Skip to main content

AWS CloudTrail Documentation

AWS CloudTrail Event History

CloudTrail Event history is designed to provide a viewable, searchable, downloadable, and immutable record of management events in an AWS Region. CloudTrail Event history is designed to be enabled on AWS accounts and is designed to record your account activity upon account creation. You can view, search, and download your recent recorded account activity for create, modify, and delete operations of supported services.

AWS CloudTrail Trails

Trails is designed to capture a record of AWS account activities, delivering and storing these events in Amazon S3. These events are designed to be fed into your security monitoring solutions. You can use your own third-party solutions or AWS solutions for searching and analyzing logs captured by CloudTrail. You can create trails for a single AWS account or for multiple AWS accounts by using AWS Organizations.

Storage and monitoring

You can deliver your ongoing management and data events to Amazon S3 and optionally to Amazon CloudWatch Logs by creating trails. This is designed to give you the event details, and you can export and store events.

Logging and encryption

CloudTrail is designed to validate the integrity of log files stored in your Amazon S3 bucket and can help detect whether the log files were unchanged, modified, or deleted since CloudTrail delivered them to your Amazon S3 bucket.

Multi-region

You can configure CloudTrail to capture and store events from multiple AWS Regions in a single location. This configuration can help to apply settings consistently across Regions.

Multi-account

You can configure CloudTrail to capture and store events from multiple AWS accounts in a single location. This configuration can help to apply settings consistently across accounts.

Data events aggregation

CloudTrail data events aggregation is designed to help you monitor voluminous data access patterns. This feature is designed to consolidate data events into summaries, showing trends like access frequency, error rates, and most-used actions.

AWS CloudTrail Lake

CloudTrail Lake is designed to be a managed data lake for capturing, storing, accessing, and analyzing user and API activity on AWS for audit and security purposes. You can aggregate, visualize, query, and immutably store your activity logs from both AWS and non-AWS sources.

Immutable storage

CloudTrail Lake is designed to store your events within the lake. CloudTrail Lake is designed to grant read-only access to prevent changes to log files. Read-only access means that events are immutable.

Querying and analytics

CloudTrail Lake is designed to help you gain insights into your AWS activity logs through a combination of querying and visualization tools. You are enabled to run SQL-based queries on activity logs stored in CloudTrail Lake or on your CloudTrail events

CloudTrail Lake is designed to include AI-powered query result summarization, which helps provide natural language summaries of insights from your query results.

Multi-region configuration

CloudTrail Lake enables you to capture and store events from multiple Regions.

Multi-account configuration

By using CloudTrail Lake, you can capture and store events for accounts across your AWS Organizations.

Enrich your CloudTrail Events

With CloudTrail Lake, you can enrich your management and data events with resource tags and IAM global condition keys. Using CloudTrail Lake queries and dashboards, you are enabled to categorize, search, and analyze CloudTrail logs based on business context.

Expand Event Size

CloudTrail Lake is designed to give you the option to expand the size of your CloudTrail events for visibility into the metadata related to your API action.

AWS CloudTrail Insights

AWS CloudTrail Insights helps users identify and respond to unusual API activity by analyzing CloudTrail management and data events. By establishing a baseline of normal API call volumes and error rates, CloudTrail Insights is designed to generate an insight event when an activity falls outside typical patterns. You can enable CloudTrail Insights in your trails for both management and data events, or in event data stores for management events, to detect anomalous behavior and unusual activity.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.