Skip to main content

AWS CloudTrail

What is it

A service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

What it's for

Record user activity and API usage in your AWS account, providing an event history for security, compliance, and troubleshooting.

Use cases

Security and compliance auditing (who did what, when, and where)
Analysis of user activity and API usage
Operational troubleshooting and error identification
Detection of unauthorized or suspicious activities
Tracking changes to AWS resources

Key points

Event logging: Records API calls and user activity in your AWS account
Trails: Allows creating trails to deliver event logs to an S3 bucket
Integration: Integrates with Amazon CloudWatch Logs for monitoring and alarms
Security: Helps ensure compliance with regulations and security standards
Event history: Maintains a 90-day history of management events for free

Comparison

AWS CloudTrail: Focused on recording API and user activity for auditing, governance, and compliance. Answers the question "who did what?"
Amazon CloudWatch: Focused on monitoring the performance and health of resources and applications, collecting metrics and logs. Answers the question "how is it performing?"

What is it
What it's for
Use cases
Key points
Comparison