Features of CloudTrail

As with many AWS services, CloudTrail is designed with a range of features to boost security and make the management of your AWS estate easier.

Here are the core features of CloudTrail:

• Log file encryption — CloudTrail offers the option to encrypt logs with your AWS Key Management Service (KMS) key, meaning the sensitive information can only be accessed by intended parties.

• Log file integrity validation — this feature detects modifications or deletions of log files stored in S3 buckets to help improve non-repudiation.

• Insights — this feature alerts users to spikes in traffic (e.g., by the number of API calls) or services hitting rate limits, allowing for corrective actions to be taken to improve resource provisioning.

• Data events and management events — these provide information about actions taken within the API or management console of your AWS platform. This helps with compliance, security monitoring, and troubleshooting. Information includes AWS account, IAM role, IP address, and more.

• Integrations — CloudTrail can be integrated with other AWS services such as Lambda or CloudWatch to automate the processing of logs and responses to alerts of suspicious or unwanted activity, removing the burden from your IT team and speeding up incident response.