Security at Scale: Logging in AWS
The logging and monitoring of API calls are key components in security and operational best practices, as well as requirements for industry and regulatory compliance. AWS CloudTrail is a web service that records API calls to supported AWS services in your AWS account and delivers a log file to your Amazon Simple Storage Service (Amazon S3) bucket. AWS CloudTrail alleviates common challenges experienced in an on-premise environment and in addition to making it easier for you to demonstrate compliance with policies or regulatory standards, the service makes it easier for you to enhance your security and operational processes.
This paper provides an overview of common compliance requirements related to logging and details how AWS CloudTrail features can help satisfy these requirements. There is no additional charge for AWS CloudTrail, aside from standard charges for S3 for log storage and SNS usage for optional notification.