AWS CloudTrail Reviews

I am working on a project where we are using Amazon infrastructure service with Lambda. We are using multiple services on Amazon. I'm working in a company where we are using AWS CloudTrail. We are using Amazon EC2 instances as infrastructure service, and we are using S3 bucket, Lambda function, step function. We have moved to DynamoDB and I'm using DynamoDB and a few databases.

For monitoring, we use Dynatrace. Dynatrace is connected with AWS CloudTrail, so AWS CloudTrail sends the notifications via SNS to Dynatrace. We get notifications, and Dynatrace will send notifications.

AWS CloudTrail is a log function that will store all logs easily for whatever services we are using on Amazon. All logs will be stored in AWS CloudTrail for 15 years, as we have the service purchased for that duration. The logs will be stored in AWS CloudTrail via S3 bucket.

In AWS CloudTrail, we have enabled CPU, disk, and RAM monitoring. These are three services we are monitoring from AWS CloudTrail. AWS CloudTrail will monitor and produce graphs. We have separate L1 teams for monitoring; they will monitor and share the information. Also, Dynatrace will receive the information, and if any service goes beyond the threshold limit, AWS CloudTrail will create an alert.

CloudTrail and CloudWatch are sister services. Both should be preconfigured internally. We only watch the dashboards because we can't go and watch each service; there are multiple servers running and multiple services configured, so we watch only the dashboard graphs. If any graph goes beyond the normal limit, we take action.

We watch the graph. If any of the graphs show abnormal activity, then immediately we dig into AWS CloudWatch and AWS CloudTrail. We check the reason by verifying the logs. The graph will show you the time period, so we go into AWS CloudWatch, filter the logs for that particular time period, and from there, we identify the cause of the issue, and then we troubleshoot.

API is a main element that allows us to connect AWS CloudWatch to AWS CloudTrail and AWS CloudTrail to Dynatrace. That connection is done via API. By API, everything is integrated. The integration part is managed by the API, transferring information from one service to another. We are not working on the API; the configuration team, the cloud operations team, they take care of it.

I'm satisfied function-wise with AWS CloudTrail; only the integration with third-party solutions is a point for improvement.

We are actively using the solution.

I rate the stability of AWS CloudTrail as an eight.

AWS CloudTrail setup is simple. While creating EC2 instances, some of the AWS CloudWatch and AWS CloudTrail settings are preconfigured. Most things are preconfigured. That's what I appreciate about AWS CloudTrail because when creating EC2 instances, logs are generated. By creating EC2 instances, you can enable AWS CloudTrail with a tick mark, which makes most of the configurations automatic. That part is very user-friendly.

Compared to other products, I believe AWS CloudTrail is the best for AWS. If we consider AWS CloudTrail, we are sticking only with AWS. For Azure, they work solely on Azure; thus, we can't compare AWS CloudTrail with others. Azure is generally considered the first choice in comparison, and GCP has its own platforms.

I am a system admin and site reliability engineer. We work closely with the DBA team. While patching, we have to patch the server where the DB servers are. We patch DB servers also, and we are in touch with the DBA. We see the cluster; the DBA is always in a cluster. They will do instance by instance, they will remove the server from the cluster and allow us to patch. Then they add the server back and they monitor it.

We maintain high availability; if any resource goes down, immediately a ticket is raised, and we troubleshoot the issue. I'm not a DBA specialist. The DBA works on the DB. My work is to monitor the DB servers continuously. I'm not going to write any queries for monitoring purposes. As a technical architect, my work is to maintain the server running continuously. We write some scripts for management.

After three months, data is moved from S3 bucket to Glacier, according to our created policy. All logs stored in an S3 bucket, that information is triggered via Lambda. It is integrated with Lambda function. If any issue goes beyond, Lambda gets triggered. We have configured Lambda; it triggers and sends an SNS notification to us. Even if we are not watching the dashboard, we will get notifications via SMS and email services. SMS and simple mail services are already configured.

Dynatrace is a full stack service that supports EC2. It supports infrastructure services as well as all services we can connect with Dynatrace. We have Kubernetes, Docker, and EC2 instances, and all heterogeneous services are connected by Dynatrace. Dynatrace not only logs but operates on service levels and host levels. We just need to install OneAgent software. Once OneAgent is configured, Dynatrace takes complete control of the information.

AWS CloudTrail is a log, so we are not watching AWS CloudTrail directly. The AWS CloudTrail APIs are integrated with Dynatrace. From the Dynatrace dashboard, we monitor for any issue going beyond the limit; first, we watch the Dynatrace logs. In turn, Dynatrace is connected with AWS CloudTrail. If we click the logs inside Dynatrace, it directly links to AWS CloudTrail.

Dynatrace is a third-party tool that gives support not only to AWS but also to all multi-cloud services. It is a heterogeneous tool that supports all services whereas AWS CloudTrail is limited to AWS. AWS CloudTrail only supports AWS, and Azure has its functions, GCP has their own. Dynatrace offers more flexible dashboards and services, making it more adaptable compared to AWS CloudTrail. AWS CloudTrail is mostly CLI based, with a little bit of UI interaction, but Dynatrace is more flexible.

AWS CloudTrail features a totally cloud-based deployment. I rate AWS CloudTrail a nine out of ten.

AWS CloudTrail, as the name suggests, is used for backtracking AWS console activities or finding unauthorized access, deletion, creation, or anything happening in AWS. It is used for historical tracking purposes of AWS console activities.

It is very useful when working in a large team where you need visibility into team member activities. When everyone has admin access, there will be numerous creations and deletions of AWS resources. If permissions are attached to a role used by an organization or third-party service such as Jenkins, that role should have all necessary permissions to execute Jenkins jobs daily. AWS CloudTrail can track if any policy is detached or deleted, or if a role is removed from a user group. We can filter activities by date, day, month or year.

In my recent company, I was responsible for cleaning up users after they left the company. I accidentally removed a user from user groups which stopped the company's Jenkins deployments. Through AWS CloudTrail, they traced it back to my IAM username. This served as a learning experience and demonstrated a useful case for AWS CloudTrail.

We did not utilize AWS CloudTrail's integration with CloudWatch for real-time observability. We used it for backtracking since access was already least privileged for people. With modularized access, individuals take ownership of their actions.

We make use of AWS CloudTrail's feature to send log files to an Amazon S3 bucket for long-term storage and analysis. Most organizations perform this activity because CloudWatch is integral to the AWS console where logs are generated. Third-party log generations can also be integrated. For services such as Lambda, CloudWatch integration is essential for troubleshooting errors. CloudWatch logs can be dumped to S3 for review or audit purposes. S3 features Glacier for long-term, cost-effective storage of large amounts of data.

For Lambda, we implemented Python code that would invoke AWS CloudTrail upon any AWS console action, feeding logs into CloudWatch and subsequently to services such as S3. We also had the option to receive notifications for selected service creations or destructions via email.

AWS CloudTrail can be scaled to monitor all services and provide notifications for any changes. Beyond simple CloudWatch logs, it can send targeted notifications via email or Teams integration when CRUD operations affect specific services by IAM users.

The service maintains a comprehensive trail of all AWS activities. If an account is seven years old, it potentially contains all historical data from that period. This proves invaluable during audits requiring data from several years back.

AWS CloudTrail is currently underutilized and has potential for many more use cases.

I have not experienced the Trail feature of AWS CloudTrail in tracking changes to AWS infrastructure.

AWS CloudTrail could benefit from more comprehensive documentation and broader service integration. Making it as fundamental as EC2 would increase its adoption. It is currently an underrated but powerful service.

I have been working with AWS CloudTrail for approximately one and a half years.

AWS CloudTrail does not fit directly into our architecture as it functions more as a helper service, which limited our utilization of its capabilities.

AWS CloudTrail was our first solution for this purpose, and we continue using it because it effectively meets our needs. We would only consider alternatives if issues arose with AWS CloudTrail.

The setup was completed before I joined the company two years ago. I had to review metadata and receive knowledge transfer from colleagues to understand the setup, but I did not participate in the initial implementation.

AWS CloudTrail becomes particularly valuable during audits, such as PCI DSS, where tracking historical changes and activities is crucial. The integration with CloudWatch allows for filtered logs according to specific requirements.

I would rate AWS CloudTrail a nine out of ten based on our experience, as we have not encountered any significant issues with the service.

