AWS CloudTrail is a web service that enables you to monitor, log, and retain events related to your AWS account. This is useful for security and compliance purposes, as well as for debugging, auditing, and other operational purposes. CloudTrail provides event history for your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This history simplifies security analysis, resource change tracking, and troubleshooting.
CloudTrail is easy to set up and use. There is no software to install, and you can begin logging AWS API calls to your account immediately after creating your AWS account. CloudTrail is integrated with AWS CloudTrail provides log file integrity validation with AWS Config. CloudTrail is a regional service, with separate logs maintained for each region.
AWS CloudTrail is a cost-effective way to monitor, log, and retain account activity. The service is free, and you pay only for the resources you use. CloudTrail doesn’t impose any limits on the number of AWS accounts, the size of the log files, or the number of events that you can log.
To learn more about AWS CloudTrail, visit the AWS CloudTrail product page.