We are operating a large amount of instances and ELB on AWS. Recently we experienced strange behaviors. We don't know whether our boto scripts are responsible or AWS has malfunction. It might also be a human mistake.
我们在AWS上运行大量实例和ELB。最近我们经历了奇怪的行为我们不知道我们的boto脚本是否负责或AWS是否有故障。这也可能是人为的错误。
We are not able to know who did what on EC2 instances, that's an issue.
我们无法知道谁在EC2实例上做了什么,这是一个问题。
This implies :
这意味着 :
- EC2 instance creation/termination
- EC2 instance start/stop/reboot
- Register/Deregister EC2 instance from ELB
EC2实例创建/终止
从ELB注册/注销EC2实例
Is there a way to start logging EC2 operations in AWS ?
有没有办法在AWS中开始记录EC2操作?
Alternatively, are EC2 events sent on SQS or SNS ? So that we can listen to events rather than reading logs ?
或者,在SQS或SNS上发送EC2事件?这样我们可以听事件而不是阅读日志?
3 个解决方案
#1
The CloudTrail service is the place to start. Here is a link to documentation: Logging Amazon EC2 API Calls Using AWS CloudTrail
CloudTrail服务是您的起点。以下是文档链接:使用AWS CloudTrail记录Amazon EC2 API调用
#2
Yes, As @Thomas said, you can use the cloudTrail to log all the events happening on the AWS account. Basically CloudTrail logs all the AWS API calls in JSON format whether it's your application or user doing it using console. It list the ARN as well so will be able to track who particularly run the command. The logs can be viewed in console or using API as well. For console, AWS has just launched some filters as well. The only thing needs to be done is enable the CloudTrail for the region you want to monitor. Though it's recommended to have the good IAM policies to avoid such disaster.
是的,正如@Thomas所说,您可以使用cloudTrail记录AWS账户上发生的所有事件。基本上,CloudTrail以JSON格式记录所有AWS API调用,无论是您的应用程序还是使用控制台执行此操作的用户。它还列出了ARN,因此能够跟踪特别运行该命令的人员。可以在控制台中查看日志,也可以使用API查看日志。对于控制台,AWS也刚刚推出了一些过滤器。唯一需要做的是为您要监控的区域启用CloudTrail。虽然建议采用良好的IAM策略来避免此类灾难。
Can set up cloudwatch logs on the cloudtrail to take action if particular event happens.
可以在cloudtrail上设置cloudwatch日志,以便在特定事件发生时采取措施。
Below are the links that might help you. http://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_started_top_level.html http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cw_send_ct_events.html
以下是可能对您有所帮助的链接。 http://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_started_top_level.html http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cw_send_ct_events.html
#3
CloudTrail is the ticket, but once you've got millions of events, it's not practical to view results on the CloudTrail UI.
CloudTrail是门票,但是一旦你有数百万个事件,在CloudTrail UI上查看结果是不切实际的。
In that case you can pipe the output to something like Kibana/Logstash, or sync and grep it.
在这种情况下,您可以将输出传递给类似Kibana / Logstash的东西,或同步并grep它。
#1
The CloudTrail service is the place to start. Here is a link to documentation: Logging Amazon EC2 API Calls Using AWS CloudTrail
CloudTrail服务是您的起点。以下是文档链接:使用AWS CloudTrail记录Amazon EC2 API调用
#2
Yes, As @Thomas said, you can use the cloudTrail to log all the events happening on the AWS account. Basically CloudTrail logs all the AWS API calls in JSON format whether it's your application or user doing it using console. It list the ARN as well so will be able to track who particularly run the command. The logs can be viewed in console or using API as well. For console, AWS has just launched some filters as well. The only thing needs to be done is enable the CloudTrail for the region you want to monitor. Though it's recommended to have the good IAM policies to avoid such disaster.
是的,正如@Thomas所说,您可以使用cloudTrail记录AWS账户上发生的所有事件。基本上,CloudTrail以JSON格式记录所有AWS API调用,无论是您的应用程序还是使用控制台执行此操作的用户。它还列出了ARN,因此能够跟踪特别运行该命令的人员。可以在控制台中查看日志,也可以使用API查看日志。对于控制台,AWS也刚刚推出了一些过滤器。唯一需要做的是为您要监控的区域启用CloudTrail。虽然建议采用良好的IAM策略来避免此类灾难。
Can set up cloudwatch logs on the cloudtrail to take action if particular event happens.
可以在cloudtrail上设置cloudwatch日志,以便在特定事件发生时采取措施。
Below are the links that might help you. http://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_started_top_level.html http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cw_send_ct_events.html
以下是可能对您有所帮助的链接。 http://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_started_top_level.html http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cw_send_ct_events.html
#3
CloudTrail is the ticket, but once you've got millions of events, it's not practical to view results on the CloudTrail UI.
CloudTrail是门票,但是一旦你有数百万个事件,在CloudTrail UI上查看结果是不切实际的。
In that case you can pipe the output to something like Kibana/Logstash, or sync and grep it.
在这种情况下,您可以将输出传递给类似Kibana / Logstash的东西,或同步并grep它。