What is AWS CloudTrail?
A service that provides a history of AWS API calls for your account.
enables governance, compliance, operational auditing, and risk auditing of your AWS environment.
What are the three categories of events recorded by CloudTrail?
- Management Events (Control Plane)
- Data Events (Data Plane)
- Insight Events (Automated analysis of other events)
In CloudTrail,
What are Management Events?
API calls related to resource management
Think control plane
Enabled by default.
e.g., RunInstance for EC2, CreateBucket for S3, AttachRolePolicy for IAM).
In CloudTrail
What are Data Events?
Events related to data access/usage on a resource
Think data plane
Disabled by default (must be explicitly enabled).
(e.g., S3 object-level APIs like GetObject, Lambda function execution).
What is the default retention period for CloudTrail event history in the console?
90 days (Management Events only).
Where must you store CloudTrail logs for long-term retention and analysis beyond the default retention period?
An S3 bucket.
How can you ensure the integrity and non-repudiation of CloudTrail logs in S3?
Enable file integrity validation on the trail.
using hashing and digital signatures
How do you get a single, consolidated view of all API activity across all AWS Regions and all accounts in an AWS Organization?
Configure a multi-region trail and enable it for the entire AWS Organization (using Organizations).
Which AWS service is best used to query and analyze CloudTrail logs stored in the S3 bucket?
Amazon Athena (or Amazon QuickSight for visualization).
If you disable CloudTrail, will existing S3 CloudTrail logs be deleted?
No
A developer needs to track the history of configuration changes (e.g., security group modifications) for an EC2 instance for auditing and compliance. Which AWS service should be used?
AWS Config
CloudTrail records API calls (who did what, when) but doesn’t track configuration changes over time
-
IAM 10118
-
S3 10174
-
S3 Object Lock8
-
S3 Performance10
-
S3 Sharing Buckets Across Accounts4
-
S3 Encryption and Versioning16
-
S3 Select and Glacier Select4
-
[Solutions Architect] S3 Storage Gateways14
-
[Solutions Architect] AWS Organizations7
-
CloudFront15
-
DataSync5
-
EC2 10134
-
AMI 10110
-
VPC Security Groups12
-
EBS 10117
-
Types of EBS Volumes18
-
ENI/ENA/EFA22
-
Encrypted Root Device Volumes7
-
Spot Instances and Spot Fleets15
-
EC2 Hibernate10
-
EC2 CloudWatch8
-
EC2 Misc.11
-
EFS11
-
[Solutions Architect] FSx5
-
[Solutions Architect] EC2 Placement Groups16
-
EC2 HPC5
-
AWS WAF6
-
Databases 10138
-
RDS48
-
DynamoDB40
-
Redshift15
-
Aurora17
-
Cacheing and Elasticache15
-
Advanced IAM16
-
DNS / Route 5333
-
Route53 Routing Policies11
-
VPCs48
-
NAT Instances and NAT Gateways16
-
Network ACLs8
-
VPC Flow Logs8
-
Load Balancers / High Availability 10127
-
ASGs4
-
Bastion Host and On-Premises High Availability7
-
SQS24
-
SWF6
-
SNS3
-
Elastic Transcoder2
-
API Gateway6
-
Kinesis 1017
-
Web Identity Federation and Cognito7
-
Event Processing Patterns5
-
Security23
-
Lambda19
-
Miscellaneous12
-
Containers and VMs38
-
[DEVELOPER] Advanced Lambda23
-
[DEVELOPER] Advanced SQS + SNS37
-
[DEVELOPER] Advanced Kinesis38
-
[DEVELOPER] Elasticache and Advanced RDS / Aurora3
-
[Developer] Advanced Database Topics49
-
[Developer] Advanced Analytics Topics18
-
[Developer] Monitoring Services6
-
[DEVELOPER] Advanced Storage Topics10
-
[DEVELOPER] Advanced Networking and Content Delivery26
-
[DEVELOPER] AI and ML20
-
[DEVELOPER] Developer tools14
-
[Developer] Step Functions13
-
[Developer] AWS Amplify11
-
[DEVELOPER] Advanced EC29
-
[DEVELOPER] Developer Security7
-
[DEVELOPER] Advanced API Gateway27
-
[Solutions Architect] Organizational Security15
-
[Solutions Architect] Active Directory22
-
[DEVELOPER] CloudTrail11
-
[Developer] X-Ray13
-
[Developer] SAM11
-
[Developer] Deployment Services40
