What Is Amazon CloudTrail? - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

What Is Amazon CloudTrail?

Amazon CloudTrail is an Amazon service that helps you enable operational and risk auditing, governance, and compliance of your Amazon account. Actions taken by a user, role, or an Amazon service are recorded as events in CloudTrail. Events include actions taken in the Amazon Web Services Management Console, Amazon Command Line Interface, and Amazon SDKs and APIs.

CloudTrail is active in your Amazon Web Services account when you create it and doesn't require any manual setup. When activity occurs in your Amazon Web Services account, that activity is recorded in a CloudTrail event.

CloudTrail provides two ways to record events:

  • Event history – The Event history provides a viewable, searchable, downloadable, and immutable record of the past 90 days of management events in an Amazon Web Services Region. You can search events by filtering on a single attribute. You automatically have access to the Event history when you create your account. For more information, see Working with CloudTrail Event history.

    There are no CloudTrail charges for viewing the Event history.

  • TrailsTrails capture a record of Amazon activities, delivering and storing these events in an Amazon S3 bucket, with optional delivery to Amazon CloudWatch Logs and Amazon EventBridge. You can input these events into your security monitoring solutions. You can also use your own third-party solutions or solutions such as Amazon Athena to search and analyze your CloudTrail logs. You can create trails for a single Amazon Web Services account or for multiple Amazon Web Services accounts by using Amazon Organizations. You can log Insights events to analyze your management events for anomalous behavior in API call volumes and error rates. For more information, see Creating a trail for your Amazon Web Services account.

    You can deliver one copy of your ongoing management events to your Amazon S3 bucket at no charge from CloudTrail by creating a trail, however, there are Amazon S3 storage charges. For more information about CloudTrail pricing, see Amazon CloudTrail Pricing. For information about Amazon S3 pricing, see Amazon S3 Pricing.

Visibility into your Amazon account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your Amazon infrastructure. You can identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your Amazon account.

You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of trails you create, and control how users view CloudTrail events.