Make writing a habit together! This is the 15th day of my participation in the “Gold Digging Day New Plan · April More text Challenge”. Click here for more details.
Click back to our previous article on AWS Log Monitoring CloudWatch.
What is a CloudTrail
Key words: event, account, audit log, monitor
AWS CloudTrail is another amazon Web Services (AWS) service that provides auditing, governance, monitoring, compliance and risk monitoring for your AWS account.
Unlike CloudWatch, CloudTrail is an administration and governance tool that lets you observe the entire event history of AWS account-related activities.
CloudTrail is a logging service that logs events or actions generated from any external tool, such as the AWS console, AWS CLI, and SDK. You can also use CloudTrail to easily detect any unusual activity in your account.
What are the benefits?
The event history it records greatly simplifies security analysis, resource change tracking, and troubleshooting.
So how does it work?
AWS CloudTrail logs the activities performed in a given AWS setup and detects any unusual API usage, then it also does L event tracking and activity logging. These generated events are passed to the AWS CloudTrail console, CloudWatch logs, and S3 buckets.
By using CloudWatch events and Alarms, CloudTrail takes the necessary action when it finds any unusual events. Users can view all recent actions and events in the CloudTrail console, and can also download CloudTrail activity records using history.
So what’s the difference between CloudWatch and CloudTrail?
Including but not limited to the following differences.
| Comparative study | CloudWatch | CloudTrail |
|---|---|---|
| Monitor the direction | A monitoring service for AWS resources and applications, reporting application logs, is a near real-time stream of system events that describes changes to your AWS resources | A web service that logs API activity in your AWS account, provides specific information about what is happening in your AWS account, and is a service that focuses more on the AWS API calls that are made in your AWS account |
| Basic operation | Free basic monitoring of your resources, such as EC2 instances, EBS volumes, and RDS DB instances, is provided by default | CloudTrail is also enabled by default when an AWS account is created |
| Ability to | Metrics can be collected and tracked, log files collected and monitored, and alerts set | Information such as who made the request, the service used, the operation performed, the parameters of the operation, and the response elements returned by the AWS service is recorded and stored in the specified location |
| Monitoring frequency | Indicator data is delivered every 5 minutes in basic monitoring and every 1 minute in detailed monitoring. Its logging agent sends log data every five seconds by default | Provide events within 15 minutes of the API call |
AWS Log Monitoring Flow Logs Vs CloudTrail Vs CloudWatch