What Is AWS CloudTrail?
AWS CloudTrail is an application program interface (API) call-recording and log-monitoring Web service offered by Amazon Web Services (AWS).
AWS CloudTrail allows AWS customers to record API calls, storing them in Amazon S3 buckets. API activity data included in the service includes the identity of an API caller, the time of the API call, the source of an API caller’s IP address, parameters of the API request and the response.
How CloudTrail works?
Your AWS account is automatically enabled for CloudTrail once it is created. CloudTrail events are created when activities occur in your AWS account. On the CloudTrail console, click on Event history to view events.
In your AWS account, you can view, search, and download the past 90 days of activity. To archive, analyze, and react to changes in AWS resources, you can create a CloudTrail trail. Using an Amazon S3 trail, you can send events to a bucket that you specify.
You can create two types of trails for an AWS account:
· A trail that applies to all regions
The CloudTrail event log files for all regions are delivered to an S3 bucket that you specify, when a trail is created that applies to all regions. If a region is added after you create a trail that applies to all regions, that new region is automatically included in the trail, and events in that region are logged. An all-regions trail is the default option when you create a trail in the CloudTrail console because it is a recommended best practice for capturing activity across all regions in your account. The AWS CLI is the only way to update a single-region trail to log all regions. For more information, see Creating a trail in the console (basic event selectors).
· A trail that applies to one region:
If you create a trail that applies to a specific region, CloudTrail records the events only in that region. It then uploads the CloudTrail event logs to an Amazon S3 bucket that you specify. A single trail can only be created using the AWS CLI. If you create additional trails, the CloudTrail event logs will be delivered to the same Amazon S3 bucket or to separate buckets. Create, update, and manage trails with AWS CLI and CloudTrail API. For more information, see Creating, updating, and managing trails with AWS CLI and CloudTrail API.
Difference between CloudWatch and CloudTrail :
CloudWatch monitors the health and performance of AWS services and resources.
CloudTrail keeps track of all actions that occur within your AWS environment.
AWS CloudWatch :
AWS CloudWatch is a monitoring service for AWS cloud resources and applications. Amazon CloudWatch helps you collect and track metrics, collect and monitor log files, set alarms, and react automatically to changes in your AWS resources.
AWS CloudTrail :
CloudTrail is an AWS service for governance, compliance, operational auditing, and risk auditing. CloudTrail enables you to log, continuously monitor, and retain account activity across your AWS infrastructure. It provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
Security in AWS CloudTrail?
AWS prioritizes cloud security above all else. Customers of AWS benefit from a data center and network architecture that is built to meet the needs of the most security-sensitive organizations.
Security is a shared responsibility between you and AWS. In the shared responsibility model, this is called security of the cloud and security in the cloud:
Cloud security — AWS is responsible for protecting the infrastructure that runs AWS services on the AWS Cloud. You can also use AWS services in a secure manner. The AWS compliance program regularly tests and verifies the effectiveness of our security through third-party auditors. See AWS Services in Scope by Compliance Program for information about compliance programs that apply to AWS CloudTrail.
Security in the cloud — Your responsibility depends on which AWS service you use. The sensitivity of your data, your company’s requirements, and applicable laws and regulations are also factors to consider.