloudTrail with Squadcast to route alerts via an SNS endpoint.

    Setting up CloudTrail-Squadcast Integration

    Using AWS CloudTrail Logs via SNS as an Alert Source

    Step1: From the navigation bar in Squadcast, on the top left corner pick the applicable Team from the Team-picker and select Services. Next, click on Alert Sources for the applicable Service.

    Step2: Search for AWS CloudTrail Logs via SNS from the Alert Source drop-down and copy the Webhook URL, we will be using it in the following steps.

    Please Note: For an Alert Source to turn active (indicated by a green dot - Receiving alerts against the name of the Alert Source in the drop-down), you can either generate a test alert or wait for a real-time alert to be generated by the Alert Source.

    An Alert Source is active if there is a recorded incident via that Alert Source for the Service in the last 30 days.

    Create CloudTrail logs Endpoint in AWS SNS

    Now log in to your AWS account and proceed to SNS.

    Step1: Click on “Create topic”. Fill in the details as per your requirements and then click on “Create topic”.

    Step2: Now inside the topic, click on “Create subscription”. Select the protocol as “HTTPS” and in the endpoint enter the Alert Source Endpoint Webhook URL obtained from the Step 2 of the previous bit. Finally, click on “Create subscription”.

    The “Subscription ID” for the subscription should change to “Confirmed” immediately from “Pending Confirmation”. Click on the refresh button to verify the same.

    Then you can configure your CloudTrail log alerts and assign this topic as the notification option and you are good to go.

    AWS CloudTrail is a highly effective AWS service for cloud logging and auditing. integrating it with Squadcast can help you leverage various incident response and SRE features of Squadcast to keep your systems reliable.

    What you should do now
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    What you should do now?
    Here are 3 ways you can continue your journey to learn more about Unified Incident Management
    Discover the platform's capabilities through our Interactive Demo.
    See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    Share the article
    Share this blog post on Facebook, Twitter, Reddit or LinkedIn.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare our plans and find the perfect fit for your business.
    See Redis' Journey to Efficient Incident Management through alert noise reduction With Squadcast.
    Discover the platform's capabilities through our Interactive Demo.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare Squadcast & PagerDuty / Opsgenie
    Compare and see if Squadcast is the right fit for your needs.
    Compare our plans and find the perfect fit for your business.
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    Discover the platform's capabilities through our Interactive Demo.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Discover the platform's capabilities through our Interactive Demo.
    Enjoyed the article? Explore further insights on the best SRE practices.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Enjoyed the article? Explore further insights on the best SRE practices.
    Written By:
    May 31, 2022
    May 31, 2022
    Share this post:
    Subscribe to our LinkedIn Newsletter to receive more educational content
    Subscribe now

    Subscribe to our latest updates

    Enter your Email Id
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    FAQ
    More from
    Vishal Padghan
    Complete Incident Management Playbook for Enterprises
    Complete Incident Management Playbook for Enterprises
    June 14, 2024
    The Complete Incident Management Tech Stack To Increase Performance, Reduce Cost And Optimize Tool Sprawl
    The Complete Incident Management Tech Stack To Increase Performance, Reduce Cost And Optimize Tool Sprawl
    May 30, 2024
    What is Site Reliability Engineering and How it Transforms IT Operations?
    What is Site Reliability Engineering and How it Transforms IT Operations?
    May 27, 2024

    Getting AWS CloudTrail alerts via SNS Endpoint

    Getting AWS CloudTrail alerts via SNS Endpoint
    May 31, 2022
    Last Updated:
    May 31, 2022

    Logging and auditing have been an essential part of troubleshooting application and infrastructure performance. You can instantly spot areas of risk to ensure quick correction and prevention of issues. In this blog, we will explore the AWS CloudTrail service and discuss how integrating it with Squadcast can help you route alerts to the right users for quick and efficient incident response.

    Let's get started.

    What is AWS CloudTrail and why is it important?

