CloudTrail and CloudWatch Events Polices and Costs

What are the following CloudTrail and CloudWatch Events polices for and what are the costs associated with them?

AWS > CloudTrail > Turbot S3 Bucket Name Template

AWS > CloudTrail > Turbot Trail

AWS > CloudTrail > Turbot Trail Name Template

 

AWS > CloudWatch Events > Notify Turbot of API Events

AWS > CloudWatch Events > Notify Turbot of Console Events

AWS > CloudWatch Events > Notify Turbot of Events Filters

 

  1. These policies setup real-time events to be published to the turbot master for a new AWS account.
  2. For real-time events to be monitored a single global (or individual regional) CloudTrail must be enabled, but it doesn't have to be created or managed by Turbot, as long as cloud trail is enabled in the account and is logging, then turbot will work.
  3. #2 is important because your first CloudTrail is free. If you add multiple CloudTrails in an account then you will start incurring significant cost for the additional trails. Turbot does not require you to create new or additional trails we will work with any trail that is setup, it does not have to be custom to Turbot. You can also configure Turbot to take over management of your current trail by configuring the CloudTrail > Turbot Trail Name Template and CloudTrail > Turbot S3 Bucket Name Template to match a current CloudTrail, in that way if a user were to stop the trail, turbot would restart it.
  4. CloudWatch Events > Notify Turbot of API Events and CloudWatch Events > Notify Turbot of Console Events create a CloudWatch Event and 2 SNS Topics that grab the CloudTrail event stream and send it to the Turbot master account.
  5. CloudWatch costs are $0.01/1000 requests, for a connected account running in all regions we typically see the cost is < $1.00 per month
  6. SNS is free for the first million requests, and we have not seen this ever exceed the free tier in a connected account.
Was this article helpful?
0 out of 0 found this helpful