0

I modified some geolocation DNS records a while back (December) on AWS Route 53. But I'm now seeing some unexpected traffic changes on the service.

The service traffic can be tracked easily with regular EC2 monitoring.

But I can't recall exactly "what day" I made the DNS changes. I'd want to see if the spike in traffic is correlated to the time I made the DNS change.

Is there an audit log of my own host record edits that could show a date/time of when I changed something?

I can't find anything like this off the Route53 console. But maybe I'm not looking in the right place.

Improve this question
1

1 Answer 1

Reset to default
1

As ceejayoz mentioned, cloudtrail is the way to go.

The event name you need for your filter is: ChangeResourceRecordSets

This is (for my region) the corresponding view to search for events: https://eu-central-1.console.aws.amazon.com/cloudtrail/home?region=eu-central-1#/events

Improve this answer
2
  • Thanks. Does that mean I needed to have turned on CloudTrail on first beforehand?
    – selbie
    Feb 9 at 20:32
  • It's been quite a while since I used CloudTrail for the first time, I can't recall it exactly to be honest. I believe the dashboard could work without activating beforehand. But if you can't get to the dashboard just activate it, you can use it 30 days for free. After this period it's still free with these limitations IIRC: Capture up to 5 GB of data, Scan up to 5 GB of data
    – Marc
    Feb 10 at 14:36

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .