Question 1

What's the difference between AWS CloudTrail and Amazon CloudWatch?

Accepted Answer

CloudTrail records AWS API activity (who called which API, when, from what IP, and whether it succeeded). CloudWatch is primarily for metrics, alarms, and operational logs from applications and AWS resources. In practice, you often send CloudTrail events to CloudWatch Logs to create alerts on specific API actions.

Question 2

When should I use CloudTrail?

Accepted Answer

Use CloudTrail whenever you need an audit trail of activity in AWS: security investigations, compliance evidence, tracking configuration changes, and detecting suspicious behavior (like unexpected IAM changes or disabling security controls). Most organizations enable it by default for all accounts and regions, then add alerting for high-risk actions.

Question 3

How much does CloudTrail cost?

Accepted Answer

Pricing depends on what you enable and where you send logs. CloudTrail typically includes a free tier for basic event history, while delivering events to S3/CloudWatch Logs, enabling data events (like S3 object-level or Lambda invoke events), Insights, and long-term storage/analysis can add cost. Main cost drivers are the volume of logged events (especially data events), CloudWatch Logs ingestion/retention if used, and S3 storage plus any query/analytics tools you run on the logs.

CloudTrail

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

See CloudTrail in Action

AWS Education Platform for Schools

Hackathon Entry: Homesharing Platform for Room Listings and Rentals

AWS Primary with Azure Cross-Cloud Backup StrategyF

Baraza SACCO The Saga Pattern (Distributed Transaction Management)

Explore More Cloud Computing Terms