Home

CloudTrail

CloudTrail is an AWS service that enables governance, compliance, operational auditing, and risk auditing by recording AWS API calls and related events across an AWS account. When enabled, CloudTrail captures information about requests made to AWS services, including the identity of the requester, time of the request, source IP address, and request parameters. Logs are stored in an Amazon S3 bucket you specify and can be encrypted with AWS Key Management Service. CloudTrail also offers optional log file integrity validation to detect tampering.

Trails can be configured to operate across multiple AWS regions and can publish events to CloudWatch Logs

CloudTrail supports centralized auditing for multiple accounts via AWS Organizations, enabling a single trail to aggregate

and
CloudWatch
Events
for
real-time
monitoring
and
alerting.
A
single
trail
can
collect
management
events—such
as
creating,
updating,
or
deleting
resources—and
data
events,
which
include
object-level
operations
on
S3
or
function
invocations
on
Lambda.
Data
events
are
high-volume
and
may
incur
additional
costs.
The
console
provides
a
90-day
event
history
for
management
events,
while
longer-term
analysis
is
performed
by
inspecting
the
S3
logs
or
CloudWatch
data.
logs
from
member
accounts.
It
also
offers
features
such
as
log
file
integrity
validation
and
configurable
delivery
to
multiple
destinations.
Use
cases
include
security
auditing,
compliance
reporting,
forensic
investigations,
troubleshooting,
and
governance.
By
providing
a
durable,
replayable
record
of
API
activity,
CloudTrail
helps
organizations
detect
unusual
activity,
investigate
incidents,
and
demonstrate
policy
adherence.