Testing ProfessorMulti-Cloud Guidebook · AWS

Management & Governance

AWS CloudTrail

Audit log of every API call in your account.

Overview

CloudTrail records management events (and optionally data events) for compliance, security investigation and operational troubleshooting.

When to use it

Always — enable an organization trail to S3
Investigate who deleted that resource
Compliance evidence

Setup

Create an organization trail → encrypted S3 bucket + CloudWatch Logs.
Enable Insights events for unusual activity.

How to use

Lookup events

aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=DeleteBucket

QA use cases

Verify automation roles only perform expected API calls during a test run.