Public Repository

Last pushed: 2 years ago
Short Description
AWS CloudTrail Dashboard
Full Description

Details here: https://github.com/AppliedTrust/traildash

Traildash: AWS CloudTrail Dashboard

Traildash is a powerful dashboard for AWS CloudTrail logs, shipped in an easy-to-use docker container.

Configure Traildash with a few environment variables and you're off to the races.

Quickstart

  1. Setup AWS services to support CloudTrail
  2. Fill in the "XXX" blanks and run with docker:
    docker run -i -d -p 7000:7000 \
     -e "AWS_ACCESS_KEY_ID=XXX" \
     -e "AWS_SECRET_ACCESS_KEY=XXX" \
     -e "AWS_SQS_URL=https://XXX" \
     -e "DEBUG=1" \
     -v /home/traildash:/var/lib/elasticsearch/ \
     appliedtrust/traildash
    
  3. Open http://localhost:7000/ in your browser

Required Environment Variables:

AWS_SQS_URL                AWS SQS URL.
AWS_ACCESS_KEY_ID        AWS Key ID.
AWS_SECRET_ACCESS_KEY    AWS Secret Key.

Optional Environment Variables:

AWS_REGION        AWS Region (SQS and S3 regions must match.  default: us-east-1).
ES_URL            ElasticSearch URL (default: http://localhost:9200).
WEB_LISTEN        Listen IP and port for web interface (default: 0.0.0.0:7000).
SQS_PERSIST        Set to prevent deleting of finished SQS messages - for debugging.
DEBUG            Enable debugging output.

Using traildash outside Docker

Download Kibana 3.x and uncompress it to "kibana" in the same directory you run traildash from.

Usage:

traildash
traildash --version

Example Environment Variables

export AWS_ACCESS_KEY_ID=AKIXXX
export AWS_SQS_URL=XXX
export AWS_SECRET_ACCESS_KEY=XXX
export AWS_REGION=us-east-1
export ES_URL=http://localhost:9200
export WEB_LISTEN=localhost:7000
export DEBUG=1
export SQS_PERSIST=1

How it works

  1. AWS CloudTrail creates a new log file, stores it in S3, and notifies an SNS topic.
  2. The SNS topic notifes a dedicated SQS queue about the new log file in S3.
  3. Traildash polls the SQS queue and downloads new log files from S3.
  4. Traildash loads the new log files into a local ElasticSearch instace.
  5. Kibana provides beautiful dashboards to view the logs stored in ElasticSearch.
  6. Traildash protects access to ElasticSearch, ensuring logs are read-only.

Building

make linux
make kibana
make docker
Docker Pull Command
Owner
appliedtrust

Comments (0)