CloudTrail logging
Explore how AWS CloudTrail captures and logs API calls to monitor activity across your account. Understand the key data stored, how to access logs, and its use in security forensics and debugging IAM access.
We'll cover the following...
CloudTrail is a security service that captures what is happening inside the account and across multiple accounts. It stores data about most calls to the AWS APIs and allows browsing their metadata. It’s primarily a security service, designed to help uncover how a breach happened, but it allows some insight into what is in a call that is made to the APIs.
What does CloudTrail store?
CloudTrail stores logs for 90 days, but it’s a best practice to configure it to send them to an S3 bucket for permanent storage. We can configure a trail to do that. But even without any configuration, we can go to the Console and ...