CloudTrail

         AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions  and API calls. You can identify which users and accounts called  AWS, the source IP from which the calls were made and the time the calls occurred

·       

·      Provides governance, compliance and audit of your AWS account

·      CloudTrail is enabled by default

·      Get an history of events/API calls made within your AWS account by;

o  Console

o  SDK

o  Cli

o  AWS Services

·      Can put Logs from CloudTrail  into CloudWatch Logs

·      If resource is deleted look in CloudTrail first

 

CloudTrail > By default, event log files are encrypted using Amazon S3 server-side encryption (SSE). You can also choose to encrypt your log files with an AWS Key Management Service (AWS KMS) key.