AWS CloudTrail (Auditing & Governance)

Learn how to use CloudTrail for auditing, compliance, governance, and security monitoring.

cloudtrail-config.json

{

"CloudTrail": {

"Logs": "All API calls",

"S3Bucket": "cloudtrail-logs",

"Enabled": true

}

}

cloudtrail-config.json

1 / 16

📋

Tutor:AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It records API calls made on your account and delivers log files to an S3 bucket.

⭐ 0 EXP

CloudTrail Mastery

Unlock nodes by learning new CloudTrail concepts.

Concept 1: CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It records API calls made on your account and delivers log files to an S3 bucket.

System Check

What does CloudTrail log?

Only console actionsAll API calls made in your AWS accountOnly S3 operationsOnly EC2 operations

Community Holo-Net

Share Your Audit Strategies

Implemented CloudTrail for compliance? Share your auditing and governance strategies.

AWS CloudTrail (Auditing & Governance)

Pascual Vila

Cloud Instructor.

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It records API calls made on your account and delivers log files to an S3 bucket.

API Call Logging

CloudTrail logs all API calls made in your AWS account, including calls made through the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services. This provides a complete audit trail of activity.

Event Types

CloudTrail automatically logs management events (create, modify, delete operations) for most AWS services. You can also enable data events for S3 object-level and Lambda function-level operations.

Compliance & Security

CloudTrail is essential for compliance with regulations like HIPAA, PCI-DSS, and SOC. It provides the audit trail needed to demonstrate that your AWS resources are being used in compliance with policies and regulations.

CloudTrail Glossary

CloudTrail: A service that enables governance, compliance, operational auditing, and risk auditing of your AWS account by recording API calls and delivering log files to S3.
Trail: A configuration that enables logging of the events you want. You can have one trail that applies to all regions, or separate trails for specific regions.
Management Events: Operations that create, modify, or delete resources in your AWS account. CloudTrail automatically logs management events for most AWS services.
Data Events: Operations that read or write data resources, such as S3 object-level operations or Lambda function invocations. Data events are optional and can be enabled separately.
CloudTrail Insights: A feature that analyzes normal API activity patterns and generates insights when it detects unusual activity, such as increased error rates or unusual API calls.