Skip to content

Enable CloudTrail

Valtix Controller can monitor the changes in your AWS cloud environment resources (e.g EC2, ELB or VPC creation) and keeps track of the inventory. CloudTrail is used to get those updates forwarded to the Valtix Controller. If you don't intend to use the Discovery/Inventory features of the Valtix Controller, this setup is not required.

AWS CloudTrail tracks all the state changes and API calls made to the AWS account. CloudTrail is used by the Valtix Controller to discover assets in your cloud account so it can build an inventory of applications, networks, tags etc. The CloudFormation template that was executed in the previous section, adds a CloudWatchEvent rule to listen for changes in EC2 and API Gateways and transfer those events to the Valtix Controller.

For the events to be detectable, create a CloudTrail that writes changes to your S3 bucket. Valtix does not need access to your S3 bucket. When CloudTrail starts writing Events to S3 buckets, it generates a CloudWatchEventRule. (Note: Many Enterprises have an existing setup).

  1. From the AWS Management Console click Services -> Management & Governance -> CloudTrail.
  2. Click Create Trail.
  3. Perform the following:
    • Provide a trail name. For example, my-valtix-inventory-trail.
    • Select Yes next to Apply trail to all regions.
    • Leave all other options as the default selections.
    • In the Storage Panel, select an existing bucket or create a new S3 bucket.
    • Add Tags as per your organization requirements.
    • Click Create.

This trail stores all the events that happen on your AWS account in the S3 bucket that you selected. The ValtixCloudwatchEventRule triggers and transfers the events to the Valtix Controller Account.