AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. To learn more about AWS CloudTrail view the AWS Cloudtrail documentation.
You can review the documentation on creating a Trail via the Console. We will highlight the steps below. By default CloudTrail retains 90 days worth of data, but for compliance, security, retention and analytics reasons it is recommended to create a trail that saves the data to Amazon Simple Storage Service (S3) or Amazon CloudWatch Logs. In this lab we will create a trail and push logs to both places.
Apply the following settings and create the trail:
Lets setup our trail to send logs to CloudWatch so we can search through them a bit easier.
We now have a trail capturing activity in our AWS account. Later on, we will search through our trail after we have generated some activity.