{"id":640,"date":"2021-11-11T11:24:52","date_gmt":"2021-11-11T11:24:52","guid":{"rendered":"http:\/\/18.141.20.153\/?p=640"},"modified":"2025-08-20T11:16:48","modified_gmt":"2025-08-20T11:16:48","slug":"aws-account-activities-using-aws-cloudtrailpart-1","status":"publish","type":"post","link":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/","title":{"rendered":"How to track AWS account activities using AWS CloudTrail (Part 1)?"},"content":{"rendered":"<span class=\"rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\">8<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<p><img src=\"https:\/\/lh4.googleusercontent.com\/4A32O2g4SAtJCrtEI3Rm6G8d6AyORL0GlSPq9HP5TA9a1qufeyhSILkN-ijLXkw9nbXnoIB49jAGa2s2rgjggmhTXcFfvKYYc29tn2TeVORCZm3FOYIix6geE2inqF8_FR_CRV6S\" style=\"width: 1600px;\"><\/p>\n\n\n\n<p class=\"has-text-align-justify\">Someone logged into your AWS Console and forced the shutdown of an EC2 instance, and you need to discover who did it as it was a critical instance for production, but you have no records. Here AWS CloudTrail comes to your rescue! In your AWS infrastructure, you can use AWS CloudTrail for logging, continuously monitoring, and retaining account activity related to all day-to-day operations.<\/p>\n\n\n\n<p class=\"has-text-align-justify\">In this blog, we will explore AWS CloudTrail&#8217;s benefits, features, use cases, pricing, and customer stories. In <a href=\"https:\/\/www.workfall.com\/learning\/blog\/how-to-track-aws-account-activities-using-aws-cloudtrail\/\">part 2<\/a> of this blog, we demonstrated the full implementation of how to track AWS account activities using AWS CloudTrail with step-by-step instructions.<\/p>\n\n\n\n<p>In this blog, we will cover:<\/p>\n\n\n\n<ul><li>What is AWS CloudTrail?<\/li><li>CloudTrail VS CloudWatch<\/li><li>How does AWS CloudTrail work?<\/li><li>AWS CloudTrail best practices<\/li><li>Use Cases of AWS CloudTrail<\/li><li>Pricing of AWS CloudTrail<\/li><li>Companies using AWS CloudTrail<\/li><li>Conclusion<\/li><\/ul>\n\n\n\n<h2>What is AWS CloudTrail?<\/h2>\n\n\n\n<p class=\"has-text-align-justify\"><a href=\"https:\/\/aws.amazon.com\/cloudtrail\/\">AWS CloudTrail<\/a> is a service that lets you manage the governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can track, monitor, and save account activity linked to actions throughout your AWS infrastructure. All actions taken through the AWS Management Console, <a href=\"https:\/\/www.workfall.com\/learning\/blog\/how-to-fetch-contents-of-json-files-stored-in-amazon-s3-using-express-js-and-aws-sdk\/\">AWS SDKs<\/a>, command-line tools, and other AWS services are recorded by it This event history simplifies security analysis, resource change tracking, and troubleshooting. It can also be used to spot unusual activity in your Amazon Web Services accounts. These features make troubleshooting and operational analysis easier.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/WhK29k5zSDdHrIWjluF-121gwChmM8gWk5_KujLQJzaFVL873MlhsQ2nrWhjA9gOdh8WyOi2CVJ_S8oYCnCRXLLxgC0Q77vah7OR4CaG-dKAYxeH1C0u_tsAyqqCRAoREQaWCAVt\" alt=\"What is AWS CloudTrail?\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">EventBridge consumes S3 events via AWS CloudTrail. You can configure which data events are recorded for one or more <a href=\"https:\/\/www.workfall.com\/learning\/blog\/how-to-easily-replicate-existing-s3-objects-using-s3-batch-replication\/\">S3 buckets<\/a> using a single trail. It&#8217;s advisable to keep CloudTrail log files in a different S3 bucket. After this is set up, EventBridge can receive any event that is registered in the trail.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/tSd5JG797vRAnHvUn4R3alaQniTKaoLmOW6yXJpx6Si4HXv4jekQEpJTiLcXe9FbZlBgSm_-Rq2t9teo7oNPktT2fGzaGki2GCA7uRELYdezpemki9AjrzB1mZshAtLOijVF_JTV\" alt=\"What is AWS CloudTrail?\"\/><\/figure>\n\n\n\n<h2>CloudTrail VS CloudWatch<\/h2>\n\n\n\n<p class=\"has-text-align-justify\">Monitoring, logging, and data collection for analysis are all necessary for a variety of reasons, according to AWS Best Practice. But, because both CloudTrail and <a href=\"https:\/\/www.workfall.com\/learning\/blog\/trigger-lambda-function-using-amazon-cloudwatch-events-and-configure-cloudwatch-alarm-to-get-email-notifications-using-amazon-sns-part-1\/\">CloudWatch<\/a> accomplish this, how are you supposed to tell the difference?<\/p>\n\n\n\n<p>The key difference between AWS CloudTrail and AWS CloudWatch is what we term the &#8220;who&#8221; or &#8220;what&#8221; question:<\/p>\n\n\n\n<ul><li>AWS CloudTrail focuses on &#8220;Who did what on AWS?&#8221; and API calls to the service or resource.<\/li><li>AWS CloudWatch is primarily concerned with &#8220;What&#8217;s going on on AWS?&#8221; and logging all events for a certain service or application.