[AWS](EN) AWS CloudTrail log result of api call in network issue such as timeout

Post about CloudTrail log result in network issue


Environment and Prerequisite

  • AWS
  • CloudTrail


Background

  • While debugging a service issue, I discovered there is no log in CloudTrail. So I investigated the reason.


Process

  • Create VPC Endpoint which service is elasticloadbalancing.ap-northeast-2.amazonaws.com and set private_dns_enabled to true.
  • Call ELB related API(in this case the endpoint is elasticloadbalancing.ap-northeast-2.amazonaws.com) from an EC2 instance in a private subnet within a VPC.
  • Because private_dns_enabled is set to true, API(in this case the endpoint is elasticloadbalancing.ap-northeast-2.amazonaws.com) call in private subnet would be forwarded to VPC Endpoint.
  • Due to above created VPC Endpoint Security Group, timeout occurs and found there was no log on CloudTrail.
  • Ask to AWS Support Case.


Conclusion

  • When there is a network issue, such as a timeout while using the AWS API, there will be no logs in CloudTrail.
  • I opened support case on AWS and checked that above fact is right.


Reference

Read More

[Kubernetes] kubectl port-forward 사용 방법과 예제

Published on July 01, 2024

[Kubernetes](EN) kubectl port-forward usage and example

Published on July 01, 2024

[AWS] API 호출에서 Timeout과 같은 네트워크 문제 발생 시 AWS CloudTrail에 대한 기록 여부

Published on June 16, 2024