Open the AWS Management Console.
Sign in with your AWS account credentials.
In the AWS Management Console, search for CloudTrail in the search bar and select it from the results.
Use Quick Create for a New Trail.
In the CloudTrail dashboard, click on Trails from the left-hand navigation pane.
Click on the Create trail button.
Select Quick create. This option allows you to quickly set up a trail with the recommended settings.
Fill in the required details:
Trail name: Enter a name for your trail.
Storage location: Choose a new S3 bucket or an existing one where the trail logs will be stored.
Log file SSE-KMS encryption (optional): If you want to encrypt your log files, you can select an AWS KMS key.
- In the Event type section, ensure that
Management eventsare checked. This is crucial for monitoring IAM events. - For Read/Write events:
Select All to monitor both read and write events.
Alternatively, choose Read-only or Write-only based on your needs. - Under Advanced settings, make sure to enable
Include AWS API call eventsto ensure IAM actions are logged.
- Review all the configurations you’ve set up.
- Click on the
Create trailbutton.
- Once the trail is created, navigate back to the Trails section to confirm that your new trail is listed and active.
- You can now view the logs in the specified S3 bucket and monitor IAM events.