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/PmER1AINOQWixR8VUvGPChTx2feWzJdqGu7496O-24GcVdjAY8i_k_ba90iHMV1tJzQlOXHByPByy5H0F_2r2e9eAnhJZC0EKPFYLwC7jSVEthxBh_xoKqNCe0zPCADDv7kSX8qf\" alt=\"CloudTrail VS CloudWatch\"\/><\/figure>\n\n\n\n<h2><strong>CloudTrail<\/strong><\/h2>\n\n\n\n<p class=\"has-text-align-justify\">By documentation, AWS console actions, and API requests, including who made the call, from which IP address, and when, AWS CloudTrail provides far more visibility into user behavior. It logs high-volume activity events on other AWS services like Lambda, S3, and EC2, and is enabled by default when you create an AWS account.<\/p>\n\n\n\n<p class=\"has-text-align-justify\">CloudTrail focuses on the corresponding API calls for these services, including any creation, change, or deletion of the settings or instances within. Additionally, the logs themselves can be automatically uploaded to an S3 bucket, ensuring that you have access to all data when it&#8217;s time to investigate.<\/p>\n\n\n\n<h2><strong>CloudWatch<\/strong><\/h2>\n\n\n\n<p class=\"has-text-align-justify\">CloudWatch can collect logs from a much wider range of resources, including native logs from AWS services, optionally published logs from over 30 AWS services, and any custom logs from other apps or on-premise resources. It also allows users to dive deeper into the data and extract only the ones that are useful to them. AWS CloudWatch monitors over 70 AWS services and provides a number of built-in metrics to help you understand how well your resources are performing, including latency, errors, and state changes.<\/p>\n\n\n\n<p class=\"has-text-align-justify\">CloudWatch logs, analytics, and alerts function in a clear and straightforward way to assist users in locating, diagnosing, and resolving issues in order to maintain a high-performance cloud environment.<\/p>\n\n\n\n<h2>How does AWS CloudTrail work?<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/-cUuOZoJI6Q7zUub5YU-qSjD6DxHXXcBZCDhEPpHD4xY48aipkp-YR0B_4o2OJ1g_m0vWHIJyvwErbn4Wh6KPHxCrjGylfPciAGqjuYS-Kvx9DmZOPd8Qj_00YrsYkUK8H9yu-4w\" alt=\"How does AWS CloudTrail work?\"\/><\/figure>\n\n\n\n<h3>Features<\/h3>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Insights:<\/strong> Unusual activity in your AWS accounts, such as resource provisioning spikes, bursts of AWS Identity and Access Management (IAM) actions, or gaps in periodic maintenance work, should be investigated. CloudTrail Insights events can be enabled for your entire AWS organization or for specific AWS accounts in your CloudTrail trails.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Management events:<\/strong> Management events give information about the management (\u201ccontrol plane\u201d) operations carried out on your AWS account&#8217;s resources. Administrative operations such as the creation, deletion, and change of Amazon EC2 instances, for example, can be logged. You can retrieve information on the AWS account, IAM user role, and IP address of the user who initiated the action, as well as the timing of the action and which resources were impacted, for each occurrence.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Data events:<\/strong> You can record object-level API activity and receive specific information such as who made the request, where and when the request was made, and other details by activating data event recording in CloudTrail. The resource operations (data plane actions) conducted on or inside the resource are recorded in data events. Data events are frequently high-volume operations. Amazon S3 object-level APIs, AWS Lambda function Invoke APIs, and Amazon DynamoDB item-level APIs are all included in CloudTrail data event recording.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Logfile encryption:<\/strong> By default, AWS CloudTrail uses Amazon S3 server-side encryption to encrypt all log files delivered to your designated Amazon S3 bucket (SSE). Optionally, encrypt your CloudTrail log files with your AWS Key Management Service (AWS KMS) key to add an extra layer of security.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/Bpu26V49EjPvbIbw-Phhzgk5D8D9SGgerJthFjQjRD6KK1uYlBnzPtj0i7OdDzqfRx8Fag49FRpLmE8hCQyFc-kP1RmkIPyceRcVVxgmd37x-DyIg3QASqwo9WkQ9jvCla-uycVC\" alt=\"Features of AWS CloudTrail\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Logfile integrity validation: <\/strong>You may check the integrity of AWS CloudTrail log files in your Amazon S3 bucket to see if they&#8217;ve changed, been edited, or been deleted since they were delivered to your Amazon S3 bucket by CloudTrail<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Multi-region configuration: <\/strong>For a single account, you may enable AWS CloudTrail to distribute log files from several regions to a single Amazon S3 bucket. All settings are applied consistently across all existing and newly launched regions using a configuration that applies to all regions.