audit logs

Delving into CloudTrail events

CloudTrail provides you with an audit log of every successful API call made in your AWS account. It can be invaluable for security auditing, as well as answering general questions such as “who started this instance and when?” The chief drawbacks are that it produces a large number and variety of events, making analysis challoenging. However, a search engine such as Elasticsearch with Kibana lets you explore your audit log using simple filters and search terms.