Menu
Real-Time Insights on AWS Account Activity
Real-Time Insights on AWS Account Activity

Solution Components

Amazon Kinesis Data Analytics Application

This solution includes an Amazon Kinesis Data Analytics application with SQL statements that compute metrics for the built-in dashboard. The application reads records from the Amazon Kinesis Data Firehose delivery stream, and runs the SQL queries to emit specific AWS CloudTrail metrics, which are stored in Amazon DynamoDB. For more information, see Appendix A.

Amazon DynamoDB

The Real-Time Insights on AWS Account Activity solution creates two Amazon DynamoDB tables: cloudtrail-log-analytics-metrics and cloudtrail-log-ip-metrics.

The cloudtrail-log-analytics-metrics table stores the following information on metrics computed by the Amazon Kinesis Data Analytics application:

  • MetricType: The name of the computed metric

  • EventTime: The time the event was generated

  • ConcurrencyToken: The token used in the event of updates for optimistic locking

  • Data: The metric data, in JSON format

The cloudtrail-log-ip-metrics table stores the IP address and a count of the number of requests from that IP address for a given hour and minute.

Dashboard

The solution features a simple dashboard that loads data from Amazon DynamoDB into line charts every 10 seconds and bar charts every minute. The dashboard leverages Amazon Cognito for user authentication and is powered by web assets hosted in an Amazon Simple Storage Service (Amazon S3) bucket.

The dashboard uses the open-source chart.js JavaScript library to draw charts using HTML5. The dash.html file contains the HTML elements that render the charts in the dashboard. The dash.js file in the js folder contains the JavaScript that populates the dashboard with metrics. The Kinesis data application contains the SQL queries that compute metrics. For more information, see Appendix A.

After you successfully launch the solution, you will receive an email with instructions for logging into the dashboard.

The dashboard can also be customized to include additional metrics. For more information, see Appendix B.