AWS CloudTrail, as the name suggests, is used for backtracking AWS console activities or finding unauthorized access, deletion, creation, or anything happening in AWS. It is used for historical tracking purposes of AWS console activities. It is very useful when working in a large team where you need visibility into team member activities. When everyone has admin access, there will be numerous creations and deletions of AWS resources. If permissions are attached to a role used by an organization or third-party service such as Jenkins, that role should have all necessary permissions to execute Jenkins jobs daily. AWS CloudTrail can track if any policy is detached or deleted, or if a role is removed from a user group. We can filter activities by date, day, month or year. In my recent company, I was responsible for cleaning up users after they left the company. I accidentally removed a user from user groups which stopped the company's Jenkins deployments. Through AWS CloudTrail, they traced it back to my IAM username. This served as a learning experience and demonstrated a useful case for AWS CloudTrail. We did not utilize AWS CloudTrail's integration with CloudWatch for real-time observability. We used it for backtracking since access was already least privileged for people. With modularized access, individuals take ownership of their actions. We make use of AWS CloudTrail's feature to send log files to an Amazon S3 bucket for long-term storage and analysis. Most organizations perform this activity because CloudWatch is integral to the AWS console where logs are generated. Third-party log generations can also be integrated. For services such as Lambda, CloudWatch integration is essential for troubleshooting errors. CloudWatch logs can be dumped to S3 for review or audit purposes. S3 features Glacier for long-term, cost-effective storage of large amounts of data. For Lambda, we implemented Python code that would invoke AWS CloudTrail upon any AWS console action, feeding logs into CloudWatch and subsequently to services such as S3. We also had the option to receive notifications for selected service creations or destructions via email.
Principal Technical Architect at LTI - Larsen & Toubro Infotech
Real User
Top 20
2025-06-20T03:33:13Z
Jun 20, 2025
I am working on a project where we are using Amazon infrastructure service with Lambda. We are using multiple services on Amazon. I'm working in a company where we are using AWS CloudTrail. We are using Amazon EC2 instances as infrastructure service, and we are using S3 bucket, Lambda function, step function. We have moved to DynamoDB and I'm using DynamoDB and a few databases.
AWS CloudTrail ( /products/aws-cloudtrail-reviews ) records API calls from accounts. It identifies who is doing what within an account, providing details like user start time and IP addresses. This means I can determine who is accessing my account, which services are being used, and which IP addresses are within my environment, thus giving me insight into resource access within the environment.
I use AWS CloudTrail to monitor the API calls to the service and to see who has been connected. Whenever somebody logs in, I utilize CloudTrail to ensure that I receive notifications through SNS for our notification service.
Cloud - Solution Architect at a tech vendor with 1,001-5,000 employees
Real User
Top 5
2024-08-22T17:45:36Z
Aug 22, 2024
Whenever we need to find out who made the API call or who terminated the instance or service. AWS CloudTrail was really helpful for me to figure out who the user is and who has triggered the action or made the API call. It helps find who terminated an instance or service. The tool was very helpful for me. I always check my CloudTrail logs and by username, and I could find a lot of helpful information.
Some use cases with AWS CloudTrail include monitoring services running within your AWS environment, ensuring they function as expected. With AWS CloudTrail enabled, you can track who is logging in and out, access logs, and perform accounting and auditing of services and networks to monitor user activity and access to information.
Principal Solution Architect at StarOne IT Solutions
MSP
Top 5
2024-02-15T08:55:40Z
Feb 15, 2024
We use it for auditing to ensure secure AWS environments. Most of our customers require FSA compliance, which necessitates proper logging and auditing. We've enabled CloudTrail for most services for this reason. AWS CloudTrail helps in accelerating incident investigation and response. It increases it because I pull out the logs to CloudTrail, and from CloudTrail watch, I'll send it to the Security Hub and do a visualization with Prometheus and Grafana. Our software engineer can then visualize and perform a root cause analysis (RCA) of any issues that happen. So, it has accelerated both troubleshooting scenarios and proactive monitoring.
It's like a native feature. It's like a single audit point for everything AWS. Any changes made by users or roles get saved in CloudTrail. It's gotta be enabled; it's the most important security feature on AWS.
Information Security Officer at Habib InsuranceSecurity Officer Habib Insurance
Real User
Top 20
2024-01-12T09:54:00Z
Jan 12, 2024
We use AWS CloudTrail as a complete data centre. It is working on a cloud. We have different operating systems. We have completely deployed in the cloud. There are requirement variations depending on the organisation and their specific needs. There are fundamental concepts related to deployment, AWS, and computing that must be understood. Support is available based on the individual's knowledge of computing and their ability to handle cloud technologies.
