Some use cases with AWS CloudTrail include monitoring services running within your AWS environment, ensuring they function as expected. With AWS CloudTrail enabled, you can track who is logging in and out, access logs, and perform accounting and auditing of services and networks to monitor user activity and access to information.
In one specific scenario, we encountered a situation where a terminated employee still had access to our environment without our knowledge. With AWS CloudTrail, we could track and monitor the employees' activities, revealing that they were downloading specific files from our customer's environment. Without it enabled, we wouldn't have been aware of this.
We can use it to trigger Lambda functions for authorization and terminate unauthorized access. Integrating it with Amazon Simple Notification Service also allows us to receive alerts when specific metrics are reached, helping us take prompt action when needed.
For example, if a server exceeds its limit, we get notifications. This helps us act fast, like adding more servers or adjusting resources. Also, if someone unauthorized tries to access it, we get alerts. For example, we know immediately if a terminated employee tries to get in.
Once the organization defines its policies, it must immediately enable AWS CloudTrail and integrate it with auto-remediation procedures using Lambda functions. This ensures that the main administrator can receive information quickly and on time without delay.
I have been working with the product for ten years.
Except AWS is down, and then you have the tool going on. AWS guarantees it. In the past three years, AWS has gone down about twice. So once it goes down, we don't have that service available to monitor any infrastructure in that region.
On a scale of one to ten, I would rate the tool's scalability a ten. Since it is an AWS product, it automatically scales based on the volume of logs flowing into the environment. It operates under a serverless management model on the AWS side
I would rate AWS customer service at around eighty percent. However, this rating varies depending on whether you have the enterprise support package. Without it, you're around fifty percent, but you're at eighty percent with the enterprise support package, which requires an additional cost.
The tool's initial setup is not complex. It depends on the tools you are using. The process is straightforward whether you are using CDK, the portal, or the command-line interface.
I highly recommend enabling CloudTrail because it keeps an eye on your environment when you're not looking. There's no case where I would say customers should not enable it because it's not something that you're paying for upfront. If it does activate, you might have to pay for things like Lambda functions, but it's worth it. This is especially important now with so many potential security risks. AWS locks logs for 90 days, but now you have them available indefinitely. However, keep in mind that storing these logs can incur costs.
I rate the overall product a nine out of ten.