AWS CloudTrail Documentation
- Management events that capture control plane actions on resources, such as creating or deleting Amazon Simple Storage Service (Amazon S3) buckets.
- Data events that capture data plane actions within a resource, such as reading or writing an Amazon S3 object.
- Event history provides a 90-day history of control plane actions at no additional cost. As part of its core audit capabilities, CloudTrail provides customer managed keys for encryption and log file validation, which help enable immutability. You pay only for what you use of the paid features. Some of the following features are provided at no additional charge. No minimum fees or upfront commitments are required.
- CloudTrail Lake is a managed data lake for capturing, storing, accessing, and analyzing user and API activity on AWS for audit and security purposes. You can aggregate, store your activity logs (control plane and data plane) for up to seven years, and query logs for search and analysis. IT auditors can use CloudTrail Lake as a record of all activities to help meet audit requirements. Security administrators can use Lake to help determine whether user activity is in accordance with internal policies, and DevOps engineers can troubleshoot operational issues such as an unresponsive Amazon Elastic Compute Cloud (EC2) instance or a resource being denied access.
- Trails capture a record of AWS account activities, delivering and storing these events in Amazon S3, with optional delivery to Amazon CloudWatch Logs and Amazon EventBridge. These events can be fed into your security monitoring solutions. You can use your own third-party solutions or solutions such as Amazon Athena for searching and analyzing logs captured by CloudTrail. You can create trails for a single AWS account or for multiple AWS accounts by using AWS Organizations. AWS CloudTrail Insights analyzes control plane events for anomalous behavior in API call volumes.
Records Account Activity
Storage and monitoring
Log file integrity and encryption validation
Insights and analytics
Multi-region configuration
You can configure AWS CloudTrail to deliver log files from multiple regions to a single location. This configuration is designed to help you ensure that all settings apply consistently across all existing and newly launched regions. CloudTrail Lake also allows you to capture and store events from multiple Regions.
Multi-account configuration
Additional Information
For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.