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Event history: <\/strong>Your recent AWS account activity can be searched for and downloaded. This gives you visibility on changes in your AWS account resources, allowing you to improve your security processes and resolve operational issues more quickly.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Always on: <\/strong>AWS CloudTrail is activated by default on all AWS accounts and captures all account activity. Without having to manually set up CloudTrail, you may browse and download the last 90 days of your account activity for creating, editing, and deleting activities of supported services.<\/p>\n\n\n\n<h3>Benefits<\/h3>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Security automation: <\/strong>AWS CloudTrail allows you to monitor account behavior that may jeopardize the security of your AWS resources and respond immediately. You can design workflows that run when events that could lead to security vulnerabilities are recognized using the Amazon CloudWatch Events integration. For example, when CloudTrail logs an API request that makes an Amazon S3 bucket public, you may design a workflow to apply a certain policy to that bucket.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Visibility into user and resource activity: <\/strong>By capturing AWS Management Console activities and API requests, AWS CloudTrail gives you more visibility into your user and resource usage. You can see which users and accounts phoned AWS, as well as the source IP address from which the calls were made and when they were made.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/Lnsw4CDOM3hWRD3bCdasqnro77ehklMn-g6_m5ptn0bmOAfFth9tRJjtfZFtz0ZXheefJcZN-MHgEkZzh4Y8N41os81TjWte51exdvv6tasD-9ehIsHExNN5wQxob9evZVrVoxET\" alt=\"Benefits of AWS CloudTrail\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Security analysis and troubleshooting: <\/strong>By capturing a detailed history of changes that occurred in your AWS account during a specific period of time, you may uncover and troubleshoot security and operational concerns with AWS CloudTrail.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Simplified Compliance:<\/strong> Simplify your compliance audits with AWS CloudTrail, which automatically records and stores event logs for actions performed in your AWS account. Integration with Amazon CloudWatch Logs makes it easy to look through log data, spot out-of-compliance occurrences, speed up incident investigations, and respond quickly to auditor demands.<\/p>\n\n\n\n<h2>AWS CloudTrail best practices<\/h2>\n\n\n\n<p class=\"has-text-align-justify\">AWS CloudTrail gives you a history of AWS calls for your account, including API calls made through the AWS Management Console, AWS SDKs, and command-line tools. As a result, you can identify:<\/p>\n\n\n\n<ul><li>Which users and accounts used AWS APIs to access CloudTrail-compatible services.<\/li><li>The source IP address the calls were made from.<\/li><li>When the calls occurred.<\/li><\/ul>\n\n\n\n<h2>Use Cases of AWS CloudTrail<\/h2>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Unusual activity detection:<\/strong> By enabling CloudTrail Insights, you may notice odd behavior in your AWS accounts. You can, for example, swiftly detect and respond to operational concerns such as erroneous resource provisioning spikes or services exceeding rate limitations.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Data exfiltration:<\/strong> Data exfiltration can be detected by collecting activity data on S3 objects via CloudTrail object-level API events. After the activity data has been collected, you can utilize other AWS services to trigger reaction procedures, such as Amazon CloudWatch Events and AWS Lambda.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/Xf5r93I_9911AZpvuaDtX_Qptqm3F9rTVf1MPOcdOIGbKni4sgXXDsuiuyaaSGeqA3tQKw6akRwdxNzWre-oYcl7XxGASgnBOFB_ICF0qvGIyNXhF01E-EyxEfq8JQ_fR0_KD6pw\" alt=\"Use Cases of AWS CloudTrail\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Operational issue troubleshooting:<\/strong> You can use the AWS API call history created by AWS CloudTrail to diagnose operational issues. You may, for example, easily detect the most recent changes made to resources in your environment, such as AWS resource creation, update, and deletion (e.g., Amazon EC2 instances, Amazon VPC security groups, and Amazon EBS volumes).<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Security analysis: <\/strong>By importing AWS CloudTrail events into your log management and analytics systems, you can do security analysis and uncover user behavior patterns.