AWS CloudTrail is an account management tool that records user activity and API usage in AWS services. CloudTrail stores various types of events as logs in an Amazon S3 bucket, and provides various services that allow you to track, aggregate, and analyze the data.

In this lab, you will explore the offerings of the AWS CloudTrail service. You will review and track activity with CloudTrail by observing the event history dashboard and creating a trail. You will also aggregate specific data events into an event data store to form a CloudTrail lake.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

• Access CloudTrail Event history to look up and filter management events
• Create a CloudTrail Trail to log S3 data events
• Apply advanced event selectors to scope event criteria
• Aggregate CloudTrail events into an Event Data Store
• Form and query a CloudTrail Lake

Intended audience

• Candidates for the AWS Certified Security - Specialty certification
• Cloud Architects
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• AWS CloudTrail

The following content can be used to fulfill the prerequisites:

• AWS CloudTrail: An Introduction

Updates

March 4th, 2024 - Resolved CloudTrail issue

February 1st, 2024 - Updated screenshots and instructions to reflect the latest UI