# AWS CloudTrail
AWS CloudTrail is an AWS Service that records all activities performed in an AWS account (via cli or Mgmt Console or SDKs). This logging and auditing service from AWS can also be integrated in SIEM Solution for helping not only in Visibility, Incident Response, Debugging as well as fulfil the compliance requirements.
Event Logging in AWS:
As shown above, there are mainly two types of events, management events: (control plane operations) and data events (data plane operations) and both types of events will log AWS Account, User ID/Role, IP Address, Time and resource details etc.
Events from 90 days can be viewed from Event History.
Some of the things that should be considered while setting up CloudTrail
* Not all services are supported
* Only 5 trails per region are allowed
The logs collected in CloudTrail can be used with S3, Lamda, Athena and even CloudWatch for analysing, storage etc.
### CloudTrail Creation:
To create an audit trail in this service, steps can be as follows:
Quick Trail Console:
More Detailed Console:
Finally create the trail:
Event History would look something like this:
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://notes.radifine.com/aws/other-aws-services/logging-and-monitoring/aws-cloudtrail.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.