AWS CloudTrail

AWS CloudTrail helps us to implement risk auditing, governance, and compliance of our AWS accounts. All actions taken by a user (via console, API, SDK, or CLI) are recorded in CloudTrail as events. Visibility of AWS accounts and actions taken by users is a key aspect of implementing security and operational best practices.

We can use CloudTrail to view, search, download, archive, analyze, and respond to all activity, events, and API calls made within an AWS account.

CloudTrail is enabled by default.
We can enable AWS CloudTrail Insights on a trail to identify and respond to unusual activity in the account.
CloudTrail only stores events for a 90-day period.

Consider a situation where a key EC2 instance was deleted from your AWS account. How can you identify which user or service deleted the instance? The answer is AWS CloudTrail. We can view all terminate-instance API calls made in the past and identify which IAM user or service initiated the API call.

The following code sample shows an event where an IAM user named ...

Introduction

Getting Started with AWS

AWS IAM

AWS EC2

AWS Load Balancers and Auto Scaling Groups

AWS Storage Services

AWS Databases

AWS ElastiCache

AWS Elastic Beanstalk and CloudFront

AWS CloudFormation

AWS Monitoring

AWS VPC

AWS Route 53

AWS Security Services and Encryption

AWS Systems Manager

Important AWS Services

AWS SysOps Administrator Practice Exams

AWS CloudTrail

AWS CloudTrail