New Relic integrations include an integration for reporting your AWS CloudTrail events to New Relic. This document explains how to activate this integration and describes the data that can be reported.
This integration collects information from AWS CloudTrail, which captures and records AWS account activity, mainly for audit and governance purposes.
New Relic's AWS CloudTrail integration collects events that represent errors and AWS console logins. Errors give you awareness about API calls and services that have failed, and console logins help you monitor console activity and potential intrusion attempts.
Besides these two types of data, New Relic does not collect any other data. This is because other AWS CloudTrail data is already reported by New Relic in the form of inventory change events.
The AWS CloudTrail integration collects data from us-east-1 region only by default. To enable all AWS regions please contact us at support.newrelic.com.
To enable this integration follow standard procedures to Connect AWS services to New Relic.
You can change the polling frequency and filter data using configuration options.
Default polling information for the AWS CloudTrail integration:
- New Relic polling interval: 5 minutes
To find your integration data in Infrastructure, go to one.newrelic.com > Infrastructure > AWS and select one of the AWS CloudTrail integration links.
For general information about how to find and use integration data, see Understand integration data.
Here are attributes that can be reported with CloudTrail events:
The AWS region the request was made of.
Identifies the type of event that generated the event record. This can be the one of the following values:
The AWS service error (if the request returns an error). For a list of the most common errors, see the AWS CloudTrail documentation.
If the request returns an error, the description of the error.
The unique identifier of the event.
The requested action.
The AWS service the request was made of.
The IP address from which the request was made.
The agent through which the request was made, such as the AWS Management Console, an AWS service, the AWS SDKs, or the AWS CLI.
The user name or role name of the requester that called the API in the event returned.
You can use New Relic to run queries of AWS CloudTrail data, and optionally use New Relic alerts to set alerts on that data.