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Compliance aid: <\/strong>By providing a history of activities in your AWS account, AWS CloudTrail makes it easier to confirm compliance with internal policies and regulatory standards.<\/p>\n\n\n\n<h2>Pricing of AWS CloudTrail<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/ar-iHuY_JVd-2aeeWr1bx6Xy-g4AEEXviLzlsV5ywzK6UQEpTt6Vc3IZIlqCJHnFQFe8vTHO5ZZWEUF60j5tLo0Qz7oXSTB3lP9otK0AXjJYH1r4TZJqDXsSvvfsK6tJWvQ1zkto\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">By tracking your AWS account activities, AWS CloudTrail allows auditing, security monitoring, and operational monitoring. CloudTrail keeps track of two sorts of events: management events, which record control plane actions like establishing or deleting Amazon S3 buckets, and data events, which record high-volume data plane activity like reading or writing an Amazon S3 object.<\/p>\n\n\n\n<h2>Companies using AWS CloudTrail<\/h2>\n\n\n\n<p><strong>Datadog<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-justify\">Datadog is a hybrid cloud application monitoring solution that helps enterprises improve agility, efficiency, and end-to-end visibility across the application and the organization. These capabilities are available through a SaaS-based data analytics platform that helps DevOps and other teams to speed go-to-market operations, assure application uptime, and finish digital transformation initiatives successfully.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/6zgp7q_dp-Cb-QPKea3QqR16qRGjG2K87SORBuDjxOcC_uT9KesLvCX9NApIN7RpQ11G9Pv7xhxj5JzU2GbZLlfrKOGIQvOkWig9EXXGmVzZSIJDdEksjhJjo1f8cc8coyM1jDLe\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>Cloudnexa<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-justify\">Cloudnexa is an Amazon Web Services Premier Consulting Partner and Authorized Reseller. We use the cloud to help clients reach their infrastructure and business goals. Our vNOC Cloud Management Platform, which is designed to give clients the automated capabilities they need to manage cloud services on AWS, is a critical component of that success. CloudNexa interacts with AWS CloudTrail to give clients the tools they need to troubleshoot and audit their IT systems.<\/p>\n\n\n\n<h2>Conclusion<\/h2>\n\n\n\n<p class=\"has-text-align-justify\">In this blog, we have discussed AWS CloudTrail and its benefits, features, use cases, pricing, customers, and how it works. Throughout your whole AWS infrastructure, you can utilize AWS CloudTrail to log, continuously monitor, and retain account activity related to operations. We will demonstrate the full implementation of how to track AWS account activities using AWS CloudTrail with step-by-step instructions in our upcoming blog. Stay tuned to keep getting all updates about our upcoming new blogs on AWS and relevant technologies.<\/p>\n\n\n\n<p>Meanwhile \u2026<\/p>\n\n\n\n<p><strong>Keep Exploring -&gt; Keep Learning -&gt; Keep Mastering<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-justify\">This blog is part of our effort towards building a knowledgeable and kick-ass tech community. At <a href=\"https:\/\/www.workfall.com\/\">Workfall<\/a>, we strive to provide the best tech and pay opportunities to AWS-certified talents. If you\u2019re looking to work with global clients, build kick-ass products while making big bucks doing so, give it a shot at<a href=\"https:\/\/www.workfall.com\/partner\/\"> workfall.com\/partner<\/a> today.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\">8<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span> Someone logged into your AWS Console and forced the shutdown of an EC2 instance, and you need to discover who did it as it was a critical instance for production, but you have no records. Here AWS CloudTrail comes to your rescue! In your AWS infrastructure, you can use AWS CloudTrail for logging, continuously monitoring, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1670,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":""},"categories":[2],"tags":[3,4,219,20,18,6],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to track AWS account activities using AWS CloudTrail (Part 1)? - The Workfall Blog<\/title>\n<meta name=\"description\" content=\"You can use AWS CloudTrail for logging, continuously monitoring, and retaining account activity related to all day-to-day operations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to track AWS account activities using AWS CloudTrail (Part 1)? - The Workfall Blog\" \/>\n<meta property=\"og:description\" content=\"You can use AWS CloudTrail for logging, continuously monitoring, and retaining account activity related to all day-to-day operations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/\" \/>\n<meta property=\"og:site_name\" content=\"The Workfall Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/workfall\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-11T11:24:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-20T11:16:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ec2-18-141-20-153.ap-southeast-1.compute.amazonaws.