AWS CloudTrail for Auditing
Explore AWS CloudTrail to understand how to audit and monitor API activity within your AWS account. Learn about CloudTrail's event types, event history, trails, Lake, and Insights. This lesson helps you gain insights into securing, troubleshooting, and managing your AWS resources effectively.
AWS CloudTrail is a service that records AWS account activity by logging API calls made through the console, SDKs, CLI, or other services. It provides a history of events such as user logins, resource changes, and service access, helping with security auditing, compliance, and troubleshooting.
CloudTrail events
Any activity within our AWS account is recorded as a CloudTrail event. CloudTrail event history is automatically enabled by default when we create an AWS account, so we do not need to perform any steps manually.
CloudTrail events are of the following types:
Management events: Management events represent actions performed on resources within our AWS account. For example, launching an EC2 instance (
RunInstances) is considered a management event.Data events: Data events represent object-level actions performed within specific AWS services, like Amazon S3 or AWS Lambda. For example, uploading an object (
PutObject) or deleting an object (DeleteObject) in an S3 bucket are ...