Real-Time Insights on AWS Account Activity
Real-Time Insights on AWS Account Activity

Architecture Overview

Deploying this solution with the default parameters builds the following environment in the AWS Cloud.


        Real-Time Insights on AWS Account Activity architectural overview

Figure 1: Real-Time Insights on AWS Account Activity architecture

The AWS CloudFormation template deploys an AWS CloudTrail trail, an Amazon CloudWatch event, an Amazon Kinesis Data Firehose delivery stream, Amazon Simple Storage Service (Amazon S3) buckets, a Kinesis data analytics application, a Kinesis data stream, an AWS Lambda function, Amazon DynamoDB tables, an Amazon Cognito user pool, and a real-time dashboard.

The AWS CloudTrail trail logs actions taken in your AWS account, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. When an action is taken, an Amazon CloudWatch event trigger sends data to a Kinesis data delivery stream. The delivery stream archives the events in an Amazon S3 bucket and sends the data to a Kinesis data analytics application for processing. Once the data is processed, it is sent to a Kinesis data stream. A Lambda function (real-time-insights-account-activity-update-ddb) reads data from the stream and sends the data in real-time to a DynamoDB table to be stored.

The solution also creates an Amazon Cognito user pool, an Amazon S3 bucket, and real-time dashboard to securely read and display the account activity stored in the DynamoDB table.