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@workfall\" \/>\n<meta name=\"twitter:site\" content=\"@workfall\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Workfall\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#organization\",\"name\":\"Workfall - Hire #Kickass Coders On Demand\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/\",\"sameAs\":[\"https:\/\/www.instagram.com\/workfall\/\",\"https:\/\/www.linkedin.com\/company\/workfall\/\",\"https:\/\/facebook.com\/workfall\",\"https:\/\/twitter.com\/workfall\"],\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i1.wp.com\/18.141.20.153\/learning\/blog\/wp-content\/uploads\/2021\/10\/cropped-WF_logo.png?fit=400%2C400\",\"contentUrl\":\"https:\/\/i1.wp.com\/18.141.20.153\/learning\/blog\/wp-content\/uploads\/2021\/10\/cropped-WF_logo.png?fit=400%2C400\",\"width\":400,\"height\":400,\"caption\":\"Workfall - Hire #Kickass Coders On Demand\"},\"image\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#website\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/\",\"name\":\"The Workfall Blog\",\"description\":\"#Tech #Remote #Jobs\",\"publisher\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/learning.workfall.com\/learning\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#primaryimage\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png\",\"contentUrl\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png\",\"width\":1200,\"height\":628},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#webpage\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/\",\"name\":\"How to track AWS account activities using AWS CloudTrail (Part 1)? - The Workfall Blog\",\"isPartOf\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#primaryimage\"},\"datePublished\":\"2021-11-11T11:24:52+00:00\",\"dateModified\":\"2025-08-20T11:16:48+00:00\",\"description\":\"You can use AWS CloudTrail for logging, continuously monitoring, and retaining account activity related to all day-to-day operations.\",\"breadcrumb\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/learning.workfall.com\/learning\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to track AWS account activities using AWS CloudTrail (Part 1)?\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#webpage\"},\"author\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/cab8236044692bc5b27606b13167794a\"},\"headline\":\"How to track AWS account activities using AWS CloudTrail (Part 1)?\",\"datePublished\":\"2021-11-11T11:24:52+00:00\",\"dateModified\":\"2025-08-20T11:16:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#webpage\"},\"wordCount\":1826,\"publisher\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png\",\"keywords\":[\"AWS\",\"Cloud\",\"cloudadministration\",\"logging\",\"monitoring\",\"workfall\"],\"articleSection\":[\"AWS Cloud Computing\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/cab8236044692bc5b27606b13167794a\",\"name\":\"Workfall\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2023\/09\/avatar_user_1_1693914404-96x96.png\",\"contentUrl\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2023\/09\/avatar_user_1_1693914404-96x96.png\",\"caption\":\"Workfall\"},\"sameAs\":[\"https:\/\/www.workfall.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to track AWS account activities using AWS CloudTrail (Part 1)? - The Workfall Blog","description":"You can use AWS CloudTrail for logging, continuously monitoring, and retaining account activity related to all day-to-day operations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/","og_locale":"en_US","og_type":"article","og_title":"How to track AWS account activities using AWS CloudTrail (Part 1)? - The Workfall Blog","og_description":"You can use AWS CloudTrail for logging, continuously monitoring, and retaining account activity related to all day-to-day operations.","og_url":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/","og_site_name":"The Workfall Blog","article_publisher":"https:\/\/facebook.com\/workfall","article_published_time":"2021-11-11T11:24:52+00:00","article_modified_time":"2025-08-20T11:16:48+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/ec2-18-141-20-153.ap-southeast-1.compute.amazonaws.