Provides governance, compliance and audit for an AWS account
CloudTrail is enabled by default
CloudTrail provides a history of events/API calls made within an AWS account from:
AWS Console
SDK
CLI
AWS services
Logs from CloudTrail can be put into CloudWatch Logs
If a resource is deleted in AWS, CloudTrail should contain trace of the operation
CloudTrail records account activity and service events from most AWS services and logs the following records:
The identity of the API caller
The time of the API call
The source IP address of the API caller
The request parameters
The response elements returned by the AWS service
-Trails can be configured to log data events and management events:
Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations
Management events: Management events provide insight into management operations that are performed on resources in your AWS account. These are also known as control plane operations. Management events can also include non-API events that occur in the account