[AWS](EN) AWS CloudTrail log result of api call in network issue such as timeout

Post about CloudTrail log result in network issue


Environment and Prerequisite

  • AWS
  • CloudTrail


Background

  • While debugging a service issue, I discovered there is no log in CloudTrail. So I investigated the reason.


Process

  • Create VPC Endpoint which service is elasticloadbalancing.ap-northeast-2.amazonaws.com and set private_dns_enabled to true.
  • Call ELB related API(in this case the endpoint is elasticloadbalancing.ap-northeast-2.amazonaws.com) from an EC2 instance in a private subnet within a VPC.
  • Because private_dns_enabled is set to true, API(in this case the endpoint is elasticloadbalancing.ap-northeast-2.amazonaws.com) call in private subnet would be forwarded to VPC Endpoint.
  • Due to above created VPC Endpoint Security Group, timeout occurs and found there was no log on CloudTrail.
  • Ask to AWS Support Case.


Conclusion

  • When there is a network issue, such as a timeout while using the AWS API, there will be no logs in CloudTrail.
  • I opened support case on AWS and checked that above fact is right.


Reference

Read More

[Let's Encrypt] 도메인의 인증서가 서브도메인의 인증서로 적용되었던 사례

Published on October 19, 2024

[Let's Encrypt](EN) Case of subdomain's certificate was applied to root domain

Published on October 19, 2024

[CI/CD] workflow_dispatch와 workflow_call을 사용하지 않을 때 기본값 설정하기

Published on September 16, 2024