What is the purpose of CloudTrail? What does it do?

CloudTrail tracks and records events. Examples of events include someone logging into their account, a service running a job, or API calls. CloudTrail tracks and records requests initiated from SDKs, an AWS service, and user activity (both in command line interface and AWS management console).

What kind of data is recorded?

Based on the data, different information is recorded. Generally, a record in a CloudTrail includes a unique id, timestamp, IP address, and other relevant metadata.

Where is the event data recorded?

CloudTrail records events in log files. New log files are created every five minutes and then stored in your S3 Bucket. The log file data is stored based on the customers preferences for retention.

CloudTrail vs CloudWatch

CloudWatch is used for monitoring and sending alerts based on pre-defined parameters. CloudTrail data can be send to CloudWatch to send alerts. This could be useful for security purposes.

Where is CloudTrail supported?

Support for all regions.

What is the benefit of CloudTrail?

CloudTrail keeps historical record of activity. Some use cases on this data are:

  • Security: Suppose your environment is breached. To investigate what happened, you would need to look at historical record of activity. This is provided by CloudTrail.
  • Maintenance: If something breaks, you would need to know what caused the breakdown. CloudTrail data will tell you what happened leading up to the breakdown. This would help you understand the problem and implement a solution to fix the problem from recurring.
  • Governance Compliance: Many organizations need to comply with governance standards/controls. A common requirement is the ability to track activity. Therefore CloudTrail helps your organization comply with governance controls such as ISO, PCI DSS, FedRamp.

By master