Back to Catalog
Security, Identity, & Compliance

AWS CloudTrail

"Track user activity and API usage."

AWS CloudTrail

AWS CloudTrail is a service that enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. It logs every API call made to your AWS account.

Key Features

  • Event History: View the last 90 days of management events for free.
  • Trails: deliver logs to S3 and CloudWatch Logs for long-term retention.
  • Management Events: Operations on control plane (e.g., CreateBucket, RunInstances).
  • Data Events: Operations on data (e.g., S3 object get/put, Lambda function invoke).
  • Insights: Detects unusual activity (anomalies) in your account.

Exam Tips

  • "Who made the API call?": Answer is CloudTrail.
  • "Audit": Answer is CloudTrail.
  • "Compliance": CloudTrail logs are essential for compliance audits.
  • "CloudTrail vs CloudWatch": CloudTrail logs API activity (who did what). CloudWatch logs performance metrics and application logs.

Common Use Cases

  • Security Auditing: Investigating unauthorized access.
  • Compliance: Retaining logs for regulatory requirements (e.g., 7 years).
  • Troubleshooting: Determining who terminated an EC2 instance or changed a security group.
Config
Cognito
SWIPE ZONE
< DRAG ME >