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@workfall","twitter_site":"@workfall","twitter_misc":{"Written by":"Workfall","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#organization","name":"Workfall - Hire #Kickass Coders On Demand","url":"https:\/\/learning.workfall.com\/learning\/blog\/","sameAs":["https:\/\/www.instagram.com\/workfall\/","https:\/\/www.linkedin.com\/company\/workfall\/","https:\/\/facebook.com\/workfall","https:\/\/twitter.com\/workfall"],"logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i1.wp.com\/18.141.20.153\/learning\/blog\/wp-content\/uploads\/2021\/10\/cropped-WF_logo.png?fit=400%2C400","contentUrl":"https:\/\/i1.wp.com\/18.141.20.153\/learning\/blog\/wp-content\/uploads\/2021\/10\/cropped-WF_logo.png?fit=400%2C400","width":400,"height":400,"caption":"Workfall - Hire #Kickass Coders On Demand"},"image":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/logo\/image\/"}},{"@type":"WebSite","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#website","url":"https:\/\/learning.workfall.com\/learning\/blog\/","name":"The Workfall Blog","description":"#Tech #Remote #Jobs","publisher":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/learning.workfall.com\/learning\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#primaryimage","url":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png","contentUrl":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png","width":1200,"height":628},{"@type":"WebPage","@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#webpage","url":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/","name":"How to track AWS account activities using AWS CloudTrail (Part 1)? - The Workfall Blog","isPartOf":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#primaryimage"},"datePublished":"2021-11-11T11:24:52+00:00","dateModified":"2025-08-20T11:16:48+00:00","description":"You can use AWS CloudTrail for logging, continuously monitoring, and retaining account activity related to all day-to-day operations.","breadcrumb":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/learning.workfall.com\/learning\/blog\/"},{"@type":"ListItem","position":2,"name":"How to track AWS account activities using AWS CloudTrail (Part 1)?"}]},{"@type":"Article","@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#article","isPartOf":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#webpage"},"author":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/cab8236044692bc5b27606b13167794a"},"headline":"How to track AWS account activities using AWS CloudTrail (Part 1)?","datePublished":"2021-11-11T11:24:52+00:00","dateModified":"2025-08-20T11:16:48+00:00","mainEntityOfPage":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#webpage"},"wordCount":1826,"publisher":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#organization"},"image":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/aws-account-activities-using-aws-cloudtrailpart-1\/#primaryimage"},"thumbnailUrl":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png","keywords":["AWS","Cloud","cloudadministration","logging","monitoring","workfall"],"articleSection":["AWS Cloud Computing"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/cab8236044692bc5b27606b13167794a","name":"Workfall","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/image\/","url":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2023\/09\/avatar_user_1_1693914404-96x96.png","contentUrl":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2023\/09\/avatar_user_1_1693914404-96x96.png","caption":"Workfall"},"sameAs":["https:\/\/www.workfall.com"]}]}},"jetpack_featured_media_url":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Cover-Images_Part2-1.png","jetpack-related-posts":[{"id":37,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-track-aws-account-activities-using-aws-cloudtrail\/","url_meta":{"origin":640,"position":0},"title":"How to track AWS account activities using AWS CloudTrail?","date":"October 24, 2021","format":false,"excerpt":"There are chances where the employees\/users either intentionally or unintentionally make changes or delete the AWS resources. These scenarios cannot be traced or brought to our notice unless we have a proper monitoring and alerting mechanism to take action immediately to avoid any business interruptions. Proactive monitoring is one of\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"Track AWS account activities using AWS CloudTrail","src":"https:\/\/i0.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/10\/35.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":236,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-build-a-serverless-event-driven-workflow-with-aws-glue-and-amazon-eventbridge\/","url_meta":{"origin":640,"position":1},"title":"How to build a serverless event-driven workflow with AWS Glue and Amazon EventBridge?","date":"October 28, 2021","format":false,"excerpt":"AWS Glue is basically a data processing pipeline that is composed of a crawler, jobs, and triggers. This workflow converts uploaded data files into Apache Parquet format. In this blog, we will see how we can make use of the AWS Glue event-driven workflows to demonstrate the execution of the\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"Build a Serverless Workflow with AWS Glue and Amazon EventBridge","src":"https:\/\/i2.