This article contains links to all the ways you can connect your new or existing AWS CloudTrail to the Expel Workbench.
Onboarding a new CloudTrail
You can onboard new CloudTrails in 1 of 2 ways:
-
Use our AWS onboarding wizard.
If you want Expel to create new CloudTrails on your behalf, use our AWS Onboarding Wizard in Workbench.
Note
Creating duplicate CloudTrails can result in additional AWS costs. Do not use the wizard if you want to connect an existing CloudTrail.
Our wizard supports creating new CloudTrails using:
-
CloudFormation Templates: You can use AWS CloudFormation templates to perform the necessary configuration for an individual account or organization. If you’re onboarding an AWS organization, it creates a CloudFormation StackSet to configure the permissions on each account within the organization. It can even automatically run on accounts you create in the future under the organization. Don’t worry, we won’t run anything in your AWS account. We instead populate CloudFormation with the right steps; you review it and decide to execute.
-
Terraform: We present an open source, fully transparent Terraform module which creates necessary AWS resources used to securely transfer CloudTrail logs to Workbench. All of the resources that we allocate are listed here: https://registry.terraform.io/modules/expel-io/cloudtrail/aws/latest?tab=resources. By default, all methods of communication between these resources and AWS and Workbench are secured by encryption. All means of data storage (S3) follow AWS best practices—access logging enabled, bucket versioning enabled, zero public access.
|
If you're... |
use this... |
|---|---|
|
using the wizard, setting up new AWS CloudTrails |
|
|
using the wizard, setting up new AWS CloudTrails with Terraform |
Onboarding an existing AWS CloudTrail
To onboard an existing CloudTrail, the instructions vary depending upon your use of AWS Control Tower:
|
If you're... |
use this... |
|---|---|
|
manually setting up new AWS CloudTrails |
|
|
connecting an existing CloudTrail |
|
|
connecting an existing CloudTrail that includes Control Tower |
Our Product team is developing a process for onboarding an existing CloudTrail using the AWS wizard. We will update this article when the procedure is ready.