AWS CloudTrail provides a record of all API calls made within an AWS account. It tracks all user activity, resource changes, and events in the AWS Management Console, command-line interface (CLI), and SDKs, and logs them for auditing, compliance, and security analysis purposes.
What are the benefits of using AWS CloudTrail?
Here are some of the main uses of AWS CloudTrail:
Security analysis: AWS CloudTrail provides visibility into all user activity, resource changes, and events within an AWS account, making it easier to detect and respond to security threats.
Audit and compliance: AWS CloudTrail provides a record of all API calls made within an AWS account, which can be used to demonstrate compliance with regulatory requirements and to support audits.
Troubleshooting: AWS CloudTrail can be used to troubleshoot issues by providing a detailed record of all API calls made within an AWS account, including who made the calls and which resources were accessed or modified.
Governance and risk management: AWS CloudTrail can be used to monitor and manage risks by providing a record of all API calls made within an AWS account, which can be used to identify high-risk activities and enforce policies.
Forensic analysis: AWS CloudTrail can be used for forensic analysis in case of security incidents or compliance violations by providing a complete record of all activity occurring within an AWS account.
How does AWS CloudTrail work?
AWS CloudTrail is accessible from the AWS Console. And when you login to the dashboard, it shows you:
Query result history
Cloudtrail Insights (must be enabled)
Trails
Event History
AWS CloudTrail Dashboard
Each one of those elements can be explored more fully, with a left-hand nav which includes the features listed above, in addition to CloudTrail Lake. AWS CloudTrail Lake is a managed data lake that stores and analyzes user and API activity across AWS accounts using an optimized ORC format, with support for long-term retention, advanced querying, and cross-account aggregation. Pricing is based on storage and query volume, with options that define retention periods and ingestion costs.
AWS CloudTrail Lake Dashboard
How much does CloudTrail cost?
Free Tier
New CloudTrail Lake users get a 30-day free trial that includes:
Up to 5 GB of data ingestion
Up to 5 GB of data scanning
Free data retention during the trial
CloudTrail Trails
Management Events: The first copy of management events per region is delivered to Amazon S3 at no additional cost.
Data Events: Logging data events (such as S3 object-level operations or Lambda function invocations) incurs additional charges.
CloudTrail Insights: Analyzing management events for unusual activity costs $0.35 per 100,000 events analyzed per insight type.
CloudTrail Lake
CloudTrail Lake is a managed data lake for storing and analyzing CloudTrail events. Pricing includes:
Data Ingestion:
Management, data, and network events: $0.75 per GB (uncompressed).
Other sources (e.g., AWS Config, Audit Manager, imported S3 logs): $0.50 per GB.
Data Retention:
One-Year Extendable Retention: First year included, then $0.023 per GB per month (up to 10 years).
Seven-Year Retention: Included for the full duration, non-extendable.
Data Analysis (Queries): $0.005 per GB of data scanned.
Learn more about AWS CloudTrailIf you want even more information on AWS CloudTrail and want to dive into the weeds, you can check out their documentation here:
AWS re:Invent is in full swing and with it come new services that people have been asking for.
Nathan Wilkerson, VP of Engineering
Dec 2, 2022
Get notified on new marketing insights
Be the first to know about new B2B SaaS Marketing insights to build or refine your marketing function with the tools and knowledge of today’s industry.