1. Answers
  2. Visualizing AWS CloudTrail with Grafana

How do I visualize AWS CloudTrail with Grafana?

In this guide, we will set up AWS CloudTrail to log API activity and visualize these logs using Grafana. We will create a CloudTrail, an S3 bucket to store the logs, and a Grafana workspace to visualize the logs.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as grafana from "@lbrlabs/pulumi-grafana";

// Create an S3 bucket to store CloudTrail logs
const trailBucket = new aws.s3.Bucket("trailBucket", {
    acl: "private",
});

// Create a CloudTrail
const trail = new aws.cloudtrail.Trail("cloudTrail", {
    s3BucketName: trailBucket.bucket,
    isMultiRegionTrail: true,
    includeGlobalServiceEvents: true,
    enableLogFileValidation: true,
    eventSelectors: [{
        readWriteType: "All",
        includeManagementEvents: true,
        dataResources: [{
            type: "AWS::S3::Object",
            values: [`arn:aws:s3:::${trailBucket.bucket}/`],
        }],
    }],
});

// Create an IAM role for Grafana
const grafanaRole = new aws.iam.Role("grafanaRole", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "grafana.amazonaws.com" }),
});

// Attach the necessary policies to the IAM role
new aws.iam.RolePolicyAttachment("grafanaRolePolicy", {
    role: grafanaRole,
    policyArn: "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess",
});

// Create a Grafana workspace
const grafanaWorkspace = new aws.grafana.Workspace("grafanaWorkspace", {
    accountAccessType: "CURRENT_ACCOUNT",
    authenticationProviders: ["AWS_SSO"],
    permissionType: "SERVICE_MANAGED",
    roleArn: grafanaRole.arn,
});

// Outputs
export const trailBucketName = trailBucket.bucket;
export const trailName = trail.name;
export const grafanaWorkspaceUrl = grafanaWorkspace.endpoint;

Key Points

  • S3 Bucket: Used to store CloudTrail logs.
  • CloudTrail: Tracks API activity and logs it to the S3 bucket.
  • IAM Role: Allows Grafana to access CloudWatch logs.
  • Grafana Workspace: Visualizes the CloudTrail logs.

Summary

We created an S3 bucket, set up a CloudTrail to log API activity, created an IAM role with the necessary permissions, and set up a Grafana workspace to visualize the logs. This setup helps in monitoring and analyzing AWS account activity using Grafana.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up