What Is Amazon CloudTrail? - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

What Is Amazon CloudTrail?

Amazon CloudTrail is an Amazon service that helps you enable operational and risk auditing, governance, and compliance of your Amazon account. Actions taken by a user, role, or an Amazon service are recorded as events in CloudTrail. Events include actions taken in the Amazon Web Services Management Console, Amazon Command Line Interface, and Amazon SDKs and APIs.

CloudTrail is enabled on your Amazon account when you create it. When activity occurs in your Amazon account, that activity is recorded in a CloudTrail event. You can easily view recent events in the CloudTrail console by going to Event history. For an ongoing record of activity and events in your Amazon account, create an event data store or create a trail. For more information about CloudTrail pricing, see Amazon CloudTrail Pricing.

Visibility into your Amazon account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your Amazon infrastructure. You can identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your Amazon account. Optionally, you can enable Amazon CloudTrail Insights on a trail to help you identify and respond to unusual activity.

You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of event data stores and trails you create, and control how users view CloudTrail events.