A web service that records AWS API calls for your account and delivers log files to you.
- Log contains: request, response, ipAddress, time of call.
- Uses s3, so you can keep policies to delete old log files.
- Integrates with Splunk, Loggly, AlertLogic.
- Can aggregate log files from multiple aws a/c's.
- Used for security analysis, compliance with regulatory standards, track changes to AWS Resources and trouble shoot operational issues.
- By default, CloudTrail log files are encrypted using S3 Server Side Encryption (SSE) and placed into your S3 bucket. You can control access to log files by applying IAM or S3 bucket policies. You can add an additional layer of security by enabling S3 Multi Factor Authentication (MFA) Delete on your S3 bucket.
- CloudTrail delivers an event within 15 minutes of the API call.
- S3 logging is not handled through cloud trail, you need to enable server access logging as mentioned here.