What is AWS CloudTrail

As an AWS Cloud Managed Services provider, we are continually expanding our managed services toolbox.

AWS CloudTrail provides a record of all API calls made within an AWS account. It tracks all user activity, resource changes, and events in the AWS Management Console, command-line interface (CLI), and SDKs, and logs them for auditing, compliance, and security analysis purposes.

What are the benefits of using AWS CloudTrail?

Here are some of the main uses of AWS CloudTrail:

1. Security analysis: AWS CloudTrail provides visibility into all user activity, resource changes, and events within an AWS account, making it easier to detect and respond to security threats.
2. Audit and compliance: AWS CloudTrail provides a record of all API calls made within an AWS account, which can be used to demonstrate compliance with regulatory requirements and to support audits.
3. Troubleshooting: AWS CloudTrail can be used to troubleshoot issues by providing a detailed record of all API calls made within an AWS account, including who made the calls and which resources were accessed or modified.
4. Governance and risk management: AWS CloudTrail can be used to monitor and manage risks by providing a record of all API calls made within an AWS account, which can be used to identify high-risk activities and enforce policies.
5. Forensic analysis: AWS CloudTrail can be used for forensic analysis in case of security incidents or compliance violations by providing a complete record of all activity occurring within an AWS account.

How does AWS CloudTrail work?

AWS CloudTrail is accessible from the AWS Console. And when you login to the dashboard, it shows you:

• Query result history
• Cloudtrail Insights (must be enabled)
• Trails
• Event History

Each one of those elements can be explored more fully, with a left-hand nav which includes the features listed above, in addition to CloudTrail Lake. AWS CloudTrail Lake is a managed data lake that stores and analyzes user and API activity across AWS accounts using an optimized ORC format, with support for long-term retention, advanced querying, and cross-account aggregation. Pricing is based on storage and query volume, with options that define retention periods and ingestion costs.

How much does CloudTrail cost?

Free Tier

New CloudTrail Lake users get a 30-day free trial that includes:

• Up to 5 GB of data ingestion
• Up to 5 GB of data scanning
• Free data retention during the trial

CloudTrail Trails

• Management Events: The first copy of management events per region is delivered to Amazon S3 at no additional cost.
• Data Events: Logging data events (such as S3 object-level operations or Lambda function invocations) incurs additional charges.
• CloudTrail Insights: Analyzing management events for unusual activity costs $0.35 per 100,000 events analyzed per insight type.

CloudTrail Lake

CloudTrail Lake is a managed data lake for storing and analyzing CloudTrail events. Pricing includes:

• Data Ingestion:
  • Management, data, and network events: $0.75 per GB (uncompressed).
  • Other sources (e.g., AWS Config, Audit Manager, imported S3 logs): $0.50 per GB.
• Data Retention:
  • One-Year Extendable Retention: First year included, then $0.023 per GB per month (up to 10 years).
  • Seven-Year Retention: Included for the full duration, non-extendable.
• Data Analysis (Queries): $0.005 per GB of data scanned.

Learn more about AWS CloudTrailIf you want even more information on AWS CloudTrail and want to dive into the weeds, you can check out their documentation here:

• User Guide: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
• API Reference: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/Welcome.html

If you'd like help setting up AWS CloudTrail within your AWS environment, as an AWS Cloud Managed Services provider we would be happy to help.