Perch Help
menu
close Browse All Contact Us

Integrations

AWS CloudTrail

Overview

Perch integrates with Amazon Web Services CloudTrail to ingest logs for all your Amazon services. You can configure your AWS CloudTrail to provide whichever logs you desire. You will need to create a user for Perch in AWS IAM so that your CloudTrail configuration can be accessed. Once the user is created, simply provide the credentials in your Perch Integration Settings and your logs will be collected automatically.

Getting started

  1. Click here to go to AWS CloudTrail settings in the Perch app
  2. Create an IAM user with read-only access to AWS CloudTrail.
  3. Enter those credentials and enable AWS CloudTrail logging within Perch.

Create an IAM user for Perch

In order for Perch to access your AWS CloudTrail logs, you must explicitly grant permission to a user.

  1. Go to the Users section of AWS IAM.
  2. Click the blue Add user button.
  3. Give the user a name and select Programmatic access.
  4. Click the new Next: Permissions button.
  5. Select Attach existing policies directly and check AWSCloudTrailReadOnlyAccess.
  6. Finish the wizard and save the user’s credentials in a secure place for the next few steps.

creating an IAM user

Configure Perch

  1. Install the AWS CloudTrail integration.
  2. Enter the credentials from AWS.
  3. Click Save and Test.
  4. Toggle Enable AWS CloudTrail event log collection and click Save.

Like all Perch integrations, you can enable or disable AWS CloudTrail log ingestion at any time by toggling the switch from OFF ( gray ) to ON ( purple ), or the other way around.

Configure AWS CloudTrail

Still having trouble? Reach out to one or our specialists at help@perchsecurity.com