• It is a web service that records API activity in AWS account.
  • It is enabled on AWS account when created.
  • All activity occurring in AWS account, is recorded in a CloudTrail event.
  • With event history view, search and download past 90 days of activity.
  • It logs information on
  • who made a request
    • services used
    • actions performed
    • parameters for actions
    • response elements returned by AWS service.
  • Stores Logs in specific log group.
  • Logs provide specific information on what occurred in AWS account.
  • focuses more on AWS API calls made in AWS account.
  • helps in meeting compliance and regulatory standards.
  • Usually delivers an event within 15 minutes of API call.
  • It helps you enable governance, compliance, and operational and risk auditing.
  • Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.
  • Events include actions taken in AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
  • Trail is a configuration which delivers event details to specified S3 bucket
  • CloudTrail trail is used to archive, analyze, and respond to changes in resources.
  • create a trail with
    • CloudTrail console
    • AWS CLI
    • CloudTrail API
  • Types of trails
    • A trail that applies to all regions – records events in each region. Default with console
    • A trail that applies to one region – records events in that region only. Default option with AWS CLI or CloudTrail API.

Menu