Logging and monitoring in AWS CloudShell
Monitoring activity with CloudTrail
AWS CloudShell is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in AWS CloudShell. CloudTrail captures all API calls for AWS CloudShell as events. The calls captured include calls from the AWS CloudShell console and from code calls to the AWS CloudShell APIs.
If you create a trail, you can enable the continuous delivery of CloudTrail events to an Amazon Simple Storage Service (Amazon S3) bucket, including events for AWS CloudShell.
If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history. Using the information collected by CloudTrail, you can determine the request that was made to AWS CloudShell, the IP address from which the request was made, who made the request, when it was made, and additional details.
AWS CloudShell in CloudTrail
AWS CloudShell supports logging the following actions as events in CloudTrail log files:
-
createEnvironment
-
createSession
-
deleteEnvironment
-
getEnvironmentStatus*
-
getFileDownloadUrls*
-
getFileUploadUrls*
-
putCredentials
-
redeemCode
-
sendHeartBeat
-
startEnvironment
-
stopEnvironment
*Non-mutating (read-only) API calls.
Events that include the word "Environment" in their names relate to the lifecycle of the compute environment that hosts the shell experience.
The sendHeartBeat
event occurs to confirm that the session is not inactive. And the putCredentials
event occurs when the credentials the user signed in to console with are forwarded
to AWS CloudShell.
EventBridge rules for AWS CloudShell actions
With EventBridge rules you specify a target action to take when EventBridge receives an event that matches the rule. You can define a rule that specifies a target action to take based on an AWS CloudShell action that's recorded as an event in a CloudTrail log file.
For example, you can create EventBridge rules with
AWS CLI using the put-rule
command. A put-rule
call must
contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are
triggered
when a matching event is observed. The EventPattern for AWS CloudShell events:
{ "source": [ "aws.cloudshell" ], "detail-type": [ "AWS API Call via CloudTrail" ], "detail": { "eventSource": [ "cloudshell.amazonaws.com" ] } }
For more information, see Events and Event Patterns in EventBridge in the Amazon EventBridge User Guide.