Correcting AWS Configuration Issues

The AWS command line interface (CLI) can be installed to troubleshoot AWS connection and configuration issues. Information about installation of AWS CLI can be found here.

To correct AWS configuration issues:

  1. The first command will configure the AWS CLI. If it was previously ran the AWS Access Key ID, AWS Secret Access Key, and region name will already be populated. This information is also found in the policy file. An example of the output from this command is shown below.

    C:\>aws configure

    AWSAccess Key ID [****************JSQJ]:

    AWS SecretAccess Key [****************yaGQ]:

    Default region name [us-west-2]:

    Default output format [None]:

  2. The second command will describe trails that are available if the configuration criterion was entered correctly in the previous step. It will also provide the names of the trails that are available to be queried. An example of the output from this command is shown below.

    C:\>aws cloudtrail describe-trails

    {

        "trailList": [

            {

                "IncludeGlobalServiceEvents": true,

                "Name": "test_trail",

                "TrailARN": "arn:aws:cloudtrail:us-west-2:920172477660:trail/test_tr

    ail",

                "LogFileValidationEnabled": false,

                "S3BucketName": "client-api-test-bucket",

                "CloudWatchLogsRoleArn": "arn:aws:iam::920172477660:role/CloudTrail_

    CloudWatchLogs_Role",

                "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-2:920172477660:lo

    g-group:CloudTrail/DefaultLogGroup:*"

            }

        ]

    }

  3. Using the name of the trail you can query the trails status. From the output, you can tell if the trail is logging and the start and stop logging time in Epoch time of the trail. An example of the output from this command is shown below.

    C:\>aws cloudtrail get-trail-status --name test_trail {

        "LatestNotificationAttemptSucceeded": "",

        "LatestDeliveryAttemptTime": "2015-11-02T05:04:50Z",

        "LatestDeliveryTime": 1446440690.306,

        "TimeLoggingStarted": "2015-10-26T21:43:08Z",

        "LatestDeliveryAttemptSucceeded": "2015-11-02T05:04:50Z",

        "IsLogging": true,

        "LatestCloudWatchLogsDeliveryTime": 1446243728.775,

        "StartLoggingTime": 1445895788.299,

        "StopLoggingTime": 1444418827.475,

        "LatestNotificationAttemptTime": "",

        "TimeLoggingStopped": "2015-10-09T19:27:07Z"

    }