Our company uses the solution to monitor cloud services. All cloud activities are stored in the solution. We check the solution's logs and compare them to CloudWatch.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource...
AWS CloudTrail, as the name suggests, is used for backtracking AWS console activities or finding unauthorized access, deletion, creation, or anything happening in AWS. It is used for historical tracking purposes of AWS console activities. It is very useful when working in a large team where you need visibility into team member activities. When everyone has admin access, there will be numerous creations and deletions of AWS resources. If permissions are attached to a role used by an organization or third-party service such as Jenkins, that role should have all necessary permissions to execute Jenkins jobs daily. AWS CloudTrail can track if any policy is detached or deleted, or if a role is removed from a user group. We can filter activities by date, day, month or year. In my recent company, I was responsible for cleaning up users after they left the company. I accidentally removed a user from user groups which stopped the company's Jenkins deployments. Through AWS CloudTrail, they traced it back to my IAM username. This served as a learning experience and demonstrated a useful case for AWS CloudTrail. We did not utilize AWS CloudTrail's integration with CloudWatch for real-time observability. We used it for backtracking since access was already least privileged for people. With modularized access, individuals take ownership of their actions. We make use of AWS CloudTrail's feature to send log files to an Amazon S3 bucket for long-term storage and analysis. Most organizations perform this activity because CloudWatch is integral to the AWS console where logs are generated. Third-party log generations can also be integrated. For services such as Lambda, CloudWatch integration is essential for troubleshooting errors. CloudWatch logs can be dumped to S3 for review or audit purposes. S3 features Glacier for long-term, cost-effective storage of large amounts of data. For Lambda, we implemented Python code that would invoke AWS CloudTrail upon any AWS console action, feeding logs into CloudWatch and subsequently to services such as S3. We also had the option to receive notifications for selected service creations or destructions via email.
I am working on a project where we are using Amazon infrastructure service with Lambda. We are using multiple services on Amazon. I'm working in a company where we are using AWS CloudTrail. We are using Amazon EC2 instances as infrastructure service, and we are using S3 bucket, Lambda function, step function. We have moved to DynamoDB and I'm using DynamoDB and a few databases.
AWS CloudTrail ( /products/aws-cloudtrail-reviews ) records API calls from accounts. It identifies who is doing what within an account, providing details like user start time and IP addresses. This means I can determine who is accessing my account, which services are being used, and which IP addresses are within my environment, thus giving me insight into resource access within the environment.
I use AWS CloudTrail to monitor the API calls to the service and to see who has been connected. Whenever somebody logs in, I utilize CloudTrail to ensure that I receive notifications through SNS for our notification service.
I have worked in different phases and parts. I have been the consumer myself, a service provider, a consultant, and a trainer for CloudTrail.
Whenever we need to find out who made the API call or who terminated the instance or service. AWS CloudTrail was really helpful for me to figure out who the user is and who has triggered the action or made the API call. It helps find who terminated an instance or service. The tool was very helpful for me. I always check my CloudTrail logs and by username, and I could find a lot of helpful information.
Some use cases with AWS CloudTrail include monitoring services running within your AWS environment, ensuring they function as expected. With AWS CloudTrail enabled, you can track who is logging in and out, access logs, and perform accounting and auditing of services and networks to monitor user activity and access to information.
We use it for auditing to ensure secure AWS environments. Most of our customers require FSA compliance, which necessitates proper logging and auditing. We've enabled CloudTrail for most services for this reason. AWS CloudTrail helps in accelerating incident investigation and response. It increases it because I pull out the logs to CloudTrail, and from CloudTrail watch, I'll send it to the Security Hub and do a visualization with Prometheus and Grafana. Our software engineer can then visualize and perform a root cause analysis (RCA) of any issues that happen. So, it has accelerated both troubleshooting scenarios and proactive monitoring.
It's like a native feature. It's like a single audit point for everything AWS. Any changes made by users or roles get saved in CloudTrail. It's gotta be enabled; it's the most important security feature on AWS.
We use AWS CloudTrail as a complete data centre. It is working on a cloud. We have different operating systems. We have completely deployed in the cloud. There are requirement variations depending on the organisation and their specific needs. There are fundamental concepts related to deployment, AWS, and computing that must be understood. Support is available based on the individual's knowledge of computing and their ability to handle cloud technologies.
We use the product for monitoring activities of AWS accounts in terms of operational review, governance, and compliance.
Our company uses the solution to monitor cloud services. All cloud activities are stored in the solution. We check the solution's logs and compare them to CloudWatch.