1. AWS CloudTrail captures AWS API calls made by or on behalf of an AWS account and delivers log files to an Amazon S3 bucket that you specify. Using CloudTrail's console in the AWS Management Console, the AWS CLI, or the CloudTrail API, you create a trail, which specifies the bucket for log file delivery and storage. By default, your log files are encrypted using Amazon S3 server-side encryption (SSE).
2. You can identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred. You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of your trails, and control how administrators turn CloudTrail logging on and off.
3. CloudTrail typically delivers log files within 15 minutes of an API call. These log files contain API calls from all of the account's services that support CloudTrail.
4. (Optional) You create an Amazon SNS topic to which you subscribe for notifications that a new log file has arrived in your bucket. Amazon SNS can notify you in multiple ways, including programmatically using Amazon Simple Queue Service
You can aggregate log files from multiple AWS regions and multiple AWS accounts into a single Amazon S3 bucket
Price: There is no additional charge for CloudTrail, but standard rates for Amazon S3 and Amazon SNS apply.
2. You can identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred. You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of your trails, and control how administrators turn CloudTrail logging on and off.
3. CloudTrail typically delivers log files within 15 minutes of an API call. These log files contain API calls from all of the account's services that support CloudTrail.
4. (Optional) You create an Amazon SNS topic to which you subscribe for notifications that a new log file has arrived in your bucket. Amazon SNS can notify you in multiple ways, including programmatically using Amazon Simple Queue Service
You can aggregate log files from multiple AWS regions and multiple AWS accounts into a single Amazon S3 bucket
Price: There is no additional charge for CloudTrail, but standard rates for Amazon S3 and Amazon SNS apply.
Supported Services
Analytics
·
Amazon
Elastic MapReduce
·
Amazon
Kinesis
Application Services
·
Amazon
Simple Workflow Service
Compute and Networking
·
AWS
Direct Connect
·
Amazon
Elastic Compute Cloud (EC2)
·
Elastic
Load Balancing
·
Amazon
Virtual Private Cloud
Database
·
Amazon
Relational Database Service
·
Amazon
Redshift
Deployment and Management
·
AWS
CloudFormation
·
AWS
CloudTrail
·
AWS
Elastic Beanstalk
·
AWS
Identity and Access Management
·
Amazon
CloudWatch
Storage and Content Delivery
·
Amazon
Elastic Block Store
Supported Regions
AWS CloudTrail supports the following endpoints:
Region
|
Endpoint
|
Protocol
|
AWS Account
ID
|
|
US East (Northern Virginia) Region
|
us-east-1
|
cloudtrail.us-east-1.amazonaws.com
|
HTTPS
|
086441151436
|
US West (Northern California) Region
|
us-west-1
|
cloudtrail.us-west-1.amazonaws.com
|
HTTPS
|
388731089494
|
US West (Oregon) Region
|
us-west-2
|
cloudtrail.us-west-2.amazonaws.com
|
HTTPS
|
113285607260
|
EU (Ireland) Region
|
eu-west-1
|
cloudtrail.eu-west-1.amazonaws.com
|
HTTPS
|
859597730677
|
Asia Pacific (Singapore) Region
|
ap-southeast-1
|
cloudtrail.ap-southeast-1.amazonaws.com
|
HTTPS
|
903692715234
|
Asia Pacific (Sydney) Region
|
ap-southeast-2
|
cloudtrail.ap-southeast-2.amazonaws.com
|
HTTPS
|
284668455005
|
Asia Pacific (Tokyo) Region
|
ap-northeast-1
|
cloudtrail.ap-northeast-1.amazonaws.com
|
HTTPS
|
216624486486
|
South America (Sao Paulo) Region
|
sa-east-1
|
cloudtrail.sa-east-1.amazonaws.com
|
HTTPS
|
814480443879
|
