AWS CloudTrail Client Package
aws.cloudtrail is a simple client package for the Amazon Web Services (AWS) CloudTrail REST API, which can be used to monitor use of AWS web services API calls by logging API requests in an S3 bucket.
To use the package, you will need an AWS account and enter your credentials into R. Your keypair can be generated on the IAM Management Console under the heading Access Keys. Note that you only have access to your secret key once. After it is generated, you need to save it in a secure location. New keypairs can be generated at any time if yours has been lost, stolen, or forgotten.
By default, all cloudyr packages look for the access key ID and secret access key in environment variables. You can also use this to specify a default region. For example:
Sys.setenv("AWS_ACCESS_KEY_ID" = "mykey",
"AWS_SECRET_ACCESS_KEY" = "mysecretkey",
"AWS_DEFAULT_REGION" = "us-east-1")These can alternatively be set on the command line or via an Renviron.site or .Renviron file (see here for instructions).
Code Examples
A CloudTrail is a log of API calls made to AWS. The service is incredibly easy to use. It simply requires creating a trail that defines where (i.e., in what AWS S3 bucket) the CloudTrail log should be stored.
To use CloudTrail, start by creating an S3 bucket. This can be done using the aws.s3 package:
library("aws.cloudtrail")
library("aws.s3")
putbucket("MyExampleBucket")trail <- create_trail(name = "NewTrail", bucket = "MyExampleBucket")
get_trails() # see trail in list of trailsNote: The s3 bucket should exist (perhaps created using aws.s3) and have write permissions granted to CloudTrail. An example permission document is provided by cloudtrail_s3policy().
Once a trail is created, it can be updated (e.g., to move it to a different bucket, to activate event notifications using SNS, etc.) using update_trail().
# move trail to another bucket
putbucket("MyOtherExampleBucket")
update_trail(name = "NewTrail", bucket = "MyOtherExampleBucket")
# send SNS notifications when log updated
update_trail(name = "NewTrail", sns_topic = "arn:aws:sns:us-east-1:123456789012:My-Topic")
# log global calls (e.g., IAM)
update_trail(name = "NewTrail", global = TRUE)Once created and configured, it is easy to start logging requests using start_logging() and stop logging using stop_logging():
start_logging(trail$Name)
trail_status(trail$Name)$IsLogging # check logging status
stop_logging(trail$Name)If you're done with a trail, you can delete it and it will no longer show up in your trail list:
delete_trail(trail$Name)
get_trails()Installation
This package is not yet on CRAN. To install the latest development version you can install from the cloudyr drat repository:
# latest stable version
install.packages("aws.cloudtrail", repos = c(getOption("repos"), "http://cloudyr.github.io/drat"))Or, to pull a potentially unstable version directly from GitHub:
if(!require("ghit")){
install.packages("ghit")
}
ghit::install_github("cloudyr/aws.cloudtrail")
---
[](https://github.com/cloudyr)
