11th march
EC2
Elastic ip :
While associating the ip it ask for ip address so need to specify the private ip of the instance
ENI :
Has a elastic ip and public and private ip and sg on it
Which is then attached to the instance
Creation of eni :
Ec2 – network interfaces
Create interface with subnet and sg
And after creating and click on the eni and under action and specify the ec2
19th march 2023
( below link is the cmd used in linux to install aws cloud watch in linux )
( the missing date class are in notes )
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
,Vi /etc/awslogs/awslogs.conf
Edit the bottom path with ( /var/log/httpd/access_log ) in first line [] and file and log_group_name
We are creating for 2 logs
, Access log
Error log
Change this
And :wq!
sudo systemctl start awslogsd
sudo chkconfig awslogs on
sudo systemctl enable awslogsd.service
to check the logs in aws :
cloudwatch – logs – logs groups
__ to monitor metric in logs
go to log group – select the log and – go to action – create metric filter
, 25th march :
In Iam under user – go to access advisor
We can what is the permission that a user has and when was it last used
CLOUD TRAIL : its like a security camera
We can know who accessed and what all task a user performed with time stamp
We can filter in lookup attributes
Step : 1
- create trail
- trail name
- select storage (s3)
- if logs has to to be encrypted specify the alias or else disable the log file
sse-kms
step :2
choose the type of events ( management events )
type of activity
create
it will be stored in s3
to stop click on the trail and select stop logging
EC2
Elastic ip :
While associating the ip it ask for ip address so need to specify the private ip of the instance
ENI :
Has a elastic ip and public and private ip and sg on it
Which is then attached to the instance
Creation of eni :
Ec2 – network interfaces
Create interface with subnet and sg
And after creating and click on the eni and under action and specify the ec2
19th march 2023
( below link is the cmd used in linux to install aws cloud watch in linux )
( the missing date class are in notes )
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
,Vi /etc/awslogs/awslogs.conf
Edit the bottom path with ( /var/log/httpd/access_log ) in first line [] and file and log_group_name
We are creating for 2 logs
, Access log
Error log
Change this
And :wq!
sudo systemctl start awslogsd
sudo chkconfig awslogs on
sudo systemctl enable awslogsd.service
to check the logs in aws :
cloudwatch – logs – logs groups
__ to monitor metric in logs
go to log group – select the log and – go to action – create metric filter
, 25th march :
In Iam under user – go to access advisor
We can what is the permission that a user has and when was it last used
CLOUD TRAIL : its like a security camera
We can know who accessed and what all task a user performed with time stamp
We can filter in lookup attributes
Step : 1
- create trail
- trail name
- select storage (s3)
- if logs has to to be encrypted specify the alias or else disable the log file
sse-kms
step :2
choose the type of events ( management events )
type of activity
create
it will be stored in s3
to stop click on the trail and select stop logging
