Hello Reader,
Continuing from yesterday’s post, it's time for another AWS CloudTrail speed test. Today, we're testing the CreateAccessKey event, which occurs when a new Access Key ID is created for an IAM user.
Second Test: AWS CreateAccessKey Event
When I first ran this test, I wasn’t sure which region the log would appear in. Unlike the console sign-in URL, IAM is a global service. That means there’s no region-specific endpoint that clearly indicates where CloudTrail logs will land for IAM activity.
I had a theory that the event would appear in us-east-1—mainly because it's always listed first in AWS’s list of regions. Just to be sure, I switched between us-east-1 and us-east-2 during testing.
Results
Sure enough, after just 90 seconds, the CreateAccessKey event appeared in us-east-1, confirming my suspicion. Just like with the ConsoleLogin event, the delivery was:
- Faster than the 15-minute SLA
- Quicker than AWS’s target goal of 5 minutes for critical events
Coming Up
In tomorrow’s blog post, I’ll be testing the log delay for changing account permissions. Stay tuned!
Post a Comment