Overview of the AWS CloudTrail Analytics Dashboard
This dashboard and its associated solution provide a mechanism for collecting, analyzing, and displaying AWS account activity in real time. The solution logs events for your AWS account using AWS CloudTrail which include actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. That data is captured and analyzed by Amazon Kinesis to produce important metrics in real time and persist them to DynamoDB. The processed data is visualized using a custom dashboard you see below using a website hosted on Amazon S3. All raw and processed data is archived in Amazon S3.
Many events are processed in real time but some events take up to 15 minutes to arrive from AWS CloudTrail. The dashboard loads new data from DynamoDB into line graphs every 10 seconds and bar charts every 1 minute. The past 15 minutes of data are updated every 1 minute to capture events that arrive late from AWS CloudTrail.
Use of Amazon Cognito
This solution uses Amazon Cognito for authentication. The solution asks for a user name and email address when it is launched. Durning deployoment, an Amazon Cognito User Pool and user are created for you. The user ID and temporary password are emailed to the provided email address. Additional users can be added to the dashboard by using the Amazon Cognito console and adding additional users.