aws-cloudtrail
SKILL.md
AWS CloudTrail
Audit AWS account activity with CloudTrail.
Create Trail
# Create organization trail
aws cloudtrail create-trail \
--name org-audit-trail \
--s3-bucket-name audit-logs-bucket \
--is-organization-trail \
--is-multi-region-trail \
--enable-log-file-validation \
--kms-key-id arn:aws:kms:...
# Start logging
aws cloudtrail start-logging --name org-audit-trail
Event Selectors
# Log all management and data events
aws cloudtrail put-event-selectors \
--trail-name org-audit-trail \
--event-selectors '[{
"ReadWriteType": "All",
"IncludeManagementEvents": true,
"DataResources": [{
"Type": "AWS::S3::Object",
"Values": ["arn:aws:s3:::sensitive-bucket/"]
}]
}]'
CloudTrail Lake
-- Query events
SELECT eventTime, userIdentity.userName, eventName, sourceIPAddress
FROM cloudtrail_logs
WHERE eventTime > '2024-01-01'
AND eventName LIKE '%Delete%'
ORDER BY eventTime DESC
LIMIT 100
Best Practices
- Organization-wide trails
- Enable log file validation
- Encrypt with KMS
- CloudWatch Logs integration
- Event alerting
Weekly Installs
13
Repository
bagelhole/devop…t-skillsGitHub Stars
13
First Seen
Feb 4, 2026
Security Audits
Installed on
codex13
opencode12
github-copilot11
kimi-cli11
gemini-cli11
cursor11