CloudTrail

  • Monitors AWS API calls for auditing purposes
  • Enabled by default, but not stored forever, not all event types are logged, and you have few customization options
  • Multi-region
  • Management, data (high-volume), and insight events (unusual operational activities in accounts, e.g., spikes in resource provisioning, bursts of IAM actions, etc.)
  • Log file validation uses SHA-256 and RSA for integrity checking and digital signing. Use CLI to validate logs.

Stay up to date

Get notified when I publish. Unsubscribe at any time.