AWS CloudTrail
- Provides governance, compliance, and audit for AWS account
- Enabled by default
- Get a history of events/API calls made within the AWS account by:
- Console
- SDK
- CLI
- AWS Services
- Can put logs from CloudTrail into CloudWatch Logs or S3
- A trail can be applied to All Regions (default) or a single Region
CloudTrail Events
- Management Events
- Data Events
- CloudTrail Insights Events
CloudTrail Insights
- Enable CloudTrail Insights to detect unusual activity in the account