Types Of AWS CloudTrail
1. Event History
Your AWS account has Cloud Trail activated by default, and you have immediate access to the Cloud Trail Event history. A viewable, searchable, printable, and immutable record of the last 90 days’ worth of management events in an AWS Region is available in the Event history. The AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs are all used to perform the activities that these events record. The AWS Region where the event occurred is documented in the Event history. The Event history can be seen for free on Cloud Trail.
2. Cloud Trail Lake
A managed data lake called AWS Cloud Trail Lake is used to record, store, access, and analyze user and API activity on AWS for audit and security reasons. Existing events in row-based json format are converted to Apache ORC format by Cloud Trail Lake. A columnar storage format called ORC is designed for quick data retrieval. Event data stores, which are immutable collections of events based on criteria you choose by using sophisticated event selectors, aggregate events into immutable collections.
The event data can be kept in an event data storage for a maximum of seven years (2557 days). Using AWS Organizations, you may construct an event data store for a single AWS account or for a number of AWS accounts. Any Cloud Trail logs that you currently have can be imported into an existing or new event data store from your S3 buckets. With Lake dashboards, you can also see the top Cloud Trail event trends. See Creating an event data storage and Working with AWS Cloud Trail Lake for further details.
3. Trails
In addition to delivering and storing events in an Amazon S3 bucket, Trails can also deliver events to Amazon Cloud Watch Logs and Amazon Event Bridge. These occurrences can be entered into your security monitoring programs. You may also search and examine your Cloud Trail logs using custom third-party programs or programs like Amazon Athena.
Using AWS Organizations, you can build trails for a single AWS account or for a number of AWS accounts. Your management events can be analyzed for unusual behavior in API call volumes and error rates by logging Insights events. See Creating a trail for your AWS account for further details.
AWS CloudTrail
AWS With the help of the tool called Cloud Trail, offered by Amazon Web Services (AWS), you may keep track of and document activities that take place inside your AWS infrastructure. It gives you a thorough event history of every activity users, services, and resources took while using your AWS account. By recording and archiving event logs, Cloud Trail assists with security, compliance, operational auditing, and troubleshooting.
When you create Cloud Trail, it is already operational in your AWS account and doesn’t need to be manually set up. A Cloud Trail event is created each time something happens in your AWS account.