The primary use case for AWS CloudTrail is auditing and security monitoring. AWS CloudTrail allows me to track all API activity across my AWS organization, investigate security events, support compliance requirements, and maintain visibility into changes made in the AWS environment. A recent example involved investigating an unexpected infrastructure change. A security group configuration had been modified, and I needed to determine who made the change, when it occurred, and from where.

AWS CloudTrail allowed me to quickly trace the API call, identify the user and role involved, and understand the sequence of events.

The best features AWS CloudTrail offers are complete API activity logging, multi-account audit visibility, integration with AWS Organizations, event history for investigation, integration with CloudWatch and Security Hub, S3 log activity, and compliance and forensic support.

Using AWS CloudTrail in that investigation has significantly improved my security posture, governance capabilities, and audit readiness. It provides data accountability across the AWS environment that helps me investigate incidents much faster than would ever be possible. AWS CloudTrail has reduced investigation times dramatically. Activities that previously required hours of manual analysis can now be resolved in seconds because the audit trail is readily available. It has also simplified audit preparation because evidence of AWS activities is automatically captured and retained.

I particularly value the ability to answer the questions: who did what, when, and from where. Those are the most important questions during incident investigations and audits.

AWS CloudTrail has positively impacted my organization by significantly improving my security posture, audit readiness, governance, and control capabilities. It provides accountability across AWS environments and helps me investigate incident management much faster than ever was possible.

I noticed that my investigations during incidents are significantly more surgical, more reliable, and straight to the point.

AWS CloudTrail could be improved by adding more intelligent anomaly detection capabilities, stronger AI-assisted investigation workflows, easier root cause analysis for complex event chains, and improved executive-level reporting with more built-in visualizations for user activity patterns.

I have been using AWS CloudTrail for approximately ten years.

I would recommend enabling AWS CloudTrail from day one and configuring organization-wide logging if you operate multiple AWS accounts. Store these logs securely and separately. Implement long-term retention. Integrate AWS CloudTrail with Security Hub and SIEM platforms, and regularly review audit activities. Most importantly, do not wait for a security incident to realize you need an audit. AWS CloudTrail should be considered a foundational service in every AWS environment. I would rate this product a ten out of ten.

My main use cases for AWS CloudTrail are troubleshooting, monitoring performance, and checking logs. AWS CloudTrail is primarily a log collection service. All AWS logs are sent to AWS CloudTrail, and we can analyze the logs and extract the required data from them.

The features I find most useful in AWS CloudTrail are all of its core functionalities. It is a basic service from AWS that handles any log collection and monitoring needs. If you need to monitor or troubleshoot, you must go to AWS CloudTrail and check the logs; you cannot do this anywhere else.

Everything is tracked using multi-region trail tracking. Anything that needs to be tracked or troubleshot must be reviewed through AWS CloudTrail and CloudWatch. I am not entirely certain how multi-region trail tracking helps with management, but I have never encountered any specific issues with it.

Sending AWS CloudTrail's log files to AWS S3 helps in meeting compliance requirements because if you need to retain logs for an extended period, you must send the logs to S3 for compliance reasons, such as audit logs or any other logs. These can then be moved to archive storage like Glacier to save costs.

AWS CloudTrail's integration with AWS streamlines compliance across accounts because it fulfills compliance requirements.

I do not think there could be improvements in AWS CloudTrail because I am too small to suggest anything. It is already a well-established service from AWS, and I have only been using it for the last two or three years, though it has been available for many years.

They should implement some kind of AI that can help you give commands to the AI and have it search all the logs and return results. Searching the logs is not very easy; it requires a lot of patience and hard work to find the right information in the log.

I have been working with AWS CloudTrail for almost the last two or three years.

I have not faced any complaints or problems with AWS CloudTrail. This service helps the administrator with troubleshooting. I have not faced any issues with it.

I did not evaluate any other solutions in AWS before working with AWS CloudTrail for monitoring. I have not used anything from other vendors.

The setup experience with AWS CloudTrail is very straightforward. The deployment takes only a few minutes, and we can set it up without any problems.

