Track user activity and API usage
Amazon CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your Amazon Web Services account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your Amazon Web Services infrastructure. CloudTrail provides event history of your Amazon Web Services account activity, including actions taken through the Amazon Management Console, Amazon SDKs, command line tools, and other Amazon Web Services services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
With Amazon CloudTrail, simplify your compliance audits by automatically recording and storing event logs for actions made within your Amazon Web Services account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of-compliance events, accelerate incident investigations, and expedite responses to auditor requests.
Visibility into user and resource activity
Amazon CloudTrail increases visibility into your user and resource activity by recording Amazon Management Console actions and API calls. You can identify which users and accounts called Amazon Web Services, the source IP address from which the calls were made, and when the calls occurred.
Security analysis and troubleshooting
With Amazon CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your Amazon Web Services account within a specified period of time.
Amazon CloudTrail allows you track and automatically respond to account activity threatening the security of your Amazon Web Services resources. With Amazon CloudWatch Events integration, you can define workflows that execute when events that can result in security vulnerabilities are detected. For example, you can create a workflow to add a specific policy to an Amazon S3 bucket when CloudTrail logs and API call that makes that bucket public.
Amazon CloudTrail makes it easier to ensure compliance with internal policies and regulatory standards by providing a history of activity in your Amazon Web Services account. For more information, download the Amazon Web Services compliance whitepaper, “Security at Scale: Logging in Amazon Web Services.”
You can perform security analysis and detect user behavior patterns by ingesting Amazon CloudTrail events into your log management and analytics solutions.
OPERATIONAL ISSUE TROUBLESHOOTING
You can troubleshoot operational issues by leveraging the Amazon API call history produced by Amazon CloudTrail. For example, you can quickly identify the most recent changes made to resources in your environment, including creation, modification, and deletion of Amazon Web Services resources (e.g., Amazon EC2 instances, Amazon VPC security groups, and Amazon EBS volumes).
Amazon CloudWatch Logs Integration
Amazon CloudTrail integration with Amazon CloudWatch Logs enables you to send management and data events recorded by CloudTrail to CloudWatch Logs. CloudWatch Logs allows you to create metric filters to monitor events, search events, and stream events to other Amazon Web Services services, such as Amazon Lambda.
Amazon CloudWatch Events
Amazon CloudTrail integration with Amazon CloudWatch Events enables you to automatically respond to changes to your Amazon Web Services resources. With CloudWatch Events, you are able to define actions to execute when specific events are logged by Amazon CloudTrail. For example, if CloudTrail logs a change to an Amazon EC2 security group, such as adding a new ingress rule, you can create a CloudWatch Events rule that sends this activity to an Amazon Lambda function. Lambda can then execute a workflow to create a ticket in your IT Helpdesk system.