    AWS CloudTrail is an Auditing and Logging service for Amazon Web Services (AWS) accounts. It tells you who performed what actions on your resources and when. It enables governance, compliance, operational auditing, and risk auditing. With this service, you can log, monitor, and retain account activity associated with actions across your AWS infrastructure. It gives you the event history of your AWS account activity, like actions taken through:

    • AWS Management Console
    • AWS SDKs
    • Command-Line and other AWS services

    This event history can help you during security analysis, resource change tracking, and troubleshooting. Validated log files are invaluable in ensuring the security of resources that run on the cloud.

    It is the single most important logging service in AWS as it lets you log and identify all the important activities in an AWS account like,

    • Who performed the action (Principle type, Source IP/Service, user agent)
    • When it occurred (Date and Time)
    • Where it occurred (Region)
    • What occurred (API actions performed)
    • Resources affected (configuration/parameter info)
    • Results of action (success/error associated with result info)

    Here is an example of how the event log looks in AWS,

    You can get notifications when CloudTrail publishes new log files. This is possible by configuring CloudTrail to send updated information to an Amazon SNS topic whenever a new log file has been sent. Doing so enables you to respond quickly to critical operational events. Let us quickly take a look at Amazon SNS Service, before we jump to the integration part.

    What is Amazon Simple Notification Service (SNS)?

    Amazon SNS is a managed service offering message delivery from publishers to subscribers. Publishers use this service to communicate asynchronously with subscribers by sending messages to a 'topic'. A topic is a logical access point and communication channel. To receive published messages, users/consumers can subscribe to an SNS topic, using a supported endpoint type.

    This service can fan out alerts to millions of subscribers, and it offers capabilities like,

    • App-to-app messages
    • App-to-person messages
    • Use of FIFO topics
    • Message archiving, filtering, and analytics

    Let us now go ahead and see how we can integrate CloudTrail with Squadcast to route alerts via an SNS endpoint.

    Setting up CloudTrail-Squadcast Integration

    Using AWS CloudTrail Logs via SNS as an Alert Source

    Step1: From the navigation bar in Squadcast, on the top left corner pick the applicable Team from the Team-picker and select Services. Next, click on Alert Sources for the applicable Service.

    Step2: Search for AWS CloudTrail Logs via SNS from the Alert Source drop-down and copy the Webhook URL, we will be using it in the following steps.

    Please Note: For an Alert Source to turn active (indicated by a green dot - Receiving alerts against the name of the Alert Source in the drop-down), you can either generate a test alert or wait for a real-time alert to be generated by the Alert Source.

    An Alert Source is active if there is a recorded incident via that Alert Source for the Service in the last 30 days.

    Create CloudTrail logs Endpoint in AWS SNS

    Now log in to your AWS account and proceed to SNS.

    Step1: Click on “Create topic”. Fill in the details as per your requirements and then click on “Create topic”.

    Step2: Now inside the topic, click on “Create subscription”. Select the protocol as “HTTPS” and in the endpoint enter the Alert Source Endpoint Webhook URL obtained from the Step 2 of the previous bit. Finally, click on “Create subscription”.

    The “Subscription ID” for the subscription should change to “Confirmed” immediately from “Pending Confirmation”. Click on the refresh button to verify the same.

    Then you can configure your CloudTrail log alerts and assign this topic as the notification option and you are good to go.

    AWS CloudTrail is a highly effective AWS service for cloud logging and auditing. integrating it with Squadcast can help you leverage various incident response and SRE features of Squadcast to keep your systems reliable.

