# CloudTrail ## Essentials * An API logging service that logs API calls made to AWS * It does not matter if the API calls came from the command line, an SDK, or the console * All created logs are placed into a designated S3 bucket - so they are highly available by default * Cross-account buckets for multiple accounts * Limit access! * Encrypted * Cloudtrail logs help when addressing security concerns, by allowing you to view what actions users on your AWS account have performed * Since AWS is just one big API - CloudTrail can log every configuration change in your account * Has to be enabled for each region ### CloudWatch Logs Integration * Sends CloudTrail Events to CloudWatch Logs * Define custom metrics and alarms * Security Group and NACL Changes * VPC Changes * Failed Console Login Attempts * Failed API Authorizations * IAM Changes --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://gitbook.nicacton.com/cloud-computing/aws/monitoring/cloudtrail.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.