I have used the event history feature as well. This feature definitely supports my troubleshooting operations because these are the basic functions, and without these, we cannot trace through AWS CloudTrail logs. AWS CloudTrail is very reasonably priced. I definitely recommend AWS CloudTrail to those who are planning or considering using it; it is a must-have service in the AWS environment, and it should be used. I provided this review with a rating of 9.

Positive

I work in a security domain, and my primary use case for AWS CloudTrail is to generate logs that track all the activities in AWS. These logs are used to identify and investigate incidents related to the instances and containers within AWS.

AWS CloudTrail provides detailed logs of every event linked to movements within AWS. This allows for easy tracking of activities. It's beneficial to have a clear overview, especially for identifying incidents. However, it can sometimes be noisy, with an overwhelming amount of information. Still, if I know what I am looking for, I can easily query the necessary information from the logs.

AWS CloudTrail can sometimes generate too much information, which might lead to a lot of unnecessary data, particularly false positives. This can flood log management platforms and increase storage costs unnecessarily. Reducing this noise could be an area for improvement.

I have been using AWS CloudTrail for a little over six months.

I have not encountered any stability issues, glitches, or performance problems with AWS CloudTrail.

AWS CloudTrail is fully scalable, and I have not come across any limitations so far.

I previously worked with Smarp but have since moved to a different company where we host everything in AWS.

The initial setup is straightforward because AWS CloudTrail comes integrated within the AWS platform.

AWS CloudTrail generates logs that provide a clear picture of incidents and compliance with regulatory purposes. However, it doesn't directly correlate with return on investment.

AWS CloudTrail is a bit on the pricey side, as pricing is event-driven, leading to significant costs, especially for log storage.

I would rate AWS CloudTrail a seven out of ten for my overall experience.

I have worked in different phases and parts. I have been the consumer myself, a service provider, a consultant, and a trainer for CloudTrail.

The management events and CloudTrail Insights are valuable. The management events are useful for monitoring the compliance and standards when creating any service like an EC2 instance or S3 bucket. CloudTrail Insights provides an analysis of all events and actions taken.

More controls should be introduced in CloudTrail, especially to see the logs in CloudTrail itself without saving them in S3, as S3 starts to incur charges. Real-time log submission could be improved, as sometimes there is a lag of around two to three minutes, which should be under a minute.

I have been working with AWS CloudTrail for around five to six years.

CloudTrail is very stable, rating it ten out of ten. However, integrating with CloudWatch sometimes faces issues, like events being sent with a lag.

CloudTrail itself does not have any inherent scalability features; it logs events and sends them to other services.

The initial setup is relatively easy, rating it eight out of ten. It takes around ten to twelve minutes to deploy CloudTrail for the first time.

CloudTrail is a very cost-effective solution. It can be rated three or four on a scale where ten is the most expensive price.

Customers should have a professional person configure CloudTrail. Hiring a non-professional at low prices can lead to configuration issues. Hiring a proper professional is advised.

I'd rate the solution eight out of ten.

I use AWS CloudTrail to monitor the API calls to the service and to see who has been connected. Whenever somebody logs in, I utilize CloudTrail to ensure that I receive notifications through SNS for our notification service.

AWS CloudTrail has significantly improved the monitoring of API calls within our network, allowing us to keep track of logins and access to our services. It is a straightforward solution from AWS that helps integrate well with any service we choose, thereby improving our workflow.

One of the most valuable features of AWS CloudTrail is its ability to track and monitor API calls detailedly. Whenever somebody logs in, I receive a notification via CloudWatch. It integrates easily with other AWS services, providing a comprehensive approach to monitoring and security. This straightforward solution by AWS greatly enhances our workflow.

Right now, AWS CloudTrail is perfect. I have not experienced any challenges while using it.

I have been using AWS CloudTrail for one year since I joined this company.

AWS CloudTrail is stable. I have never had any issues with bugs or system breakdowns.

The initial setup is straightforward and easy to handle.

The cost depends on the volume of logs generated from various services. So, depending on how many logs are gathered, it could vary from being cheap to expensive.

I would highly recommend AWS CloudTrail to others. It is the best service to monitor your infrastructure. I would rate AWS CloudTrail nine out of ten.