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/10\/Serverless-EventDriven-Workflow-1200-x-628-px.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":675,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-set-up-a-continuous-deployment-pipeline-to-deploy-versions-of-an-application-on-aws-elastic-beanstalk-using-aws-codepipeline-part-1\/","url_meta":{"origin":640,"position":2},"title":"How to set up a continuous deployment pipeline to deploy versions of an application on AWS Elastic Beanstalk using AWS CodePipeline (Part 1)?","date":"November 24, 2021","format":false,"excerpt":"Do you have concerns about managing and deploying web applications? With AWS Elastic Beanstalk, you can launch your full web application in just a few minutes by simply uploading the code. Starting with capacity provisioning, load balancing, auto-scaling, and application health monitoring, this service will take care of the whole\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"AWS Elastic Beanstalk - Workfall","src":"https:\/\/i2.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/CoverImages_1200x628px-6.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":593,"url":"https:\/\/learning.workfall.com\/learning\/blog\/authenticate-windows-ec2-instance-aws-managed-microsoft-active-directory\/","url_meta":{"origin":640,"position":3},"title":"How to authenticate Windows EC2 Instance using AWS Managed Microsoft Active Directory?","date":"November 11, 2021","format":false,"excerpt":"Currently, 95% of enterprises use Active Directory for authentication. Adopting cloud technology successfully necessitates taking into account on-premises IT infrastructure and applications. Active Directory architecture that is both reliable and secure is a vital IT infrastructure basis for businesses that run Windows applications. The directory service can be hosted in\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"Authenticate Windows EC2 - AWS","src":"https:\/\/i0.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/Directory-service.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1494,"url":"https:\/\/learning.workfall.com\/learning\/blog\/amazon-eks-clusters-locally-on-aws-outposts\/","url_meta":{"origin":640,"position":4},"title":"Amazon EKS Clusters Locally on AWS Outposts","date":"October 25, 2022","format":false,"excerpt":"AWS recently announced the availability of Amazon EKS local clusters on AWS Outposts. It means that now users can run the Amazon EKS cluster entirely on Outposts, including the Kubernetes control plane and nodes. To make things easier, AWS now allows you to host your entire Amazon EKS cluster on\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"Amazon EKS Clusters Locally on AWS Outposts","src":"https:\/\/i1.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2022\/10\/Cover-Images_Part2-1-2.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":542,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-create-on-demand-backups-and-restore-the-backup-for-amazon-rds-using-aws-backuppart-1\/","url_meta":{"origin":640,"position":5},"title":"How to create on-demand backups and restore the backup for Amazon RDS using AWS Backup(Part 1)?","date":"November 10, 2021","format":false,"excerpt":"When we are using various data services like RDS, EBS, EFS, and DynamoDB to store data in the AWS Cloud, we also have to use some kind of backup solution to meet the data retention requirements. We need a centralized and effective solution for scheduling events like CloudWatch events, cleaning\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"AWS Backup","src":"https:\/\/i0.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/backup1.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/posts\/640"}],"collection":[{"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/comments?post=640"}],"version-history":[{"count":5,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/posts\/640\/revisions"}],"predecessor-version":[{"id":1806,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/posts\/640\/revisions\/1806"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/media\/1670"}],"wp:attachment":[{"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/media?parent=640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/categories?post=640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/tags?post=640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}