    What you should do now
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Schedule a demo with Squadcast to learn about the platform, answer your questions, and evaluate if Squadcast is the right fit for you.
    • Curious about how Squadcast can assist you in implementing SRE best practices? Discover the platform's capabilities through our Interactive Demo.
    • Enjoyed the article? Explore further insights on the best SRE practices.
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    • Get a walkthrough of our platform through this Interactive Demo and see how it can solve your specific challenges.
    • See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management
    • Share this blog post with someone you think will find it useful. Share it on Facebook, Twitter, LinkedIn or Reddit
    What you should do now?
    Here are 3 ways you can continue your journey to learn more about Unified Incident Management
    Discover the platform's capabilities through our Interactive Demo.
    See how Charter Leveraged Squadcast to Drive Client Success With Robust Incident Management.
    Share the article
    Share this blog post on Facebook, Twitter, Reddit or LinkedIn.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare our plans and find the perfect fit for your business.
    See Redis' Journey to Efficient Incident Management through alert noise reduction With Squadcast.
    Discover the platform's capabilities through our Interactive Demo.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Compare Squadcast & PagerDuty / Opsgenie
    Compare and see if Squadcast is the right fit for your needs.
    Compare our plans and find the perfect fit for your business.
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    Discover the platform's capabilities through our Interactive Demo.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Learn how Scoro created a solid foundation for better on-call practices with Squadcast.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Discover the platform's capabilities through our Interactive Demo.
    Enjoyed the article? Explore further insights on the best SRE practices.
    We’ll show you how Squadcast works and help you figure out if Squadcast is the right fit for you.
    Experience the benefits of Squadcast's Incident Management and On-Call solutions firsthand.
    Enjoyed the article? Explore further insights on the best SRE practices.
    Written By:
    May 31, 2022
    May 31, 2022
    Share this post:
    In this blog:
      Subscribe to our LinkedIn Newsletter to receive more educational content
      Subscribe now

      Subscribe to our latest updates

      Thank you! Your submission has been received!
      Oops! Something went wrong while submitting the form.
      FAQ
      Learn how organizations are using Squadcast
      to maintain and improve upon their Reliability metrics
      Learn how organizations are using Squadcast to maintain and improve upon their Reliability metrics
      mapgears
      "Mapgears simplified their complex On-call Alerting process with Squadcast.
      Squadcast has helped us aggregate alerts coming in from hundreds...
      bibam
      "Bibam found their best PagerDuty alternative in Squadcast.
      By moving to Squadcast from Pagerduty, we have seen a serious reduction in alert fatigue, allowing us to focus...
      tanner
      "Squadcast helped Tanner gain system insights and boost team productivity.
      Squadcast has integrated seamlessly into our DevOps and on-call team's workflows. Thanks to their reliability...
      Alexandre Lessard
      System Analyst
      Martin do Santos
      Platform and Architecture Tech Lead
      Sandro Franchi
      CTO
      Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2022 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Mid-Market Asia Pacific Incident Management on G2 Users love Squadcast on G2
      Squadcast awarded as "Best Software" in the IT Management category by G2 🎉 Read full report here.
      What our
      customers
      have to say
      mapgears
      "Mapgears simplified their complex On-call Alerting process with Squadcast.
      Squadcast has helped us aggregate alerts coming in from hundreds of services into one single platform. We no longer have hundreds of...
      Alexandre Lessard
      System Analyst
      bibam
      "Bibam found their best PagerDuty alternative in Squadcast.
      By moving to Squadcast from Pagerduty, we have seen a serious reduction in alert fatigue, allowing us to focus...
      Martin do Santos
      Platform and Architecture Tech Lead
      tanner
      "Squadcast helped Tanner gain system insights and boost team productivity.
      Squadcast has integrated seamlessly into our DevOps and on-call team's workflows. Thanks to their reliability metrics we have...
      Sandro Franchi
      CTO
      Revamp your Incident Response.
      Peak Reliability
      Easier, Faster, More Automated with SRE.
      Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2 Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2 Users love Squadcast on G2
      Squadcast is a leader in Incident Management on G2 Squadcast is a leader in Mid-Market IT Service Management (ITSM) Tools on G2 Squadcast is a leader in Americas IT Alerting on G2
      Best IT Management Products 2024 Squadcast is a leader in Europe IT Alerting on G2 Squadcast is a leader in Enterprise Incident Management on G2
      Users love Squadcast on G2
      Copyright © Squadcast Inc. 2017-2024