Tutorials AWS Mastery for .NET Architects

CloudTrail: Auditing your infrastructure changes

On this page

Who changed what?

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

1. The Audit Log

CloudTrail records every API call made in your account—whether through the Console, CLI, or an SDK. This includes 'Who called it', 'When', 'From which IP', and 'What parameters'. This is your 'Black Box' flight recorder.

2. Security Analysis

If you suspect a breach, CloudTrail is the first place you look. You can see if an unauthorized user tried to change a Security Group or delete an S3 bucket. You can also set up **CloudWatch Alarms** to notify you instantly if someone calls a sensitive API (like DeleteVpc).

3. Architect Insight

Q: "Should I keep CloudTrail logs forever?"

Architect Answer: "Enable a **Trail** and store the logs in an **S3 bucket** with a **Lifecycle Policy**. Archive them to Glacier after 90 days for cost savings, but keep them for at least 1-7 years depending on your industry regulations. Audit logs are useless if you don't have them when the regulators come knocking."

Questions on this lesson 0

Sign in to ask a question or upvote helpful answers.

No questions yet — be the first to ask!

AWS Mastery for .NET Architects
Course syllabus
1. AWS Global Infrastructure
2. Compute for .NET
3. Storage & Databases
4. Networking & Content Delivery
5. Security & Compliance
6. Messaging & Events
7. Monitoring & DevOps
8. Optimization & Scale
Toolliyo Assistant
Ask about tutorials, ebooks, training, pricing, mentor services, and support. I use public site content only—not admin or internal tools.

care@toolliyo.com

Need callback? Share your details