What Is AWS CloudTrail?
AWS CloudTrail is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
-
Event history – The Event history provides a viewable, searchable, downloadable, and immutable record of the past 90 days of management events in an AWS Region. You can search events by filtering on a single attribute. You automatically have access to the Event history when you create your account. For more information, see Working with CloudTrail event history.
There are no CloudTrail charges for viewing the Event history.
-
Trails – Trails capture a record of AWS activities, delivering and storing these events in an Amazon S3 bucket, with optional delivery to CloudWatch Logs and Amazon EventBridge. You can input these events into your security monitoring solutions. You can also use your own third-party solutions or solutions such as Amazon Athena to search and analyze your CloudTrail logs. You can create trails for a single AWS account or for multiple AWS accounts by using AWS Organizations. You can log Insights events to analyze your management events for anomalous behavior in API call rates and error rates. For more information, see Creating a trail for your AWS account.
You can deliver one copy of your ongoing management events to your S3 bucket at no charge from CloudTrail by creating a trail, however, there are Amazon S3 storage charges. For more information about CloudTrail pricing, see AWS CloudTrail Pricing
. For information about Amazon S3 pricing, see Amazon S3 Pricing .
Visibility into your AWS account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure. You can identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account.
Accessing CloudTrail
You can work with CloudTrail in any of the following ways.
CloudTrail console
Sign in to the AWS Management Console and open the CloudTrail console at
https://eusc-de-east-1.console.amazonaws-eusc.eu/cloudtrail/
The CloudTrail console provides a user interface for performing many CloudTrail tasks such as:
-
Viewing recent events and event history for your AWS account.
-
Downloading a filtered or complete file of the last 90 days of management events from Event history.
-
Creating and editing CloudTrail trails.
-
Configuring CloudTrail trails, including:
-
Selecting an Amazon S3 bucket for trails.
-
Setting a prefix.
-
Configuring delivery to CloudWatch Logs.
-
Using AWS KMS keys for encryption of trail data.
-
Enabling Amazon SNS notifications for log file delivery on trails.
-
Adding and managing tags for your trails.
-
For more information about the AWS Management Console, see AWS Management Console.
AWS CLI
The AWS Command Line Interface is a unified tool that you can use to interact with CloudTrail from the command line. For more information, see the AWS Command Line Interface User Guide. For a complete list of CloudTrail CLI commands, see cloudtrail and cloudtrail-data in the AWS CLI Command Reference.
CloudTrail APIs
In addition to the console and the CLI, you can also use the CloudTrail RESTful APIs to program CloudTrail directly. For more information, see the AWS CloudTrail API Reference and the CloudTrail-Data API Reference.
AWS SDKs
As an alternative to using the CloudTrail API, you can use one of the AWS SDKs. Each
SDK consists of libraries and sample code for various programming languages and
platforms. The SDKs provide a convenient way to create programmatic access to CloudTrail.
For example, you can use the SDKs to sign requests cryptographically, manage errors,
and retry requests automatically. For more information, see the Tools to Build on AWS