Logging with CloudTrail
CloudWatch is a metric gatherer and orchestration service. Metrics can be collected by the service components embedded in other services or sent by agents installed inside operating systems that can run anywhere, including your own premises.
However, CloudWatch is unable to track API calls invoked by AWS identities. The service designed to perform this task is AWS CloudTrail, which helps you record actions taken by users, roles, or other AWS services as events in CloudTrail.
These events can be sent as log files to an Amazon S3 bucket for storage and further analysis of who is doing what and when. An extensive record of data related to the API activity is provided, including the following:
- The identity of an API caller
- The time of the API call
- The source IP address of the API caller
- Request parameters
- Response elements returned by the called AWS service
AWS CloudTrail provides capabilities that help you to enable governance...