Some use cases with AWS CloudTrail include monitoring services running within your AWS environment, ensuring they function as expected. With AWS CloudTrail enabled, you can track who is logging in and out, access logs, and perform accounting and auditing of services and networks to monitor user activity and access to information.

In one specific scenario, we encountered a situation where a terminated employee still had access to our environment without our knowledge. With AWS CloudTrail, we could track and monitor the employees' activities, revealing that they were downloading specific files from our customer's environment. Without it enabled, we wouldn't have been aware of this.

We can use it to trigger Lambda functions for authorization and terminate unauthorized access. Integrating it with Amazon Simple Notification Service also allows us to receive alerts when specific metrics are reached, helping us take prompt action when needed.

For example, if a server exceeds its limit, we get notifications. This helps us act fast, like adding more servers or adjusting resources. Also, if someone unauthorized tries to access it, we get alerts. For example, we know immediately if a terminated employee tries to get in.

Once the organization defines its policies, it must immediately enable AWS CloudTrail and integrate it with auto-remediation procedures using Lambda functions. This ensures that the main administrator can receive information quickly and on time without delay. 

I have been working with the product for ten years.

Except AWS is down, and then you have the tool going on. AWS guarantees it. In the past three years, AWS has gone down about twice. So once it goes down, we don't have that service available to monitor any infrastructure in that region.

On a scale of one to ten, I would rate the tool's scalability a ten. Since it is an AWS product, it automatically scales based on the volume of logs flowing into the environment. It operates under a serverless management model on the AWS side

I would rate AWS customer service at around eighty percent. However, this rating varies depending on whether you have the enterprise support package. Without it, you're around fifty percent, but you're at eighty percent with the enterprise support package, which requires an additional cost.

The tool's initial setup is not complex. It depends on the tools you are using. The process is straightforward whether you are using CDK, the portal, or the command-line interface.

AWS CloudTrail is free.

I highly recommend enabling CloudTrail because it keeps an eye on your environment when you're not looking. There's no case where I would say customers should not enable it because it's not something that you're paying for upfront. If it does activate, you might have to pay for things like Lambda functions, but it's worth it. This is especially important now with so many potential security risks. AWS locks logs for 90 days, but now you have them available indefinitely. However, keep in mind that storing these logs can incur costs.

I rate the overall product a nine out of ten.

We use AWS CloudTrail as a complete data centre. It is working on a cloud. We have different operating systems. We have completely deployed in the cloud.

There are requirement variations depending on the organisation and their specific needs. There are fundamental concepts related to deployment, AWS, and computing that must be understood. Support is available based on the individual's knowledge of computing and their ability to handle cloud technologies.

CloudTrail is available 24/7. There is no downtime and administration is very simple. The single window console has so many features.

The most valuable aspect of AWS CloudTrail is its availability within the IT environment, making it effective for any customer regardless of PAM or outside.

The solution is very expensive.

I have been using AWS CloudTrail for three years.

The product is stable.

I rate the solution’s stability a seven to eight out of ten.

More than 100 users are using this solution. The solution is used 24/7 and we are planning to increase its usage.

I rate the solution’s scalability an eight out of ten.

AWS doesn't require involvement from IT personnel. Its necessity depends on technical factors, such as DCP, and other considerations. Based on the policies we maintain, technical support teams are required.

Positive

When considering other options, there are many service providers offering cloud computing and data centers. We explored providers outside our country. These were the solutions available. However, when it comes to AWS, it stands out as superior due to its managed data centers, especially regarding cybersecurity.

The setup experience was very bad. Initially, when we began migrating our teams and configuring systems like AWS CloudTrail, we encountered some complications. Understanding the administration and navigating access loops resulted in numerous emails. However, after three or four years of experience, we understand the platform. Five to seven people including support are required for deployment.

I rate the initial setup a six out of ten, where one is difficult, and ten is easy.

The third-party integration servers are very good, with no issues. The email solution is not currently available on cloud computing. AWS has a managed email system.

The solution’s maintenance depends on the situation. Sometimes there are critical issues like device issues, application issues, Internet issues, infrastructure issues, or HSA issues. It depends on the team, infrastructure size, and the scope of the cloud. If it is a set of three or four servers, there is no need for a team, the Microsoft support team handles it.

The product is good.

Overall, I rate the solution an eight out of ten.