What does this AWS Solutions Implementation do?
Monitoring Amazon Web Services (AWS) account activity can provide valuable insight into who is accessing your resources and how your resources are being used. This insight can help you make better-informed decisions that increase security and efficiency, facilitate compliance auditing, and optimize costs. Many customers choose to build custom account monitoring solutions using AWS services because these services provide an efficient way to handle a large number of activity events in real-time and the flexibility to get specific metrics.
To help you more easily monitor account activity, AWS offers the Real-Time Insights on AWS Account Activity solution, a reference implementation that automatically provisions and configures the services necessary to record and visualize resource access and usage metrics for your AWS account(s) in real-time. This solution is designed to provide a framework for visualizing access and usage metrics, allowing you to focus on adding new metrics rather than underlying infrastructure operations.
AWS Solutions Implementation overview
AWS offers a solution that uses AWS CloudTrail to log account activity, Amazon Kinesis to compute and stream metrics in real-time, and Amazon DynamoDB to durably store the computed data. Metrics are calculated for create, modify, and delete API calls for more than 60 supported AWS services. The solution also features a dashboard that visualizes your account activity in real-time. The diagram below presents the architecture you can deploy in minutes using the solution's implementation guide and accompanying AWS CloudFormation template. The Real-Time Insights on AWS Account Activity solution enables an AWS CloudTrail trail to monitor events that occur in your account in real-time. Some events, however, might take up to 15 minutes to arrive in Amazon Kinesis Data Firehose from CloudTrail.
Real-Time Insights on AWS Account Activity solution architecture
AWS CloudTrail logs actions taken in your AWS account, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
When an action is taken, an Amazon CloudWatch event trigger sends data to a Kinesis Data Firehose delivery stream. The delivery stream archives the events in an Amazon S3 bucket and sends the data to a Kinesis Data Analytics application for processing.
Once the data is processed, it is sent to Kinesis Data Streams. An AWS Lambda function reads data from the stream and sends the data in real-time to an Amazon DynamoDB table to be stored.
The solution also creates an Amazon Cognito user pool, an Amazon S3 bucket, an Amazon CloudFront distribution, and real-time dashboard to securely read and display the account activity stored in the DynamoDB table.
Real-Time Insights on AWS Account Activity
Version 1.1.1
Last updated: 03/2020
Author: AWS
Estimated deployment time: 5 min
Implementation resources
Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using.
Features
Real-Time Insights on AWS Account Activity reference implementation
Real-time dashboard
Browse our library of AWS Solutions Implementations to get answers to common architectural problems.
Find AWS certified consulting and technology partners to help you get started.
Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.