What is CloudTrail?

CloudTrail is a service provided by AWS which enables users to monitor and log actions that occur within their AWS environment. The service is automatically enabled on your AWS account and records activity within the AWS Management Console, API calls, access via command-line tools, and actions taken on your behalf by other AWS services. These are recorded as events that can be stored and analyzed by other services. Events are what AWS calls log files and the words “event” and "log" will be used interchangeably by this series, as well as external documentation.

The purpose of CloudTrail is to simplify security analysis, enhance troubleshooting, and help businesses to ensure they have sufficient auditing capabilities. The service captures user activity and API usage as CloudTrail events and stores these in the CloudTrail console, a predefined S3 bucket, or CloudWatch Logs. From here, CloudWatch Alarms and Events (which are part of CloudWatch, another AWS service) can be integrated to automatically act upon the detection of important events. Alternatively, you can manually review events in the CloudTrail console and analyze logs using Amazon Athena, or export them to third-party log aggregators.

PreviousCloudTrail NextFeatures of CloudTrail

Last updated 1 year ago