AWSSecurity

CloudTrail

AWS CloudTrail records AWS API calls and account activity for auditing, governance, and security investigations.

What it does

Audit log of AWS API activity.

Use CloudTrail when you need to know who did what in an AWS account and when it happened.

CloudTrail records API activity across AWS services.

It is used for auditing and investigations.

CloudTrail differs from CloudWatch metrics and logs.

It is important for compliance and incident response.

Auditing administrative activity.

Investigating suspicious changes.

Supporting compliance requirements.

What is CloudTrail?

How is CloudTrail different from CloudWatch?

Why is CloudTrail important for security?