AWS CloudTrail is a service that enables governance, compliance, and operational and risk auditing of your AWS account. It records AWS API calls and user activity, providing detailed event logs for security and troubleshooting.
Key Features of AWS CloudTrail
- Event Logging – Captures API calls made through AWS Management Console, SDKs, CLI, and other AWS services.
- Management & Data Events –
- Management Events – Track account-level changes (e.g., IAM role modifications, security group updates).
- Data Events – Monitor operations on AWS resources (e.g., S3 object access, Lambda executions).
- Event History – View the last 90 days of activity in the AWS console without additional setup.
- CloudTrail Logs to S3 – Automatically store logs in Amazon S3 for long-term retention and analysis.
- CloudTrail Insights – Detects unusual activity, such as spikes in API calls or access patterns.
- Integration with CloudWatch – Send CloudTrail logs to CloudWatch Logs for real-time monitoring.
- Encryption & Security – Logs can be encrypted using AWS KMS and protected with IAM policies.